This would be just one tool of many. True, a smart hacker may try to distribute the transfer over time/destinations. Some aren't that diligent.

@stephenw10 I needed to add server into the nsCertType and serverAuth into extendedKeyUsage in the x509 extensions but need to add the x509 extensions as a command line arg to openssl, adding them into the config file dosent seem to work. Have to create it this way: openssl x509 -CAcreateserial -req -days 7300 -in $cert_dir/$cert_name.csr -CA $cert_dir/id_rsa.crt -CAkey $cert_dir/id_rsa -passin pass:$ca_pwd -sha256 -extfile <(printf "$extFile") -out $cert_dir/$cert_name.crt the -extfile get the contests of the x509 stuff.

@stephenw10 That got it - many thanks Stephen.

Ah, nice catch. Yeah I'm always suspicious with one bad port on a NIC. If it's physically damaged you're probably OK but if it took an electrical surge is the other port going to fail.... Steve

Is there a FreeBSD implementation? It would have to exist there before we could use it. I don't see it listed a congestion control algorithm there either. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet/cc/cc.h Steve

@stephenw10 said in System Log Errors : send() failed (40: Message too long) !!: With a custom login page? Exactly. Previous reports of this were caused by a bad custom port page that was creating a forward incorrectly. Steve

Well, for example, traffic sourced from 'vlan_10' should never be leaving the VLAN10 interface. Assuming 'vlan_10' in the VLAN10 subnet. Traffic from the LAN subnet to other devices on the LAN subnet would never pass pfSense at all so the LAN rule there would also never catch anything. Steve

Yeah you shouldn't be using public space internally, unless its your space.. That space is the French telecom "orange" If your devices are connected to the same wifi network and same AP.. pfsense has nothing to do with them talking to each other. And nothing to do with their discovery of each other through some L2 protocol. Discovery of chromecast https://developers.google.com/cast/docs/discovery

@batrams good to hear ;) You might want to sign up https://www.netgate.com/resources/newsletters if your log into your pfsense every now and then ;) setup the little RSS widget, so then you should see stuff about new versions, etc. [image: 1638719395510-rssfeed.jpg] Or just hang out around here - there is normally quite a bit of whoha about new releases as they come out.

Thanks. I'll do that with one of the devices that allows the public address.

I posted in the wrong forum. Looks like the issue was resolved in the development forum. $ sed -i '' -e 's/%%MIRROR_TYPE%%/srv/; s/%%SIGNATURE_TYPE%%/fingerprints/' /usr/local/share/pfSense/pkg/repos/pfSense-repo-devel.conf

Unless you have specific concerns about space or drive writes etc just accepting the defaults is fine. In general pfSense should never use SWAP and of you see it swapping it's usually because something is misconfigured. I still have some test systems that run from CF and on those I always disable SWAP because of the limited write cycles there. Steve

@johnpoz just whittling that down now. We don't think we've made any changes, but another service that streams has just started misbehaving on domained machines too. It effects all browsers so we are investigating the build... And as I type I am thinking the only other thing is ESET Antivirus updates as this all started happening at the same time. Servers are unaffected, byod too.

@artifice said in Random disconnects: I have been having some issues with the following error That is not an error. That shows dpinger starting and the values it's using. That typically indicates the WAN disconnected and reconnected but could be something else. We need to see a more complete set of logs surrounding the incident really. Steve

If it fails to mount root because of filesystem damage you can run a manual check: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check Steve

Ah, yes the UPS can simply not supply power again until it has charged to some specified level. Assuming it can be set for that.

You could be hitting the route-to/reply-to bug that was fixed in 2.5.2: https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html#rules-nat https://redmine.pfsense.org/issues/11805 Though I agree the nrpe service should not behave like that. That's probably an upstream bug though. Steve

These are worthy topics for discussion but we are derailing @cxcmax's thread I suggest moving to a new thread in off-topic to discuss VLANs in general. Thanks. Steve

@ikram syslogd - the system logger, received a signal '15', which means it received from 'above' a controlled process shut down. So it exited. If syslogd was one of the first processes to receive this signal, the shut down of all other process - and possible, the reason, are not logged so not known. Btw : if there was a lock up, there are no logs neither. The solution is : use the console (better) or SSH (best) access. Get connected. Start looking at at the command line around 23h50 and be patient. Remember : the GUI is only fine for when things go well ;) @ikram said in Reboot Pfsense automatically: the service cron is not enable In that case your pfSense would not function at all. The cron service is always enabled. I advise you to install the pfSense Cron package. You can see what's in it, what happens and when. [image: 1638442646138-68dbb7e6-a3e2-44b7-b31f-538e3f08b3ae-image.png]

@stephenw10 Legend, thank you so much :)