Ah, nice!
Yeah it's very easy to get stuck down the wrong path with something like that. Sometimes you need to re-examine the problem.

Steve

Not exactly what you asked for, I do not have multiple pfSense devices here in real action.
I am using IPsec for site-2-site VPN, but because remote devices supports only IPsec v1, the VPN connection is only established by demand (I enable the tunnel in pfSense GUI).
For remote access to my LAN I use both, IPsec (v2) and Wireguard.
Wireguard is really fast compared to the IPsec, but some complain, the client is less secure when the mobile device gets lost.

With IPsec, you can specify an individual password when establishing the connection, with Wireguard all settings are stored iin the configuration. So if someone has physical access to the mobile device, he just opens the Wireguard app and is able to establish a connection.

Regards

@troubleshooting74

You need none of those.

To download an openvpn client config file, go here :
OpenVPN > Client Export Utility

and over a created user ( System > User Manager > Users ) you can select :

c7d3f740-db42-4477-937a-bbe672d4d5f1-image.png

For most of the options, the needed certs will be in the opvn file.

See here https://www.youtube.com/@NetgateOfficial/video and have a look at :
How to use pfSense Plus OpenVPN Client Import Package
Configuring OpenVPN Remote Access in pfSense Software
etc.

no one ? maybe I didn't explain good

the scenario at beginning is

1 vm with pf sense and public ip and lan

1 vm with another public ip and lan

how is possible that disabling 1:1 nat i can still get to the vm with is own public ip? no the pf sense vm obviusly

@johnpoz Thank you, I will try your idea. That is what I want, all internet to go via vpn router and no internet via lan. This is a little slower but I do not read Japanese and some sites have rules for overseas access. Thank you elmo

@orkopaede Hi! Run wireshark on the Windows machine and see if anything catches your eye. Also check Windows power-saving for the NIC you are connecting from. For some poorly written drivers, Windows tends to make some bass-ackwards assumptions about what "energy saving" vs "disrupting key functionality" means.

@gertjan said in Pfsense get MAC-Adress Manufacturer:

Oh ... lol, this is/was a 5 years old known issue ...

😁 😁 I saw the script is go moldy ... 😁 😁

@rdsmith24 also, use /boot/loader.conf.local as /boot/loader.conf gets overwritten.

@travelmore yeah that would be the new default fqdn.

If you access via IP, just make sure you add IP you use as a SAN. But you can start accessing it via the fqdn if you want as well.

I had created mine way before home.arpa was a thing.. And I use local.lan as my domain, kind of in the process of changing over.. I access my nas with home.arpa

homearpa.jpg

See my browser trusts it, and using different domain... Once you trust the ca, you can create certs it trust for any fqdn, any IP, etc.

@dobby_ from what I've dealt with and seen so far. Looks like it's going to be a while before this gets fixed. One cant fix an issue until they acknowledge it's an issue. and thus far @jimp has spent more time denying that this is an issue jumping to conclusions without enquiry
Screenshot 2023-02-26 175306.jpg .

@stephenw10 yea the WAN 4G router should no be doing any bridging as it is not in bridged mode.

I'll run a cap next time, I might have actually grabbed a cap I'll check

@mr-castoro -- No problems with my SG-1100 and DNS but I use the "Forwarder" and not the "Resolver" and I point the Forwarder to my two Pi-hole IPs. Works great that way!

Also, instead of pointing it to a Pi-hole, you could just use: 9.9.9.9, 1.1.1.1 or 8.8.8.8 or some other external DNS.

Reimaging a system (beit from a USB image for a Netgate device or reinstalled OS) will overwrite all past data including BEs.

Upgrades, factory resets, etc. will not.

@zululander you’ll have to create it as a new interface
https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration

Then use that instead of WAN. I haven’t done that myself…see if you can find a thread for your ISP. Might be better to start another thread too, so people find it by title.

@gwaitsi They can and it depends on need…we usually limit logging unless debugging something.

@stephenw10 said in pfSense Plus Home:

We have had various support models over the years. At one time we did have incidents like that but was not really viable. What counts as an 'incident' is hard to define accurately.

True, can understand that. I would have suggested some sort of "up-front" agreement and then least path to fulfill that, but way easier said than done.

@stephenw10 I think I have 250 down, so yes, should be plenty of bandwidth left. And the passin-traffic, I checked this while watching Youtube, and well, it comes really close. So don't think the 2.7Mb is what made things stutter... Almost as if someone pressed pause/play really fast (which I hope is not the case)
Once I sat on my remote, but don't think that was it this time... :D

@josephchrzempiec
Check my backup box in my sig. Has worked great for several years but just replaced by actual hardware. I use 2 cores in the VM, just figuring if one's busy, there's always the other. With only one, the GUI is way too slow. Running on a 2008 vintage quad core (my main server/workstation, lol). My new FW is an i7 (lol x2).