OK, thanks for the pointer. I forgot about that installer ... If it were more than 10 appliances I might consider setting up PXE-booting for that ;-) but that might be overkill for now. I'll see how it goes as soon as the hardware is here, thanks all.

Usually when you see the rule description missing like that it's because the ruleset has been reloaded since that packet was logged. pfSense tries to match the tracker ID to the ruleset to get the description but it can only reference the current rules. The actual packet is odd because it's unflagged TCP but it's blocked coming in to the WAN presumably which seems correct.

@tinfoilmatt Like I said, waiting to see if the primary box can run for more than 3 days without having to be re-booted or having to re-do the install. The secondary box has had similar problems. The first symptom we were getting was not being able to use our WiFi. Then ping would fail or it had already failed.

@Yamka said in pfSense LDAP authentication works, but no WebGUI access: Thank you! You are welcome

Ah, interesting. Thanks for testing that. Hmm.

Not seeing that here. How large is your config? What large sections do you have?

I have seen that once I just checked for update and didn’t install it after it would work again.

@workprdr said in Existing Modem and IP Questions: Different subnets are required. Modem at 192.168.1.1 and pfSense LAN at 192.168.2.1 avoids routing conflicts. Your current WAN IP (192.168.1.100) confirms double NAT; workable but suboptimal for inbound services. Request bridge mode from AIS if possible; otherwise keep DHCP on the modem and handle NAT/port forwarding solely on pfSense. I've already requested AIS to remotely change the modem/router to bridge mode. Thanks for your suggestions.

Hi, Upgrade confirmed, no issue! [image: 02-08-26-055113.png]

@mikekoke said in pfsense 2.8.1 crashed: It usually happens when I have the dashboard open and save the settings after making some changes. Changes in OpenVPN? Or just any change? It 'feels' like the issue we saw that was specific to OpenVPN but were never able to pin down. More logs would certainly help do that.

@stephenw10 And as suggested, I will set the WAN to a static IP and see about adding the gateway myself. Thanks for you help.

Yup that's expected when it gets updated.

@marcosm We can re-produce this error after almost every reboot on a pfsense plus 25.11. If you would like to investigate, we are happy to support.

I reply to myself: you can use this script to install the cert, the ca and activate it for different services on other pfSense without issuing a new certificate on each pfSense: https://github.com/stompro/pfsense-import-certificate

@stephenw10 FYI, I found an old config.xml that has the missing interface for the NAT rule, it was from v22.8 and was dated March 2023. I updated my system with every new release when it showed up on my dashboard. Thanks again for pointing me to the fix.

Yes. The page only parses the output of pfctl -ss. So you could dump that to a txt file then import it and filter using whatever tool you want.

Ultimately this is more of a TP-Link question than a pfSense question, but... @erichium Can I set up VLAN support in pfSense such that the wifi traffic from the TP-Link router goes through one VLAN and the hard-wired traffic from the TP-Link router goes through another VLAN? I've seen that the router has support for IPTV/VLAN, but I think I'm coming to the conclusion that, that's not really supporting VLAN for pfSense. IPTV/VLAN should solve this for you. On the AX1800, the IPTV/VLAN feature lets you configure up to 3 VLAN tags on the AX1800's WAN port. You can then choose which LAN ports are on which VLAN. Limitations You can't name the VLANs. On the tp-link the VLANs are named "Internet", "IPTV", and "VOIP", but they can be for whatever you want. Only the WAN port on the tp-link supports vlan tags. LAN ports have untagged traffic, but you can choose which network each LAN port is connect to. All WiFi traffic goes to the "Internet" vlan on the WAN port, regardless of SSID. Steps on the AX1800 Advanced -> Network -> IPTV/VLAN Enable "IPTV/Vlan" Mode: Custom Enable "802.1Q Tag for internet". Set the VLAN ID to some number (ex: 2) Enable "VOIP VLAN". Set the VLAN ID to some number (ex: 3) Disable "IPTV VLAN". Set all 4 LAN ports to VoIP. The WiFi is always on the "Internet" Save. Connecting things Connect WAN port of the tp-link to one of the LAN ports on the pf2100. Configure pfsense based on the vlan tags. (ex: vlan id2 = wifi, vlan id3 = wired). the AX1800 supports multiple SSIDs, but they're all be on the same vlan (ex 2). If you have NAT and DHCP enabled on the tp-link, then wifi (and any ethernet ports configured for "internet") will get DHCP from the tp-link and the TP link will perform NAT translation on traffic going to/from WAN port on the vlan id you set (ex 2). You'lll need to set up pfsense to provide DHCP for the other VLANs. If you disable NAT and DHCP on the TP-Link then you can let the pfsense handle DHCP for the tplink's "internet" VLAN as well. I think the TP-Link configuration interface is only available on the "Internet" vlan.