Oh, man. That's not good.

I thought for a second to initiate rsync job from the remote host but I remembered about this one time rsync on a target macOS was too old (no surprise there) and it failed one of the options—so… it's required on both ends.

Thanks again everyone. I'll go with scp, it has to be there. The good thing is that it's only a handful of files that have to be overwritten anyway triggered by a successful task, e.g; successful cert renewal. There is no need to compare files or anything like that.

I'd like to share it when I'm done (almost there, as soon as I simplify error checking) so I don't want to script an install because I think that would be too invasive.

@stephenw10 Thanks!

No packages are not covered by TAC Lite. But this seems like a bug anyway so opening a bug report is correct way to go.

@stephenw10
@SteveITS

It seemed a weird issue, I could navigate to the bbc.com, apple.com but netgate.com and this forum I could not resolve. I could ping those addresses.

I unticked the DNSSEC support, which gave me the above results.

So, just for laughs and giggles, I Factory Reset pFsense and manually inputted the barest setups and went and unticked the DNSSEC support button and ALL was GOOD. Could get everywhere.

Am assuming that since this has been an old setup that I have added and added (for over 10 years), that along the way there is something not quite right, an issue buried long ago that has now bitten me on the bum.

So, am going to take this opportunity to (almost) start again, I've been able to re-import restore areas, such as OpenVPN (although I need to add new user certificates ).

Oh well. Thanks all for your kind help!

Ian

@dobby_ said in Cut's in streamed music?!:

@furom said in Cut's in streamed music?!:

No disconnects, and well, atm I have pfBlocker installed, but this started a long time before I recently installed that.

Perhaps other packets installed?

Snort with some rules affecting that behaviour Squid and ClamAV and not checked don´t scan "streams" Squid set up to pass through streams from audio and/or video in pfBlocker-NG the servers for the streaming into a whitelist perhaps?

Thanks for good suggestion! This started before I even knew I could install any sort of packets on pfSense, so I must assume it is not the setup in itself...?

Hmm, I'm not sure how to show that per interface. Possibly some combination of netstat -i and netstat -Q

Solved it.
There was a repo defined in my list - found at /usr/local/etc/pkg/repos/

Deleted the repo and i was able to bring down a list.

I knew there was an issue when i ran the following command from the shell:
pkg clean -ay

@lewis said in UDP with haproxy:

From all that I've found, I suspect there is no way of doing this.

You found the answer, hooray!

@amar-tataelxsi

ISP -- ONT -- ISP Router 192.168.1.0/24 -- pfSense WAN Port
with static IP 192.168.1.5/24 --- switch --- lan devices

On the WNA settings you should uncheck the privat IP addresses and all should be fine On the ISP no DHCP On the pfSense DHCP for LAN

PPPoE will be done at the IPS router and you will get the benfit on top that you can use multicore at the wan from
the pfSense and that means, more cpu cores = more wan queues and so more or higher wan speed!

@violetdragon

I have an APC UPS and APCUPSD works fine here.

Bandwidthd would not work well, barely would load for me. I have ntopng and traffic totals. I see that today, something downloaded 5.5GB of data and no one has been on the internet expect to check weather and these posts.

I cannot find how to look to see what device today in ntopng has downloaded that data and what kinda.

If you look at this screen shot, WAN Rx has 2.5GB and CAMLAN Tx has almost that much. I thought Tx was transmit? I did log on around 1PM to download 2 updates for the NVR software, one of which I don't know how large it is. Also, of note, I used Remote Desktop Connection to remote into the NVR system from LAN VLAN. Is it possible that this tool is measuring traffic from CAMLAN to LAN traffic?
tstats.PNG

You should be able to attach it.

We need to see at least the backtrace and panic string. The message buffer leading up to it is usually helpful.

Steve

If you're running 23.01 the stable branch is currently the only thing you should see offered. The dev branch (23.05) is not made public until it is stable enough. Currently we are still committing code that may break it entirely between snapshots!

Steve

@dobby_

The users want to access the server for file sharing and other resources. Although this will serve as a web server, it's intensions are also to serve as internal server.

Hmm, never mind, I poked around other logs and see

Mar 31 11:42:22 syslogd kernel boot file is /boot/kernel/kernel Mar 31 11:42:21 syslogd exiting on signal 15

...so apparently there was a reason it stopped logging. Just not a good one.

I wouldn't expect the ppp log to show anything further.

If you can replicate it easily it would be interesting to have two crash reports.

Steve

@ernestostvo I'll never do another survey for Netgate again - including the current one going around.

@stephenw10 said in SAP (business application) disconnecting:

You can just set the firewall optimisation to conservative to increase the state timeouts:

https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-optimization-options

A TCP keep-alive would be something inside the VPN which I assume is from your client on OPT to the remove Zscaler device directly.

Steve

I'll follow those instructions, thank you!

@michmoor I set it to transparent and it's good to go. I kept thinking maybe a container or FreeBSD jail was running that connected to something. But the transparent mode fixed it.