Everything that can be off is off.
Screenshot_20250519_045529.png

Something doesn't fit. When I have the solution, I'll let you know.

Yes, unfortunately the tsunami of spam that happens if we disable that filter makes the forum basically unusable. 😞

@NGUSER6947 no creating a vpn does not force traffic through it.. so you are remote to this pfsense right - just vpn into pfsense, and then telnet to what you want to telnet to.

You can setup your vpn to be as restrictive or open as you want - you could allow access to anything, or you could limit to only this telnet devices IP on telnet port.

Another way less config needed would be to port forward to this telnet IP on pfsense wan, but only allow your specific source IP.. If you know the IP where you will be coming from.. This would be secure, but not as elegant of a solution. And the traffic over the internet would not be encrypted inside a vpn tunnel.

Another way to skin the cat would be to ssh to pfsense wan, then telnet from pfsense to the telnet box. This would be encrypted over the internet.. And if you only allow public key auth to ssh on pfsense, this would be pretty secure.. Still not as good a vpn setup, you could limit to your source IP as well, etc. To prevent spam noise of boxes hitting ssh, changing the port would cut down on log spam as well.

But the best solution is setup vpn to pfsense.

@b3rt see my edit of above post, there are some tools you could try ;) but once you had hacked the iot os to trust your cert - you wouldn't have to do that in real time or anything.. You would then really own all its encrypted comms. Until its firmware was updated, etc..

@johnpoz I think that has everything I need. Thanks! I need t get more familiar with the documentation.

If you're running pfSense as a VM on Proxmox (like I am), you'll likely go through multiple reboots with no problems... then one day it will just happen. Not sure exactly the cause... I assume something more than dumb luck triggered it to happen... 🤷 Either way the fix was simple enough in my case.

Power off then on (or "reset") the VM while viewing the console via Proxmox UI When you see the initial Proxmox BIOS boot/splash screen, press F2 to enter it Go to "Device Manager" >> "OVMF Platform Configuration" Update the "Change Preferred" value to a more common (if there is such a thing) resolution value E.G. 1024x768
In my case the original value was 1280x800 Select "Commit Changes and Exit", then back out to the main BIOS screen. NOTE: Make sure you "Reset" when exiting the BIOS... not "Continue". This forces the new configuration to be applied and will be seen by pfSense

That should do the trick.

@chpalmer thanks, 05/17/2025 this helped me!

Hi everyone,

I'm glad that a few thoughts have come together after all.

Sure, if I have access, then it's over. But that's also the point, so that you can make entries.

I actually imagined it to be like “Hollywood”.
Or rather scenarios along the lines of Stuxnet.

What is possible if you have the option of connecting a stick briefly.

However, if in any case, even if you extend the scenario and you still have a keyboard with you and the menu in your head always needs a restart, this is conspicuous at the latest.

Thank you and I am now quite relaxed.

@stephenw10 I understand the conflict.

If Netgate contributes to the open-source project, maybe this is an effort where it can contribute, namely, end-user comprehensible error messages.

If that's "too hard" then solve it with documentation: initiate an error messages and codes section of the user manual which lists the error messages, then what it means and directions to take for recovery.

As it is, customers are left thrashing around with support, or this forum, often at Negate's direct or indirect, uncompensated, expense.

For instance, DEC had the OpenVMS error messages and codes manual, which was helpful to the customers.

It seems to me we've regressed since then where error messages appear to have been made up on the spot by the developers and are substantially meaningful on their face mostly to developers.

Customers support the business. Making their life harder makes the business' life harder. Is that what business leadership wants?

Example:
https://www.digiater.nl/openvms/doc/alpha-v8.3/ovms_archived/OVMS_MSG_REF_AL.PDF

So do you see the DoT states on Comcast only?

Are you sure this is actually a DNS problem?

Is the client actually using pfSense for DNS? It could be be using DoH directly for example.

Ah, OK.

So if you have enabled: Enable NAT Reflection for 1:1 NAT and Enable automatic outbound NAT for Reflection it should work.

Try to open something that should be forwarded then check the states. You should see the NAT states on both interfaces applied to make the reflection work.

Then I wouldn't worry about it.

@dutsnekcirf said in eMMC appears to have failed after only 5-6 months of use.:

I've suggested that she purchase an 1100 series router as a replacement

The 1100 also has eMMC memory and therefore the same issue can occur.

Install the SATA SSD only after your check with Netgate support if you still got warranty.

Mentioned in the Netgate doc: Optional M.2 SATA Installation:

"The 42mm standoff cannot be moved without disconnecting the thermal paste between the processor and the heat sink. This is not supported and may void the warranty."