@JKnott which is exactly what I was saying as well ;)

The correct fix for the OP problem is not to be running ntop on his wan - have no idea why anyone would want to do such a thing, it makes no sense to do that..

@mauro-tridici To be honest i set mine up to daily updates months before I started using Syslog-ng, because I thought hourly updates are unnessecary. Even on daily updates it’s rare there is changes to the lists that I use, so this is a fine compromise for me.

@bmeeks many thanks for your kind reply. sorry for my late answer.

Hmm, well that sounds like a local client issue.
Try a different client if you can.

@stephenw10 Figured this out - I hadn't selected "Request only an IPv6 prefix" and was being assigned a 2001:***/128 WAN IPv6. When I select this option, WAN now gets only an ipv6 link-local address and everything works.

@aborsic perhaps the core size is not changable through ulimit. You should be able to disable core dump generation altogether with sysctl

sysctl kern.coredump=0

@SHOTO
There is nothing that would prevent you from doing it, and it would very likely work.

You never mentioned your Inet bandwidth, or if you have multiple "local lan segments" or Vlans.
In a "Router on a Stick" solution , both Inet upstrean & downstream, and local inter lan/vlan traffic has to pass through the same IF (and IF bandwidth).

If you use your NUC/pfSense as the "only" router in your setup, aka. also serving/routing all the inside Vlans. There are some things to be aware of.

If you just use the NUC/pfSense as the "Internet gateway w. some additional VPN stuff", i'd say try it out. (Aka. still using the Netgear to serve the local lan/vlans)
If you just have a single lan on the inside, all your local traffic would be "switched" and never pass the NUC .. Go for it.

But
In a multi lan/vlan, all traffic has to pass the L3 device (pfSense), in order to traverse from one lan/vlan to another. Aka traffic would also have to pass the "single interface" twice (up & down).

The big hurdle here is the NUC IF bandwidth ...
If it's 10Gb go for it.
If it's 1GB ... It depends .....

/Bingo

At the command line run:

pkg-static add https://pkg.freebsd.org/FreeBSD:12:amd64/release_4/All/realtek-re-kmod-197.00.pkg

Then run:

echo 'if_re_load="YES"' >> /boot/loader.conf.local echo 'if_re_name="/boot/modules/if_re.ko"' >> /boot/loader.conf.local

Then reboot.

Check the boot logs to be sure the 1.97 driver version is loaded.

Steve

@DBLClick said in Assigning ipv6 address to WAN via VLAN:

are you saying, just assign a static address?

What specifically are you trying to do that requires a VLAN? If you're trying to reach your pfSense box, the address of any interface will do. Also, it helps if your ISP provides a consistent prefix, so that your prefixes don't change. Make sure you have Do not allow PD/Address release, on the WAN page, selected. And yes, enable track interface for anything that gets the prefix from your ISP.

Meant to add, I think the BE/snapshots can be done via the command line in pfSense CE. Pretty sure I saw a post from Netgate about that at one point.

@felipefonsecabh said in Make a Túnnel trought IPSSEC and OpenVPN using PFSense:

Router of External Access can ping DVC1

What source IP does it use for that?
To pass the IPSec tunnel it must be in he 192.168.15.0/24 subnet.
In which case it can only be the External Access router blocking traffic clients on it's LAN. Or potentially redirecting traffic past the IPSec tunnel?
What is that device?

Steve

@stephenw10

Thanks Steve.

It turns out it was a massive 27GB core dump which had filled the drive.

Andrea

@stephenw10 I can see the current NDI, but I don't know how to get the previous one.

I did not save it.

I have the previous Activation Token for the last NDI and the original Activation Token but never saved that NDI.

Is there a way to retrieve it?

Ok, so it's pulling a valid IP there.

Check the routes in Diag > Routes. Make sure it has a default route via the upstream router; probably: 192.168.0.1.

Thank you again for the help!

Hmm, if there's no option I'm amazed it doesn't use VLAN1. If I've understood correctly that could only pull a lease from LAN. Or should at least.

@stephenw10 said in IPsec-MB use case:

Currently there is only a user ctl for AES-CBC.

Thanks stephenw10. 👍
Hope they add this option in the future.

Yes, from there you can really only reset.

That sounds like a possible drive controller issue though if it happens repeatedly even after reinstalling. Or across multiple drives.

Yes, make sure the branch is set to 'Latest Stable'. Try resaving it as that.
Try running pkg-static -d update at the CLI and see what errors it's throwing.

I would probably just reinstall though. Better to start clean with a known good install.

Steve

The connection appearing very slow like that can be some sort of asymmetric routing problem.

Does the client you're connecting from have any other way of reaching pfSense 2? Like a wifi connection maybe?

Steve