@lawmans3 Congratulations on purchasing a Haiwei device.

This is from eBay and may help Netgate administrators in providing a solution to your setting issue since I have no direct experience with Vlan...see images below.
Screenshot 2023-01-17 at 10.58.42 AM.png
Screenshot 2023-01-17 at 10.59.11 AM.png

You can use any private subnet for the pfSense LAN as long as it doesn't conflict with any other connected subnet. In this case the Starlink router is using 192.168.1.0/24 already so you need to use some other subnet for the pfSense LAN. By default it uses the same subnet creating a conflict.

Steve

@stephenw10 Issue turned out to be a Traffic Shaper that I didn't realize was setup. Thank you all for your help.

@toni-martinez we have some sort of translation error going on here I believe.

What IP is on the printer 192.168.0.240, or 192.168.6.240

Which IP does your hostname point to? How could it point to both. The printer is either on the lan or its on the warehouse network. How could you have it on both?

Hi Steve,

thanks for the Information, so i had to fix the toggleing ARP issue, i use mostly emulex NICS ;-)

best regards ré

Yeah if you just disable RAM disks there's no restriction on the size of /var or /tmp.

Hard to say for sure, but there are a number of changes between FreeBSD 12.x and 14.x that likely improved support for that hardware.

Thank you Steve, your explanation helped me to solve my issue.

Now, everything is working as expected.

Have a great day,
Mauro

@ewok2 said in Nut Client Server error with ESXI:

Is there some port forwarding to do ?

See post #2 in the NUT support thread for information on allowing network access.

@jimp So had a look into this a bit and I believe this is probably NPS expecting passwords to be ucs2 rather than the utf8 that gets sent.

Think its this project https://github.com/pear/Crypt_CHAP that the authentication test uses behind the scenes that has a bug in str2unicode. similar issue here https://github.com/dapphp/radius/issues/5

Changed the str2unicode function on the pfsense 2.7 dev version I was using for testing and now a user with the password: Password!"£$%^&* works as expected when it didn't before.

function str2unicode($str) { $uni = ''; $str = (string) $str; for ($i = 0; $i < mb_strlen($str); $i++) { $a = mb_ord(mb_substr($str,$i,1)) << 8; if ( $a > 65536){ echo "NPS does not support non BMP codepoints\n"; return; } $uni .= sprintf("%X", $a); } return pack('H*', $uni); }

I'm no unicode expert or PHP but as UCS2 is only 16 bit it can't support any code points over 65536 so added a check to fail if it finds this. So no emojis or no 4 byte Chinese codepoints.

This might still work fine in strongswan as read they added a fix for this so might just have been the authentication tab that was not working correctly. Will register for the bugtracker in the morning and update that bug.

@motivio the System Patches package:
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

@johnpoz ok understood thank you so much for the help!!

There was a test kernel that contained the fix for 22.05 but at this point it's better to test 23.01 if you can. If you're running ZFS you can always roll back the BE snap to 22.05 if required.

@steveits It works now.

@pfpv Hi! Did you get this solved?
I also try the same :?

@nollipfsense actually this also stopped working and I’m back at the issue.

@jarhead Thanks

@steveits said in SURICATA STREAM Packet with invalid timestamp:

@draithan In our standard Suricata setup we:

• check "Disable hardware checksum offload" in (System->Advanced->Networking)
• Suricata: disable ALL stream-events.rules or it will block lots of traffic on false positives

Ok thanks for the confirmation. Appreciate it. Not seeing anyone posting to not disable..

Appreciate everyones help!