@sticilface I only do NAT in OpenWRT for those pVPNs, between pfSense and OpenWRT it is routed.

If you have dhcpv6 enabled on WAN the dhcpv6 server on LAN will use the prefix it pulls. Those are coupled. But also should be independent of the v4 service.

@roboto

All inbound traffic from the internet to pfsense is blocked by default. If your wifi client goes to say www.google.com the answer is allowed by the state. There is nothing to do with wan rules.

Now if you create a new network, say these vlans or wifi network you would have to create rules on the vlans/networks interface to allow outbound traffic to the internet.

@stephenw10 I missed the part where his is inside a DTLS tunnel..

But I can almost promise you tplink is using napt.. Unless it has something setup for dtls for vpn passthru, which find unlikely.. What port is being used for the dtls tunnel? There really isn't a set standard port.

But setting static port, sure not going to break anything worse than it is ;)

You can still reset it from the serial console if you need to:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#forgotten-password-with-a-locked-console

Steve

@troy-0 said in Renew cert' issues:

however web browser says invalid certificate.

Up to you to ask why 😊

And then you find the reason :

a6eba7ab-f085-4b80-b1e6-f733c03b032a-image.png

So, why waiting ? Go for that Advanced button, at the bottom, at the right.

It's a self signed certificate.
Signed by you. Because you made it (with some tools present on pfSense).
And your browser doesn't know who you are - or, to be more precise, you didn't make that huge cheque to be given to author who created your browser.
Give them a couple of $ xxx xxx xxx.00 and your browser will recognize you, and your cert will be accepted.

Or, do what we all do :
Now you can probably "make an exception for this site".

And keep this in mind : the next time you re generate your Web Configurator certifciate, this error will pop up again, as your browser doesn't recognize this new, unknown, self signed cert.

@creationguy said in pfSense Software is Moving Ahead Discussion:

Will these mentioned updates be available in the next pfSense+ release?

Never say never but that is certainly the intention. 😉

@stephenw10 Thank you for all of your help.
Its greatly appreciated.

UPnP should not be enabled by default. What are you seeing that on? What's the history?

If you can use port forwards I would do that. Only use UPnP when you have no other option IMO.

Steve

@regilayt filezilla ftp server is free.

Clearly your packets being sent to the box, most likely a firewall issue. Since you can see traffic being sent to this .131 IP

You running any other security software on the box. Firewalls quite often will allow local network, and block remote networks, etc.

So your using pure nat, so guess what the source is when you come from local network and hit your wan IP..

purenat.jpg

Firewall most likely would allow that since the source is local.. I hit my wan IP from my 192.168.9.100 box, with a port forward set to send that to my 192.168.9.10 box.. See the sniff on my lan interface sees the traffic to my wan IP, and then look how it sends it on to the 192.168.9.10, the source is my .100 address.

I have nothing listening on my 9.10 on port 50022, just wanted to show you what happens with a pure nat, to why that would be working, but might not work from a remote IP since quite possible a firewall is blocking it. Here is the thing your seeing the traffic sent to the .131, its not a pfsense problem if you do not get a response..

That's not required in 22.05 and you should be able to see the pcscd process using the RAM if you hit that issue. But in versions before 22.01/2.6 you should certainly check that. Or upgrade! 😉

Steve

you wrote that when you connect a PC instead a Mikrotik, its working. So i think your Mikrotik Config is wrong. Du you have a DHCP Client running in Mikrotik on that Interface which is connectet to pfSense? If YES, is the DHCP Client configured to add a Default Route?!

Maybe this post could help? I used the last suggestion to increase the screen size of my connection in Hyper-V.
Add in

Maybe try juggling the X,Y numbers to fit?

Post

I was able to resolve this issue while researching some of the error codes above. I cannot specifically comment on the exact solution.

Nice result! 👍

@stephenw10 will do thanks

@bingo600 said in No packages installed/Unable to check for updates:

@ramosel

Yes - Bad url

Fix is this (switch to the devel btanch , and immediately switch back)

Gotcha, I thought reading that through they were talking about changing the actual version, but it was just the selection without choosing to commit the change and rewrites the config. Easy enough, Thanks. Seems to have cured all issues I saw this morning.

The pkg-static runs fine and to completion now as well.

Is there any thoughts as to how the URL is going bad? Every thing has been fine for weeks without any config changes.

Rick

Thanks Bingo, Thanks Stephen!
(is that like Bingo Fuel, I'm outta here?)

It ends with

@sotirone said in 1200 DynDNS Email Notifications Every Night:

Sep 17 17:36:11 php-fpm 75704 /services_dyndns_edit.php: phpDynDNS (): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS

so the file contains the same IP as the actual WAN IP
and
the file date is younger as 25 days from now.

So there is nothing to do : all looks fine.

Another look at :

Sep 17 17:39:07 php 8219 notify_monitor.php: Message sent to email redacted OK

The mail gets send, but some failure stops the mail from getting de-queued - and it will get send again.
So not a dynsds issue, as no further dyndns log lines are shown, but a notification system issue.

@stephenw10

Got it.
Thanks again!

Switched monitoring IP to the Comcast primary DNS server: 75.75.75.75

If an IPSec P2 config is over-matching it will grab that traffic and send it across the tunnel so it never reaches the DMZ.
That affect it whatever the NIC assignment though. It only applies to subnets.

Steve