@haidymikhail There are many causes (bad cables, failing NICs, WiFi testing, bad switch configs) that are outside of the software and then a few inside (proxies, intrusion detection).

What are the drivers for the NICs? Model of NIC? Are you connecting through switching hardware?

The more detail you have to provide the more likely someone can help point you in the right direction.

It might be 9600bps. Or it might have reverted to defaults causing the problem?

The port is a real serial port so it will be cuau0 or cuau1. The upper case U implies a USB connected serial port.

Steve

@dominikhoffmann I'm late to the thread but you could use my script to have your pfSense notify you when updates are available to the base as well as any installed packages.

https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts

Thanks all for your help. I just wanted to come back and things seem to now be resolved due to the above steps. Fingers crossed it stays that way. Hopefully some other newb will find this useful in the future.

Yup, see: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html

pkg uses the pfSense repo by default. Be aware of the issues that can happen by installing FreeBSD packages but using individual packages directly is generally safer as it won't pull in incompatible dependencies.

Steve

It not only indicates lots of fragments it indicates lots of fragments that were not fully reassembled and disposed of in a timely manner so they continued to occupy a fragmentation entry slot until there were no more available.

As has been said the best course of action is to find the reason for the excessive/faulty fragmentation and fix it.

You need a firewall rule to pass traffic from VPN clients coming in over the tunnel. That either has to be on the OpenVPN tab on the firewall rules page or the assigned interface tave if you have assigned the OpenVPN server as an interface. Be aware that the OpenVPN tab acts as an interface group that includes all OpenVPN servers and clients. If you have assigned an OpenVPN interface you usually want the rules on the assigned interface tab and not on the group openvpn tab.

Steve

@dmytrokoren glad you got it sorted.. You would almost never have to do a fresh install - unless something crazy wrong that you can not even get to pfsense or something.

Or other times it can be a time saver vs tracking down the actual issue causing the problem.

@koby-peleg-hen well you do you - but I never got why anyone would ever do this.. Did you get it free - if so I could attempt to use one of their certs. Looks like not single domain 78$ for six years.

For starters I don't ever see using an actual public domain on my pfsense gui? I own multiple domains, don't use any of them internally.. Pointless to do so.. I use local.lan - but at some point will switch over to home.arpa for local domain.

But if did want to use public - why not just use free ACME cert?

So did you create the CSR and have them sign it? How exactly did you go about getting the cert and key..

Without some actual details, going to be impossible to help figure out what is wrong. What does the log say? You can setup pfsense to allow both http and https access - so even if the gui doesn't like the cert for some reason, the gui should be available just over http so you can see the log, etc.

Forked this to a new thread.

Is the gui even running after swapping out the cert?

@bmeeks HI Bill

No blocks as of yet. Its been 23 hrs since reboot and everything is running as it should.

No issues with the service behind pfsense since reboot.

@stephenw10 that worked 🤓

Thanks so much for your assistance!

@johnpoz said in Block network Access with correct Static IP:

@stephenw10 how would that work exactly? You would have to setup static arps for every IP that was possible.
And then when you wanted a new device with IP, you would have to remove / edit that static arp.. That would be a real PITA to manage..

Yup. 😉 far more trouble than it's worth!

And, yes, it only does anything for traffic going through pfSense obviously.

@igorbarrosmcz
No, LAGGs are meant for binding interfaces to achieve failover, load balancing or throughput enhancement.

@stephenw10 Ye from what i see i cant edit it,if you can mark it for anyone with the same ''problem'' (mostly newbies) if they google it so they know it works

once again thank you!

@stephenw10
Thanks Steve.

I suggest that all of those are because the IP you're testing from hit locked out of the firewall dues to excessive login attempts and the it's existing states were cleared. That applies before the user rules so it still hit and logged.

The arrow there shows it was blocked outbound on PCLAN_1G whicb is almost always out-of-state traffic because the state was closed.

The extra rule you have added does nothing more than block some traffic without logging before it hits your block everything rule anyway.

Steve

Is that a config from 2.4.5?

SSH keys were not included in the config until 2.6. You can probably remove that section from the config to allow it restore.

Steve

That worked. I was able to uncheck the serial option, saved a backup, and imported it with no problem. Thanks all for the help.