@hayescompatible said in pfSense Plus generating corrupted backups:

ror: SSHDATA at line 7349 cannot occur more than once
in /etc/inc/xmlparse.inc:89

There's a known bug in the SSHDATA issue (https://redmine.pfsense.org/issues/13132) Check the redmine for details

@dnavas said in DLNA over VLAN: A how (not?) to:

Your mileage will vary

That is very true. I have seen users enable PIMD between the interfaces and do nothing else and it all immediately started working. I have seen other users spend weeks trying to make it work and fail. Implementations of clients and servers seem to vary significantly.

Steve

@stephenw10 So I discovered a misconfiguration in one switch (LAN A), and seems like on HA mode, arpwatch has an option to avoid reporting CARP/VRRP ethernet prefixes that was enabled.

To use CARP VIP and arpwatch together, that option needs to be check to disable those messages.

Doing this it solved the situation.

Hope this could help others since on documentation I didnt found anything.

@stephenw10 That did it, thank you.

Here is the relevant thread and note from JimP about this rule. ( I cannot post hyperlinks)
NTPsolvedNatRule.png

@stephenw10 Thanks Steven I will look this over and see if I cant make it work. Hope all is well.

The format is in the docs:

https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html

You should give more details on what you are asking for help with really.

Also this should probably be in the Community Job Board.

Steve

I'd also enable SSH now if you have not already so you can try to connect back that way.

Steve

Hello, I've verified the problem.
I got that notice after my rules had not been updated for some time.

I followed iTestAndroid tecnique and confirmed that I had too this negate duplicate networks , so i checked "Disable Negate rules" and manually reloaded filter, which addressed the issue. but issue is not solved yet.
I'have also tryed disabling nat reflection, but nothing
Output of:

is

Following this thread after solved the duplicate ruleset, a reboot was needed. That solved the issue for me.

@stephenw10 I mostly use it for clients. I haven't had to change a server OpenVPN client in awhile. There needs to be an easier way to turn on and off OpenVPN clients.

Yup, seems there is some confusion!

Hmm, if it has a correct route and can ping the default gateway that starts to look like an upstream problem.
You could run a packet capture on WAN whilst pinging just to make sure the pings are actually leaving WAN with the correct details.

Steve

For reference see: https://redmine.pfsense.org/issues/13154
And the associated: https://redmine.pfsense.org/issues/13156

Steve

It's much safer to force the user to re-assign them.

Imagine if you had 3 USB NICs and you disconnect one of them. Now at boot the NIC order might be different and you could end up with LAN hosts connected to a DMZ interface. Or worse.

Steve

Sounds good. Thanks for the help. With the /boot/loader.conf.local variable change, I've been running for more than a day now and it all seems stable with much lower memory utilization. I feel a lot more comfortable with 58% utilized compared to the 88%, especially if I have a sudden increase in traffic or encrypted tunnels, I know there are enough resources available to handle anything thrown at it.

Wow. It works like a charm. THANK YOU VERY MUCH.

Sami

@srytryagn said in Redundant rules ?:

Is it opposite for WAN ?

No - works exactly the same way.. Traffic is inbound to the wan interface from the wan network.

Out of the box all unsolicited traffic into the wan interface is denied..

@srytryagn Thank you !

@brad-bishop

I found it (well... Almost)..

Just for a sanity check I plugged my computer directly into the lan port of the router. I'm getting 935.3Mbps down and 95.4Mbps up.

There's something in my network screwing this up.

Thank you again for the help. I'll just have to track down the component, now.