Cache/Proxy Forum: https://forum.pfsense.org/index.php?board=60.0

Turned out to be our UPS being misconfigured, and shutting down the server while we blamed the update… sorry and thank you for helping!

@SammyWoo:

…so I can tell right on top, aha, somebody is running an at&t DSL...

Probably better than using your family name or number.street as SSID. Knowing an ISP doesn't give you much of an attack vector.

Change the port the webGUI is listen to in System > Advanced > Admin Access.
Also check "WebGUI redirect" to disable the redirection of port 80.

Allow access to the new webGUI port only on internal interfaces.

For systems behind a firewall, this add a sensitive lag when logiing in or going to the dashboard.
It would be nice to make that call not as often as the page is loaded.

Umm, wrong post? The OP was not talking about Squid taking up too much memory. And Squid is a cache, it's supposed to cache data. If it's using too much memory, you're caching too much.

https://wiki.squid-cache.org/SquidFaq/SquidMemory

Start a new thread, probably over here https://forum.pfsense.org/index.php?board=60.0

0.0.0.0 is the source address used before a device knows it's IP address.  It's often used for DHCP requests.  You can use packet capture or Wireshark, to see where those packets are coming from and what they're doing.

Don't be so lazy and try different searches, for example:

@roncbk:

Cannot allocate memory - The line in question reads

Also a different sign of being lazy, update your pfSense install your way behind.

OK, just saw a Tweet from Deutsche Telekom that they had issues with "some" connections with static IP  ::) … Seems the problem was an external one.

@querichelli:

I need to keep WAN1 working, but test WAN2 with ping test for 1hour+, is it possible?

Whats the purpose of the Test? If your wanting to test WAN2 specifically for devices behind pfSense than the policy route via firewall rule as suggested would be the way to go. If you just wanting to see the quality of your WAN2 from ping results than I would suggest changing the monitoring IP for that gateway to 8.8.8.8 and let pfSense monitor this for you. This way you can see the current quality of your WAN2 when you login and also check the history of that link by going to Status –> Monitoring. If you haven't done so already, I would suggest doing this for WAN1 as well. In order for failover to work properly this should have already been done but maybe this isn't the purpose for your test.

Is your modem routing, if it was bridging you's see a non RFC1918 address on the pfSense WAN NIC ?

BTW my blacklist is to block shodan.io & other IP addresses.

@aagaag:

The only remaining issue is that I think that I may need to do the same for IPv6. However configuring IPv4+6 disallows the gateway options.

Naturally, IPv6 requires an IPv6 gateway. So you cannot set the IPv4 VPN gateway for IPv6 traffic anyway.

@aagaag:

I stand corrected. I do have a DNS leak. Might you be so kind and explain to me how I can ensure that traffic moving through the VPN uses a specific DNS server, and only that one?

The simplest way would be to use an external DNS server on the concerned devices.
Assuming you use the DHCP server on pfSense to configure the network on your devices, add a static mapping for all devices you're directing over that vpn. In the static mapping you can define an external DNS like Googles 8.8.8.8 or what ever you want.
Since any traffic of that devices is directed over the vpn by the firewall rule, the DNS requests also have to go over the vpn.

No, that is not possible.

The "INCORRECT BLOCK COUNT"shouldn't be there.
At least, I do not have these messages.

** /dev/ufsid/54ca20c41b3d50b0 (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts UNREF FILE I=2006402  OWNER=root MODE=100666 SIZE=0 MTIME=Apr  9 07:29 2018 CLEAR? no UNREF FILE I=26324042  OWNER=root MODE=100555 SIZE=684072 MTIME=Dec 12 20:49 2017 CLEAR? no ** Phase 5 - Check Cyl groups 27679 files, 300300 used, 74373502 free (3758 frags, 9296218 blocks, 0.0% fragmentation)

Do a fsck after rebooting - use the console access, before pfSense kicks in, so fsck can do its magic.

What switch(es) do you have?  If your wanting to isolate devices via network/vlan then its kind of must for these switches to be vlan capable.  They do not have to be expensive to do this $30 can get you an 8 port gig switch that does vlans.

Sure you can isolate your networks via different hardware, dumb switches on different interface to your firewall.  But vlans make it possible for devices in the same room to be on different networks using the same switch.

Per your like a pro comment - first step would be switches that do vlans.. You make no mention of what make and model your switches currently are.

that patch was pushed to master back in feb of 2017… What version of pfsense are you running that you would manually put in that patch?