@rico Great thanks!

That seems to work

@dobby_
Hi Dobby, i reinstalled pfsense and removed the squid package and so far for the last 1 week looks good.

Looks likely to be bad memory to me. Especially if you haven't made any changes recently that might have triggered it.
Is there any reason you're running an old version?

Steve

What values did you add? Something that references that non-existent init?

pfSense doesn't use the FreeBSD init system. As mentioned you should use /boot/loader.conf.local for any custom loader variables.
Custom sysctls should be added in the GUI in Sys > Adv > System Tunables.

If you need to re-install, and don't have a config backup, the installer can attempt to recover your existing config before wiping the drive.
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#recover-config-xml-from-existing-installation

Steve

Yeah, never open the webgui up for public access via http.

If you have to access it remotely you should only ever use https and you should restrict the source IPs that can connect in the firewall rules.

Using a VPN to access it s a much better solution.

If, for whatever reason, you have unknown scripts running on the firewall then you need to reinstall clean and examine your config before restoring it.

You might also pull the full system logs from it first and review those.

Steve

@rcoleman-netgate gotcha. Gonna hang out with this machine for now but will chose one with intel NICs whenever I need to replace it. Thanks a lot!

@netboy You’re welcome. Glad you got everything working.

Ah, well there you go. x86 FTW! 😉

I would not expect it to. And it's almost impossible to recommend doing something like that from a security stand point. Except maybe purely as a test.

Steve

Backup the config files from each node and compare the interfaces section.

This sort of issue is almost always because the interfaces are not identically defined.

They must be configured in the same order with the same internal names.

Steve

I assume those are rules created by the webgui?

And the reply-to values are the gateways? The destinations are the WAN IPs?

Steve

Do it one step at a time. If you try to move from several subnets on one layer2 directly to radius assigned VLANs you are almost certainly going to hit multiple issues! I would first try to create VLANs and make sure they work with your switches/APs. That should definitely work and is not that hard to setup with Unifi gear. Then, once that's working with some test subnet, try moving your current subnets to that to separate then and see what breaks.

Steve

@ibrahim1989 said in I can't get Internet access on the LAN side:

WAN was ok, but I had to change the LAN gateway to none. Thanks a lot!

Yes, if the pfSense is routing that specific network do not set a gateway.

In general you should be able to. If it has different interface types, the same number of interfaces, pfSense will ask you to re-assign them when you import it. If you have a lot of sub-inteface types like VLANs, PPP etc that can get complex.

Steve

OK, so you get an IPv4 address but it's in a private subnet?

@stephenw10

Thank You -- I made the change and rebooted -- seems to see the changes, and everything appears to be working.

Thank You

You cannot do load-balancing for clients just by using setting the system default gateway to load-balance gateway group. You need to use policy based routing on the LAN side firewall rule.

Setting a gateway group for the system default gateway can be used for failover for the system itself there. See: https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html#gateway-group-options

Steve

@hudri said in VPN only for specific app?:

I assume, that, once VPN is activated on the external mobile client, ALL traffic on this client will be encapsulated.

That's not necessarily the case, and it sounds like that's not what you want.

As others have said you don't need to have clients use the VPN for all traffic. Just define only the camera/NVR IPs addresses as the local side of the VPN and that's all that will be routed across it.

Steve

@troutpocket said in Something taking up all the space on my system:

@bmeeks
Even after rebooting the firewall?

Rebooting will kill any zombie process, so no need to perform the CLI command if you reboot. If you had space continuing to disappear AFTER rebooting, then I am inclined to think Suricata may not have been the issue. It starts with a clean slate after a reboot.

Reading your entire thread again, perhaps the log file itself got hosed within the OS. Suricata will reopen the same log file when restarted or after rebooting. But blowing it away and reinstalling would wipe out the log file.

Thanks jarhead and stephen... i did have continuous ping LOL i guess i need to review my firewall fundementals "stateful"