@stevemac00 I just pushed an update that adds some features. Give it a try when you can.

You can operate on rule(s) based on description now, as well as specify multiple ruleIDs as a comma separated parameter for batch operations. If >1 rule matches a description, they will be actioned as a group. Changes are output at the console as well as logged to the GUI > System Log.

@stephenw10 Excellent! When the system was first set up I asked tech support to name them according to the VPN's server name, not realizing the provider occasionally changes their names

Guys, don't get me wrong, there are hundred of ways to ensure you have a "backup line", this doesn't mean we shouldn't have "revert back in case of failure logic"

How I ended up in this situation, I have changed "default domain" (entered two domains in the field) of the OpenVPN and I really haven't expected that, this is not supported and I also thought that, if it isn't supported the OpenVPN will simply return an warning, and ignore the value.
There is nothing related to pfSense in that case, it is up to the vendors of OpenVPN to clarify this as a critical or non-critical issue on the configuration and decide how to handle it - to continue, or to fail.

Anyway, I'm not here to blame pfSense developers, but opposite - to give them an idea to think of.

Meanwhile I remembered how the iXsystem guys do it - when you change network settings, you do your changes, then hit apply, because you are ready to test, then a simple timer is activated. If you don't save/confirm your changes in timely manner, they will be reverted back. (the same as Juniper, commit/confirm)

Yes, it could have failed to return an IP if both VPN gateways went down. Which is correct.

@stephenw10
Stephen, thank you for clarification - now I understand why there is no pfSense in Google marketplace and what is involved if I will decide using it on GCP platform.
Have a good weekend.
Piotr

The rrd graphs are averaged over quite a long period at the 3 month view. They are almost certainly peaking at much higher than 50Mbps. If you look at shorted spans you will find higher peaks.

Steve

Mmm, my limited scripting skills are failing me but you can set the status LED on the 1100 to 9 flashing speeds. Like:

[22.05-RC][root@1100.stevew.lan]/root: echo f1 > /dev/led/ok [22.05-RC][root@1100.stevew.lan]/root: echo f5 > /dev/led/ok [22.05-RC][root@1100.stevew.lan]/root: echo f9 > /dev/led/ok

So it would not be that hard to update that to reflect the load average using a script.

Steve

@stephenw10 yes mikrotik switches are very complex and difficult I did the vlans on edge switch and ubiqiti and went good .
this mikrotik switchess made lost me

@stephenw10 Nice to find out it wasn't just me going bonkers. Thanks for the help, triage and bug report.

Ok, looking at that it appears the installed and running kernel is correct but the userland is still at 12.2.
pkg upgrade didn't offer you any updates?

Try running pkg info -x pfSense and see if anything there still shows 22.01.

I would not expect a ZFS mirror to be capable of booting a different kernel. I've only ever seen it on separate boot devices.

Steve

@stephenw10,

I disabled UPnP on the router and I still have access to the server.

@SteveITS,

Thanks for the information about the Domain Overrides. I entered the server's domain and IP address into the table, changed the client's adapter setting to automatically obtain the DNS address and restarted the client. The client was able to access the server files and the Internet - problem solved!

Thanks to all for sticking with my situation until it got resolved.

Bridging and VLANs can be.... interesting!

But what you're doing isn't that complex you should be able to create a bridge with the two VLAN 36 interfaces in it.

Steve

@stephenw10

22.01 on pfsense and 0.15.7_33 for freeadius

Yes the order they are parsed/returned in determines the order they are displayed but nothing else as far as I know.

@gertjan Makes sense. Thanks for the info/explanation. Good to know this is available should it be necessary.

Ok, it's incomplete so the firewall cannot connect to the gateway at all. It is not responding to ARP requests.
A layer 2 failure like that usually means something basic like a cable in the wrong port or an incorrect VLAN config in the switch maybe.

Steve

@stephenw10

I did install GrayLog in a Jail on my TrueNas system. Lets see how that ^works^

I did lot of testing. Really pulled out my hairs out.

TL;DR: After I let my WAN interface DHCP lease to expire I changed interface MAC address to make sure that I got another IP. With new IP everything is working as should.

Really nice :)

I just added this line
$tmp = str_replace("utf-16", "utf-8", $data);
under line
$tmp = str_replace("^M", "", $data);.

It's rather crude, but it works :))

edit:
This could work too: $tmp = str_replace("utf-16\"?>", "utf-16\"?>\n", $data);

It's possible that happened during the upgrade before the package was updated. The crash shows the dumptime as: Sun Jul 3 152927 2022.
However is also shows 5 crashes and all the logged panics look to be the same. That seems unlikely to be from the upgrade.

If the crash report returns that will confirm it's current, yes.

Steve