@jimp said in Firewall Alias import bug after upgrade to 23.05-RELEASE (amd64):

I committed a fix for this: https://github.com/pfsense/pfsense/commit/217f42ec30a4008907ac6fbb65b7b2e0ebf51eb9

That is a nasty bug. Never thought I would use vim one day.

@mathomas3 said in 5G modems with Fanless Computer:

@Dobby_ The reason why I am using this solution is that my provider requires the use of their hardware... should I put the SIM into something different would violate the TOS...

Ah, ok this was not clear to me.

ix0@pci0:1:0:0: class=0x020000 card=0x7b118086 chip=0x154d8086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'Ethernet 10G 2P X520 Adapter'
class = network
subclass = ethernet
ix1@pci0:1:0:1: class=0x020000 card=0x7b118086 chip=0x154d8086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'Ethernet 10G 2P X520 Adapter'
class = network
subclass = ethernet

@captain351
So your devices are obviously using WINS for name resolution.

Why don't you move over to DNS?
Since you probably run a DHCP server on pfSense you can configure it to register the host names in the DNS server directly. So all devices would be able to resolve the host names.

@gwaitsi : we have the old versions in our environment.

@Thondwe I run my WAN on an igc interface so not sure if those tweaks have read-across to an igc port with 2.5 GbE capability. For reasons unknown my link to the ONT only connects at 1 GbE, despite my ONT being 2.5 GbE capable. I presume a limitation put in place by Openreach, at least until the >1 GbE services go live.

@Gertjan said in Why did my 4G SDD become a smaller size after upgrade?:

I get it, as I said the same thing to myself

That was interesting view of widgets. I was unaware of zfs widget (I try not to fiddle with my pfSense, it usually gets me in trouble). So I loaded the zfs widget and it shows me an entirely different view of my system (6G size on 4G sdd?). I still don't understand why my system changed from 38% of 4G to 62% of 2.7G but at least I'm relieved to know that my sdd is not weird. I better read more about zfs.

widget.png

@jimp Thanks. Running smooth so far!

That is a known issue that should be fixed on 23.05 already:

https://redmine.pfsense.org/issues/14074

@shawnmichalski see if this thread helps (as much as it can). I thought I remembered another but found this one. https://forum.netgate.com/topic/179884/hoping-for-10gbps-getting-sub-1gbps-speed-xeon-e3-1270-v5-3-6ghz/

@johnpoz said in Strange DNS behaviour:

@bmeeks I for sure wouldn't be a fan of that - when I sniff I should be be seeing whats actually going on the wire, or what is coming in on the wire - before any "filtering" of it could happen.

I'm not 100% positive that is the case in this instance, but I can see how theoretically it could happen. Depends on exactly how the packet path is altered when both PCAP and netmap are in use at the same time.

@jimp I gave up, the download speed was around 2Mbps with TOE enabled.

Thanks SteveITS and Dobby_. It appears to be an ISP issue. I plugged my laptop in and was only getting 300 Mbps. Guess I should have really tried the basic stuff first. Thank you for your time and assistance!

For the system (OS) FreeBSD

it comes from the FreeBSD team
fixes and updates or upgrades

For the pfSense itself there will be more options;

pfSense-upgrade or option (13) in console pkg update or upgrade
for the entire pkg`s such snort, suricata,.... Patch system inside of pfSense
Recommended or custom patches option Package maintainers can fix something
Available over the pkg system (updates)

What more is needed or flat Who is offering
more options? Or otherwise wich options are
beloved to see or have here on top?

pfSense 23.05 release (latest)
123-23.05 release vuln. latest.jpg

pfSense 2.7 Devel (latest)
123-2.7 devel vuln. latest.jpg

You see in 2.6 CE much patches are available and also recommended, but in 2.7 not anymore, because they are fleeting in that code of the
new 2.7 CE version.

In 23.05 Release where things also solved out
and during the installation it was also updating / upgrading the squid & SquidGuard package I
was reading something about, automatically!

And by side it is not really a point to find a vuln.
anywhere inside, it must be also able to use in the
used or installed software and does then also affect things or functions where it can be used.
This is not even present and able to use for others
and the software. For sure it may be also a thing
how things will be implemented, but if I personally trust not the coder of my firewall software, who should I trust then? And this is
the other point on the other end of the line.

If you followed all those tests and checked everything is asked you to check, something must not have matched up along the way. Something had to be missing or different vs the expected behavior.

I added a System Tunable via the GUI via System/Advanced/System Tunables/Edit

Edit Tunable Tunable: net.isr.dispatch Value: deferred Description: PPPoE single core tuning [default value=direct]

Although I resorted to the CLI just to check the setting had changed:

[23.05-RELEASE][admin@Router-8.*******.me]/root: sysctl net.isr.dispatch net.isr.dispatch: deferred [23.05-RELEASE][admin@Router-8.*******.me]/root:

I'll monitor the cpu load and any impact elsewhere.

☕️

Hmm, well that still sounds like a Windows problem. Nothing pfSense can do about that. I do recall some discussion of running the OpenVPN client as a service so it's connected before login. That should be here on the forum somewhere.

Edit: https://forum.netgate.com/post/969315