Mmm, that is probably the way to go. Those scripts are expected to be run as root. Curious that it changed in 24.11 though.

@stephenw10 this is what I was looking for thanks a lot

I haven't been able to replicate this so far. Changing the name of the WAN or editing other values on it doesn't by itself appear to cause a problem. It must be some combination of things or some unique config. 🤔

If its actually being used you would see a bunch of logs indicating the new device when that module is loaded.

Well yes.
Where is pfSense running in that case?

If it's in AWS then you need to use the elastic IP assigned to it there. I had thought you were using the AWS VPC wizard remotely.

@stephenw10 Got it. For some reason it didn't like Brave (my usual browser).

Switched to ungoogled chromium and it worked fine. Restored my backup and I'm waiting currently as it reinstalls packages.

Thanks for your help.

@zennb1 Cool, now all you have to do is try to figure out a use case for 8 Gbit.
I can't say I have found any clear live use for my 10G connection... The best I think I have seen from Steam or Battle.net is 2.5-3 Gbit, but most of the time it's below 2...

For consumers, I think 2.5 may be a good top tier option, also because 2.5G switches and devices are so much more affordable.

@viragomann i do really appreciate your help 👍 😊
finally it worked for me.
my problem was in the port 8080 with TomCat apache, i just changed the port to 8081, reboot the server, and its worked.

by the way, it's working on both as Action & Backend pass thru just fine

again, thanks a lot @viragomann

Hmm, well that shouldn't happen.

Can you make a manual backup successfully? In Services > Auto Configuration Backup > Backup Now?

Hmm, so to be clear it tried to upgrade and then you ended up with no branches showing and the pkg error from repoc?

And after removing some packages repoc returned cleanly and the pkg repo branches returned?

How many packages did you have installed?

The bug that should be fixed in 24.11 was caused by the package list sent by repoc being so long it overran the allowed size.

What do you see? Anything?

You see the virtual com port when you connect the USB cable?

@EricAiken
Not really clear, what you want to achieve.

Created a CA
Created a server cert
Created a RAS user. (using that CA)
Created a openvpn server. using the CA and the server cert

After you did this properly, the clients, who have assigned certificate issued by this CA should appear in the client export. If they don't recheck the certs and server settings.

Tried creating a client, but only get peer-to-peer options.

OpenVPN Clients on pfSense are ever meant for peer-to-peer connections and have nothing to do with the client export. The later is only for users who are entitled for a remote access servers.

Testing it with as basic a config as you can would be a good test. Hard to imagine it using enough additional power over 24.03 to trigger a PSU issue though.

AFAIK you would need to use radius to do it. Radius can auth against LDAP but that may not work with 2FA since as you say it needs to see the password a user submits as it contains the additional auth code.

If after upgrade it shows as revertable then it was in the upgrade and you should just remove the patch without reverting it.

@JKnott said in What does WAN monitoring do?:

If the WAN fails, what mechanism is there, in pfSense, to force change?

It will change the default gateway (default route) and hence anything using that. If you have set the default gateway to a failover group it will use the gateways from within that. If it's set to automatic is just uses the next gateway that is UP which can be an issue is that is, say, a VPN.

If you're policy routing traffic you can set a load-balance or failover gateway group and pf forces traffic via that as states are opened. If a gateway is marked down it is removed from the group.

The increased CPU usage is probably due to change in the gui reload process. See: https://forum.netgate.com/post/1191398

@eagle61 Thanks for the heads up, will definitely keep it in mind. Haven't managed to get IPv6 working yet, so strong chance it isn't support, but will keep checking.

@JonathanLee, @MatthewA1 Thanks!

I updated to 24.11 and noticed that we now have authenticated NTP key setting in the GUI (Services->NTP)!

cb02144e-92fd-48b7-89f4-02002b845551-image.png

For those using NIST servers, I tweaked the following settings. I'm not 100% sure I needed to click "Prefer".
1e01b44d-883d-43f7-95ff-a948405c3859-image.png

I finally took the leap and used the Patches GUI to (re) apply the authentication status patch. Here are the settings I used.
24f29e0b-ce52-4c9b-8eec-3a00a15b5236-image.png

-LamaZ