You could also check this by fitering for the public IP you're testing from in the state table (Diag > States). You should see the incoming state on WAN with the NAT applied and an outgoing state on the internal interface the DVR is connected to.

Steve

Thanks: https://redmine.pfsense.org/issues/14176

Mmm, that could be clearer. You might open a docs request with a suggestion: https://redmine.pfsense.org/

You can add a boot delay in /boot/loader.conf.local (create that file) like: autoboot_delay="120"
But you shouldn't have to. That's really only used for problematic WAN side modems.

If the firewall can connect out to remote sites from the cli but LAN clients connot it's probably a firewall rule or NAT issue at that point.

If the firewall can only reach the gateway and nothing beyond it's probably a missing default route. Make the sure the WAN gateway is set as default and not automatic in System > Routing > Gateways.

What do you do to restore access from the LAN when this happens?

Steve

@stephenw10

Yes widget is there and all was working fine.

I rebooted for good measure.

I will add my error to the redmine issue

@jegr

researcher: you have security issue
admin: how so
researcher: when I log in with root and the root password
admin: yes?
researcher: I can run any code I want.
admin: you don't say <rolleyes>

@stephenw10 it shows up as USB adapter with 10/100/1000 speed options.

Anyway i have figure it out. So as I said, I used intergrated NIC for WAN interface and USB to ethernet adapter for LAN interface. First I tried plugging in ethernet cable to my intergrated NIC Intel(r) ethernet connection i219-lm adapter on wich I had 100mbps speed.

I went testing that interface and noticed that intergrated NIC on my laptop was always the same speed (even if I pluged ethernet cable to professional switch - Juniper or just dummy switch). But if I added another USB to Ethernet adapter and pluged this one to my laptop it worked with 1Gbps.
So I went and reinstalled drivers for my laptop NIC, installed all updates and nothing changed.

I went testing on another laptop - same story. I couldnt get 1Gbps speed on integrated NIC and it worked only if I used USB to ethernet adapter for laptop.

Then the last thing that came on my mind was that i changed ethernet cable to 6a category and ... it started working on 1Gbps.

I'll do some more testing and reasearch but for now its working with 1Gbps.

Thanks for help!

I expect to see the WAN set as 81.x.x.115 with gateway 81.x.x.114.

Then you can use 217.x.x.112/29 on an internal interface directly. That could be the LAN but if you want to use one of those public IPs on a server directly you would need to use the /29 on the interface the server is on. If you only have two NICs that could be a VLAN interface.

Steve

@stephenw10 That fixed it. Thank you.

I solved the problem by reinstalling the firewall with version 2.6.0 and reloading an old backup.
But I realized that the package reinstall solution ( pkg upgrade -fy ) solved the log problem but blocked me from accessing the web page.
Thanks.

@dochy
Have you looked at : these two
https://communities.vmware.com/t5/ESXi-Discussions/NTP-Why-will-my-host-NOT-sync-time-to-the-NTP-source/td-p/2826675

https://kb.vmware.com/s/article/1005092

And this:
Please note that “An ESXi/ESX host, by default, does not accept any NTP reply with a root dispersion greater than 1.5 seconds (1500 ms).” (https://kb.vmware.com/s/article/1035833). Hence, the customer would have to add the “tos maxdist” configuration as a workaround if they want to continue using the same configured NTP servers. A flash valye of 400 can also indicate that the maximum distance threshold has been exceeded and that the tos maxdist configuration needs to be applied.

@steveits thanks! I've changed it, i'll see how it goes :)

I applied all recommended patches and so far in last 2 days see no restarts!

@gertjan Hey there! Thank you for taking the time to reply!
I figured out what happened after taking another stab at it. Manually assigning the ports did the trick. I was able to setup the router after that.

@stephenw10 said in Pfsense as client and remote wireguard server:

You are running pfSense at both ends of this tunnel?

not running pfsense on both ends of the tunnel...
pfsense is running on my home network..
remote server(oracle) is not on pfsense.

@stephenw10 said in Pfsense as client and remote wireguard server:

You can set a static route the OracleCloud public IP via whichever WAN gateway you want.

will try it and update

@stephenw10 @Gertjan
Doh! User error. I always disable the default "admin" and create another admin user, hence why I was not able to ssh as root. This is probably why my NewAdmin is not in the "wheel" group but instead in the "nobody" group.

I can't add NewAdmin into wheel group due to

But now that I have "sudo" and I understand the cause for this workaround, I'm fine with it.

I would also check the Status > Monitoring graphs to see if there is some resource being obviously exhausted.

@stephenw10 said in Package list empty after CE upgrade to Plus 23.01:

https://redmine.pfsense.org/issues/14137

Outstanding. That fixed the issue. Packages are now listed.
Thank you very much! Excellent support...

@lparker thanks for the update.
In the past, at different $WORK places, phys for NICs can get weird.
Sometimes, if you set one side fixed, say 100M, Full but the other side is set to autonegotiate, the speed can get figured out but the duplex can't. It's the way the hardware works, so you wind up with one side Txing at 100M,Full the other side receiving at 100M, Half. That cuts your speed right in half easily. Most modern sw that lets you "fix" a port, actually winds up simply restricting the autoneg options.

If you add a switch in between the laptop and it works, then I would check things like "fixed" or "autoneg".
Cables could affect ability to autoneg, especially at the higher speeds.