What hardware are you running on?

What does top -aSH show for per core usage when testing throughput?

Ah, yes that would do it. The static values override whatever is in the main config. So leaving it empty there would not override 'none' set in the main config.

Steve

@danlad2030
Here https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html

@anonymnuss said in random lockout single connection:

If I switch the LAN adress of the proxy, its also blocked

Hmm, that sounds like something blocking at layer2. In pfSense that could only be the Captive Portal.

Try running a packet capture in pfSense whilst you ping from the proxy. Do the pings make it that far?

I assume you don't see the traffic blocked in the firewall log?

Steve

Are you using the captive portal also?
There is a known issue with running both: [https://redmine.pfsense.org/issues/12954](link url)

Steve

@stephenw10 thank you for your help :)

@stephenw10 Ahhh I see. Yeah it definitely shows the two speeds coming from the NAS. Nothing in between. So yeah it must be cached at the NAS, but I've never seen anything like this. Will have to keep hunting it. Thanks for the help!

@stephenw10 said in Strange behaviour after power failure:

How were/are the interfaces configured? All static?

Any errors in the boot or system logs?

Steve

WAN is set as dhcp (isp requirement) LAN/DMZ are static. OS Boot log doesn't make me any wiser anymore, as it seems to be allready overwritten with a normal boot.

Like @Gertjan replied, a bad system shutdown could do some strange things. Replacement batteries are allready arrived so I hope this was a one-off experience ....

@stephenw10 I did at the time. It didn't make any difference. From what I understand it's not a true bridge and Comcast will have to bridge. I guess I will need to call them. I just wanted to make sure I had all the info I needed before I did.

@stephenw10 Alright, thanks for the info!

@abiny said in Computer system Requirement for pfsense:

Hello,

I am planning to setup pfsense for our school.
I am planning to get a computer with 1TBHDD, 8GB of RAM, Corei7 processor and extra gigabit NIC. Will this spec be enough for a school with 1000 - 2000 users. Or do I need to buy one of the Pfsense appliances.

Thanks

You wouldn't need one TB hard drive, a 128GB SSD, and used the saving to up the RAM to 16GB. Seriously, take a look at the Netgate XG-7100 as earlier suggested...

Ok, please show us exactly what shows as down and how that interface is configured.

Also if we can see the OpenVPN status page we might be able to see an issue.

@stephenw10 Gotcha. Ok thanks Stephen for answering my questions and providing guidence.

Ah, OK. Well in that case you could potentially create a failover gateway group with the two WANs. But I could imagine it would get stuck on the L2TP WAN. You would need to configure the L2TP WAN to be dial-on-demand and disable monitoring etc so it closed the link. But That would take far too long. Also I could imagine the PPPoE monitoring might fail until the L2TP disconnects.

It seems like you could script it though. Probably take a bit of testing to find the right rc calls to work with those.

Steve

@bmf7777 said in DHCP error message question:

been working great for a couple of years ... then boom lots of DHCP issues everywhere

What changed? Firmware updates?

@stephenw10 thank you so much

Mmm, I could see that. If it works better for you then why not.

@stephenw10

Cheers pal, it’s nice to get confirmation i’m not doing anything wrong that might make it insecure or something else :)

Yes, that would be a good test. It's hard to see how something in the config could do that, it seems more likely something in the filesystem has become out of sync somehow. Never seen it before though.

Of course if you are NATing between WAN and LAN (most soho installs) adding a rule like that will only allow traffic to reach services on the firewall itself. You would need inbound NAT rules to reach anything behind the firewall.

Steve