@stewart said in Can't get notifications on 1 firewall to work with Office365:

@bmeeks We have 60 units in production. They are about 75% static / 25% DCHP. That could work for some but not for others. Did you try using an app password?

It's been several months back, but I am pretty sure I tried the app password route and it would not work with the new Office 365 security settings. Microsoft's goal is to completely shut down simple password authentication for SMTP including app passwords.

You can postpone the inevitable for a short time by not turning on multifactor authentication, but eventually you will get forced over to MFA and lose simple password login.

Thanks Gertjan! I have turned it off.

Yes, that's what I meant.

If you're using the CLI and have not recently opened the dashboard you might need to run pfSense-upgrade to pull a current cert before running pkg update.

Steve

Do you have a crash report?

We can usually see what's happening just from the backtrace and panic string contained in it. Neither of those have anything you shouldn't post publicly.

Steve

Reading between the lines I expect to see no IP address on vmbr1.

IP B should be assigned to the pfSense WAN directly.

I assume IP A and IP B are in the same public /24.

Steve

@stephenw10

Seems to be working fine so far. As you said, just making sure that specific devices have their gateway set to the correct firewall for I/O to Internet.

Devices are able to communicate internally so it's kind of a nice simple setup for adding bandwidth in an environment with a number of limitations.

Exactly the same php error?

Undefined function errors like that are more often issues with the upgrade itself.

@rcoleman-netgate I'm not too worried about getting into the device. Usually there's a sticker on the bottom with the password; or the default password can be found online somewhere.

At this point, that location is back online, and the IPsec tunnel is working. While I "could" use the IPsec tunnel to access the modem, I'm not willing to risk it while remote. I'll switch it next time I'm onsite.

@stephenw10 SORTED, THANK YOU!

@murdof said in pfsense plus crash:

Maybe there is a filter or technical term to acknowledge that this is fine (apparently it isn't) or should I just remove this AP from my network?

If it's something known and expected you can disable logging ARP movements. See:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/logs-arp-moved.html

Big thanks' to all for useful tips!

Still no router to host so either there is no route somehow or it's resolving to some IP that's incorrect.
Make sure it's actually resolving as expected:

[23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg00.atx.netgate.com pfsense-plus-pkg00.atx.netgate.com has address 208.123.73.207 pfsense-plus-pkg00.atx.netgate.com has IPv6 address 2610:160:11:18::207 [23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg01.atx.netgate.com pfsense-plus-pkg01.atx.netgate.com has address 208.123.73.209 pfsense-plus-pkg01.atx.netgate.com has IPv6 address 2610:160:11:18::209

Then run it with -d4 to get debug output and test over IPv4.

Steve

@johnpoz That drawing is still valid for when I was testing the bridge.

I just mentioned (off-topic) that I also tried to migrate the APs to wired backhaul, but that didn’t go well either. I decided to give up on those and redo my network completely (except Netgate).

@steveits @stephenw10

Actually, it turned out not pfSense's fault but a Mikrotik that's my LAN boss...in an attempt to mitigate a triple NAT situation from using the T-Mobile's gateway, I turned off NAT on the Mikrotik losing established routing; so, rather than messing with setting routing manually, I enabled it and smile with my triple NAT.

Thanks Steve!
This appears to be definitely related. Setting all dev.hwpstate_intel.%d.epp=95 seems to have affected temp readings and brought them within more reasonable levels. I will educate myself more on this.

I am in the lab today and will explore bios settings.

Warm regards,
Mark

I've just encountered this issue setting up my remote logging for the first time. Using Syslog-NG, I had to include 'create_dirs(yes)' in my syslog-ng.conf file.

Example:

destination d_remote {
file("/var/log/remote/$HOST/$YEAR/$MONTH/$DAY/syslog.log"
create_dirs(yes));
};

Cheers!

@shocko if you go to https://www.pfsense.org/download/ and do Not select an architecture, and click Download, you’ll see the last couple versions. Which will get you the same file. :)

@stephenw10
Thanks，i've already solved the problem.
Forget to lanuch the gateway opposite my local net caused this error.

@stephenw10

When following DoT procedure base on netgate.
All alliases having dynamic name to resolve, get an response from dnsfilter « failed to resolve host - will retry again later ». Some of them does resolve bost most part failed completly ans then, at a point failed all.

When chanching aliases to url ip table , no problem occur.

If i remove all DoT everything work as expected

Note : i have arround 140 dynamic name to resolve.

Hope help

Behavior apper on sg-3100, sg-8200 pro max. And all other device

Version 22.05 not affected
Version 23.01 affected

Thank’s

Hope helps

stephen, your last message prompted me to look at my BIOS boot priorities again.
The 1st Boot Device Priority was UEFI OS as expected. 2nd - 6th Boot Device Priorities were disabled.
However, under Network Device BBS Priorities, there were 4 entries for Intel Boot Agent (IBA) ports. I had these disabled at some point but some how that reappeared. I disabled all 4 entries and the IBA (CTRL+S) setup messages disappeared during boot up.

I did briefly remove the Quad port NIC while doing some other activities. I suspect that the Network Device BBS Priorities were enabled when the card was reinserted into the slot.

In any event, many thanks for helping solve this issue!