@castle You positively run both. I use pfSense as my edge router and Mikrotik (RB450x2) for my LAN, the best of both world and love it. The downside is it could be expensive having two devices plus the learning curve.

That seemed likely since it's specific to starlink but you would see something in the routing log. And it has to actually receive a new dhcp lease to get that and your issue looks to be during the timeout where it's failing to pull a lease.

So you have no IPv6 configured on any interface? They are all set as 'none'?

Hmm I expect that to be entered in the extended query options if you need it:
https://docs.netgate.com/pfsense/en/latest/usermanager/ldap.html?highlight=extended query

@sl3390 said in WEBCONFIGURATOR WRONG CERT, NO LOGIN POSSIBLE:

Webconfigurator

See tip number 4.

edit :
Before posting, I actually tried out the command myself.

[22.05-RELEASE][admin@pfSense.xxxxx.net]/root: pfSsh.php playback generateguicert Generating a new self-signed SSL/TLS certificate for the GUI...Done. Restarting webConfigurator...Done.

But I saw a :

pfsense.xxxxxx.net has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

because I was 'stupid' enough to activate HSTS for the cert I use for the GUI access.

So, Plan B:
Console/ssh option 15, and restore a previous config.
And then option 11 for good manners.

That did it for me.

@periko

Notifications will get dispatches over all available notification destinations.

See /etc/notices.inc :

..... /* Notify via remote methods only - not via GUI. */ function notify_all_remote($msg) { notify_via_smtp($msg); notify_via_telegram($msg); notify_via_pushover($msg); notify_via_slack($msg);

Cool. Yeah you'd need a rule to pass traffic from 192.168.2.X to any on that interface. Not just v4 ICMP as shown in that screenshot.

Steve

@gertjan said in Ver 22.05 - Unable to check for updates, pkg info reports invalid url:

Does this implies that, ones a bad /usr/local/etc/pkg/repos/pfSense.conf ( /usr/local/share/pfSEnse/pkg/repos/pfSense.conf) has been pulled in, update requests are impossible as long as admin doesn't correct things ?

Yes, though that file is only a sym-link to the repo files in /usr/local/share/pfSense/pkg/repos/.
Those files are provided by the repo pkg and that's what was broken for a short time.

Steve

There is an open feature request for it here you can add comments to:
https://redmine.pfsense.org/issues/8694

Steve

Hello together,

What version is shown here.... (picture below)
5.jpg

... should be matching to the chosen "branch";

In the dashboard shown version and the current chosen Branch should be matching together (Shown in the picture below)
4.jpg

Show the installed packets in thew dashboard and scroll down until you reach the point "System patches", be sure
there is a small hook shown and not a small plus (+) sign
(Last position on the picture shown below)
1.jpg

If there is a plus sign (+) you could click on the name of the shown patch and you will be directed to the to the
pfSense section "Recommended System Patches"
(As shown in the picture below, as an example)
2.jpg

If you have applied this patch (or not, like you need it)
you will be able to go back to the dashboard and click
on the two bowed arrows to have a look again over the
available updates. Now all should be fine there.

Yup, the DNS for that site is broken. <insert it was dns meme>

But at least now you know it's broken and how so you can use any of the 3 workarounds to allow access again until it's fixed.

Steve

At work, will run memory checker tonight. Thanks for the suggestion!

@periko

According the manual @ https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html :

d4adca7b-310a-4413-8d64-b4e8273fc301-image.png

But, it was a no go as I can't access :

https://core.telegram.org/bots#creating-a-new-bot

so, I guess Telegram has some temporary issues.

That particular CVE does not affect pfSense because it only applies to strongswan when acting as an EAP client which pfSense cannot be configured to do.
That is often the case, FreeBSD vulnerabilities do not necessarily apply to pfSense.
If it was affected we would either make a point release to address it or build an updated pkg in our repo which you could 'pkg upgrade' to depending on the level of assessed risk.

Steve

I use FreeBSD as a daily driver on one of my machines and im falling in love with it.

a6063969-adb0-44cd-9b82-b11765f66b47-image.png

Its so robust and unbreakable. Native ZFS support is just a cherry on top of all that. And yes. It has nothing to to with broken and bloated Linux kernel. Not only its not Linux based, you actually need to emulate Linux with projects like Linuxlator to be able to run Linux applications. Not that i recommend it, just want to point out how different it is compared to billions of Linux distros out there.

@stephenw10 I leave the dash board web page open on my desktop. Thank you for the reply.

@stephenw10 hello! thanks for the response, usb ethernet wont work long term, seen that when i looked at the netgate pfsense manual. that was the issue. i ran through the laptop with a vlan on single nic. works now, just having trouble figuring out a second vlan. i posted a request for help under L2/Switching/VLANs.

thanks again!

Terry

Ciao, @stephenw10

I did some test as suggested.

With pfblocker enabled worked well for 2 days, then it begun to had some random crashes.
These crashes usually happens during video stream (netflix) or watching youtube.
Also, the router crashes even after pressing the "save" button to disable the plugin. But I have no issue when I do the same procedure but to enable it.. very strange.

Unfortunately I haven't any log of these situations, usually on the home screen I have a yellow bar with a link, but now after the router reboot, it is like nothing happened.

Now I removed pfblocker and eneble the traffic shaper again and I will do some new test with this settings

@stephenw10 Thanks for the offer, I had already decided to just open a case as I was about to call it a night. I removed the 2 SSDs and replaced with an NVMe drive. This time I installed 2.5.0 -> 2.6.0 and amazingly I got a super quick reply to my case, they offered to remote access the system to see what was going on. I did the upgrade to 22.01 and uname -a showed correctly and this time no issues with temperature sensors and AES-NI was showing as active. Did the upgrade to 22.05 and again uname shows correct and everything works as expected.

I really appreciate the help, I am not sure what the issue was, either some problem with the ZFS mirroring and it was reading conflicting data from the disks or somehow the 2.5.0 starting point helped. Interestingly this time, I noticed that the wall of text during the upgrade was much much shorter and faster, not just the result of the faster NVMe drive, it just had less text, this time I recorded the upgrade incase it was showing errors, so I can only assume during the previous upgrade there were lots of errors reported but wasn't paying attention to what they said as I didn't expect any errors, I really don't know. I am happy that it's working and again thanks for your help.