If it isn't running the ure(4) driver you may need to load the module. That may pass at full speed.

@stephenw10 said in NUT Question:

It might be better to prevent the OMV shutting down until it really has to.

This sounds like the best solution. Rather then shutdown the OMV (NUT Client) in 15 minutes set it to low battery, like the NUT Server, then both will shutdown together and hopefully both come back on when power is restored.

Looks like some things may have been missing from that post.

But same question; what states do you see when you run these tests?

@joeschmoe said in TLS pr_end_of_file_error (non proxy related):

pr_end_of_file_error message in squid appears

Where are you actually seeing that? In the Squid logs?

Connections from the pfSense CLI should not go via Squid. If they are being redirected somehow that would show in the states created.

Do you still see this issue if you disable Squid?

Steve

Thanks a lot!

Mmm, the same port version though? 5.0.1?

From what I can see that fix should be in 5.0.1_1 and that hasn't arrived in FreeBSD yet.

How are you querying the agent?

@admintkh said in Hugh CPU Load after Upgrade to 2.6.0:

https://redmine.pfsense.org/issues/12045

You mean these commits?

b5d787d93b3d83f28e87e1f8cc740cb160f8f0ac 0020c845a086766b3315372f006363f8ad76ac54 d97753b5c8f1d32fbcdcbb0d129b49f808245865 3bea7b5b05f200df4cabee12e405b8feade16f0e 89d5cbb82294c8624e66f920d50353057ccab14b

That's shouldn't be necessary or even possible in 2.6.

Steve

@stephenw10

I have a Cisco switch here and port mirroring with it is a pain. I created a data tap, with a cheap 5 port managed switch.

@stephenw10 said in DNS Resolver:

It looks like you have something set that means it's to do a reverse lookup on all IPs. Anything that doesn't resolve is shown in that form which is why you're seeing a whole bunch of 'in-addr.arpa' logs.

I think you are on to something here, "all the IP's"... which do seem to be spread across the world, and made me think of pfBlocker...
Which in fact seems to be what is behind most of it (could Suricata be the other??). Anyway, I quickly found that two of the IP's which came up 4-5 times in the last 15 minutes, and do not resolve, are on pfBlocker lists, like "pfB_Top_v4"...

Yes, if an address has a PTR record then I'd expect it to show a domain there.
Steve

Interestingly it seems the issue with internal IP's and/or my employers site are no longer there. Not sure what I did but I was going through the settings earlier today and I think had "ignore remote DNS servers" active (under system > general). For sure it's at the default setting now, and I have to go back several hours in the logs to find those IP's in the list as in-addr.arpa...
Could that setting change have made this difference?

Anyhow, seem the problem is solved, or at least I have a better understanding now. I do still have to look for a simple way to skip those items in the analyzer...

The output of Diag > DNS Lookup shows all configured DNS servers not just those in use by the system or by clients. That's expected.

So I guess I shouldn't worry then... In fact I can of course remove those servers completely on that page and things still work.

The file is not especially large. Like of the order of 10MB.
It really does seem to be the file since in the original use case the rest of the folder can be passed fine without it.

When you add policy routing by setting a gatewau (or gateway group) on the rules you force all traffic to use that route.
But here you want traffic between local subnets to use the system routing not go out the WAN.
So you need to add a rule above the policy routing rule to pass local traffic only.

Create an alias Local_Subnets and put in it all your locally connected subnets.

Then add a rule at the top of the list to pass from LANnet to Local_Subnets without a gateway set.

See: https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

Steve

@peter_apiit said in Full Command to restart the networking in pfsense:

become slower, so need refresh the connection

Not really a thing - but ok ;)

Pfsense been running for 72 days, just as fast as it was 72 days ago for "internet"..

@johnpoz fair enough then. thanks!

If their ONT uses a GPON SFP module then there's probably a reasonable chance because you can just move that to a NIC. If not you have to try and get a module that's compatible and at that point you're off the map!

Steve

Satisfying when you find and fix it and everything just starts working though. 😉

Steve

In 2.6 the ix driver reports a number of additional error types in the received errors counter.
Check the sysctl mactstats for more detailed breakdown.

sysctl dev.ix.0.mac_stats

Steve

The pfSense docs is the place to start. You can also check out our back catalogue of video hangouts here:
https://www.youtube.com/c/netgateofficial

Steve

Leaving the password empty in the wizard does not change the password. It leaves the current password in place. Your existing username and password would not have been changed by the wizard if that were the case.

@johnpoz

You've modded a special pfSense theme ? 😊

@gertjan
thank you guys... much appreciated - away at work so need to test over weekend, will report back!

If you want the changes to be present for everyone, you can edit them into /etc/skel/dot.<blah> where <blah> is profile, shrc, or tcshrc.