Relayd was deprecated in 21.02/2.5. There is a thread detailing an effort to bring it back as a package: https://forum.netgate.com/topic/154871/reestablish-relayd/ You might also try Squid reverse proxy which has a lot less features than HAProxy. Steve

That's a smart move!

I think so too. However, I wanted to follow a tip first and reinstall the software. However, I now also no longer have access to the console. Everything does not sound so good. If there is something interesting to report, I'll let you know. Otherwise, thank you for your time.

@jimp OK, thanks for your prompt response. I applied the patch and can confirm that can't reproduce the issue any more, even after enabling bogon networks block. Thanks for the tip!

I have been running the cron update every other saturday at 1am and yet to have a problem.

Thanks stephenw10 for pointing out typo on subnets. Subnet .1 on pfsense & AP WAN side. Subnet .9 on AP LAN side. I cannot edit the previous post to correct.

@tristargod BSD was created based on the original AT&T UNIX. However, it soon diverged to become independent. There was even a lawsuit over that. Linux was developed completely separate, with Linux Torvalds wanting to create a Unix like OS, after finding MINIX inadequate. Then we had SCO Unix/Caldera claiming ownership over Linux based on very tenuous claims. One was through IBM, which created JFS for OS/2 and then ported it to AIX, which was then claimed to be a derivative work of UNIX, even though it was originally developed for OS/2. That's the sort of nonsense SCO/Caldera was using to justify their claims. There's lots more. BTW, this history was covered extensively on Groklaw.

@stephenw10 Problem fixed. Backups now visible again. thanks Steve

@shinobi said in PHP ERROR: Type 1 - reoccurring alert: I have seen this alert & cleared it a few times. It seemed to pop up right around the Log4j debut.. so any log related error is causing me to 2nd glance it. Does this look like a legit "not enough memory" message, or maybe a buffer overrun.. ? PHP errors PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 54, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 6336420904 bytes) @ 2022-03-12 01:20:08 Your log file has grown too large to view using the PHP viewer applet. That code works by loading the entire log into RAM and then displaying it to the browser as one string. The PHP process in pfSense has a limited amount of RAM allocated for it, so if the log file is too big, that limited RAM is exhausted when trying to load the log. The solution, as @SteveITS said, is to turn on the log rotation options and set a much smaller log size for alerts.

Hmm, I can replicate your setup very closely here but can't replicate the problem. Yet. This is an X520 NIC connected as a LAGG to two 10G ports on ICX-6450 using Brocade DAC cables: [22.01-RELEASE][root@7100.stevew.lan]/root: netstat -i Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll ix0 1500 <Link#1> 8c:dc:d4:a8:15:e8 259154487 0 0 259272608 0 0 ix1 1500 <Link#2> 8c:dc:d4:a8:15:e8 240144841 0 0 240127722 0 0 This: dev.ix.0.%pnpinfo: vendor=0x8086 device=0x10fb subvendor=0x103c subdevice=0x17d3 class=0x020000 dev.ix.0.%location: slot=0 function=0 dbsf=pci0:2:0:0 dev.ix.0.%driver: ix dev.ix.0.%desc: Intel(R) X520 82599ES (SFI/SFP+) [22.01-RELEASE][root@7100.stevew.lan]/root: ifconfig -v ix0 ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> ether 8c:dc:d4:a8:15:e8 media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1X Copper Active (Copper pigtail) vendor: BROCADE PN: 58-1000026-01 SN: CAX112240004092 DATE: 2012-06-16 [22.01-RELEASE][root@7100.stevew.lan]/root: ifconfig -v ix1 ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> ether 8c:dc:d4:a8:15:e8 hwaddr 8c:dc:d4:a8:15:e9 media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1X Copper Active (Copper pigtail) vendor: BROCADE PN: 58-1000026-01 SN: CAX116410001093 DATE: 2016-10-07 Are you able to test a different cable? I do have a lower cost DAC cable here that throws errors at 10G. Steve

Are you still seeing the LCP timeouts in the PPP log when it fails? Where did you get the MT992 modem from? Perhaps it's bad? Try setting up a PPPoE sesion from something else using it and see if you still get disconnected. Try putting the Fritzbox back and see if that has disconnects at all. I can't do live support here, we have paid support for that. But in this case they would tell you the same thing: LCP timeouts like that are the other end failing to respond. pfSense can do nothing about that. Steve

@itestandroid You can have whatever MTU you wish on your LAN, as IP is designed to work over different MTU, provided everything thing on a subnet is at the same MTU. Fragmentation (IPv4 only) and Path MTU Discovery (PMTUD) will be used fit the packets to a MTU. However, if you can manage 9000 on your LAN, then that would be best. However, you won't be able to use WiFi on that LAN as it supports a maximum MTU 2304 bytes. Also, where is your LAN compared to the data centre? If you have to connect to it via the public Internet, then you're still going to be limited to 1500. I believe Internet 2 supports 9000 MTU.

@stephenw10 thanks I see my zpool. No widget in 2.6.0

It shouldn't. It sounds like you're hitting this or some variant of it: https://redmine.pfsense.org/issues/12920 Steve

Thanks guys. That was exactly what I needed. And thanks for pointing me to what I needed to read in the manual too.

Still an issue in March 2022, I'm not sure why the whole restore process is a mess and extremely confusing and to be honest absolutely downright stupid. It's like a restore process from 2005... MAKE IT USER FRIENDLY NETGATE! Better yet, add progress bars, because sitting to a blank screen for an hour to see if this config worked is absolute insanity, EVERY config should restore. such flaky software.

@longhorn said in pfSense Blocking MAF... any idea why and how???: @stephenw10 appreciate your thoughts and comments. I've now been able to determine it's not a network issue - as you said - but appears to be narrowed down to my Windows 10 workstations. Snooping some of the forms not displaying correctly to the end user, they share some characteristics: iframe JavaScript calling a 3rd party site for MFA Security software might do things like that.

@mrpete said in "Cannot delete alias. Currently in use by ." [Not reproducible]: it sure would help to list the interface name along with the description :) Yeah prob be best to list as much info as possible, interface, actual rule number, etc.

Really we need to know what bandwidth you're actually going to be routing/filtering. I would assume you will not be passing (or trying to) 10Gbps between those VLANs if each client is limited to 100M. If it's all going to be WAN-LAN traffic what's the available WAN bandwidth? Steve

@leacho73 for openvpn look here: openvpn-external-crl-automatic-renewing-openvpn-restart So... you could download the CRL with Curl, transfrom it in x509 and drop it where it is needed.