Ok but do you have both routers connected via PPPoE at the same time? Most ISPs do not allow that but some do. Anyway I'm sure you could do something better there. Just moving the VPN router behind pfSense and setting it to use DHCP instead or PPPopE should work fine. It can establish the VPN through pfSense no problem. Steve

You will see entries in the system log like: kernel arp: aa:bb:cc:dd:ee:ff is using my IP address 100.0.0.101 on ix0! If the conflict is with an IP pfSense holds. Steve

If it had no internet when you restored the config it would not have been able to pull in the packages. If it now does have internet the easiest thing is to just restore the config again. That will trigger the package reinstall after it boots. Steve

@oldhome7 I have a PPPoE bonded pair from centurylink and when I set it up I enabled transparent bridging on modem and rebooted modem. On pfSense I entered PPPoE login credentials no vlan or anything else. Worked for about a year like that.

@jimp I apologize for resurrecting a thread that was not relevant to my particular issue (that should tell you a thing or two about how much i know about this) but at the same time i want to thank you for the suggestion. Changing the file extension worked right away and my issue is resolved.

@battlesng Search YouTube for "PFSense console accessing using putty".

Ok great I see that. That looks OK for a TAP connection. Using TAP is generally far more complex though. The only reason to do so is if you need the OpenVPN clients to be in the same subnet as the local resources. If you don't need that just use TUN mode. You should be passing the incoming connections on the assigned openvpn server tab not the global openvpn tab. So remove or diable the rules on OpenVPN. Add a pass all rule, using source any, on the 'OPENVPN_Interface' tab. Steve

@cjnazz said in Cert issue for accessing local web pages: I'm somewhat surprised that this resolves a certificate trust issue. Hum... It resolves it because without that you are just hitting the pfSense webgui which is obviously not valid for the site you are trying to reach. https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html Steve

@stephenw10 thanks Steve.

@bingo600 What I wrote about 'private network' means Windows network. When I plugged in server after PFSense, it connected with Private Network and it didn't let me allow to access internet or core switch. Probably firewall rules block my ping attempt, anyway I needed to be in company network domain. However, after I setup the DNS server ip address to PFSense - System - General Setup then my server network is correctly on our domain network. Still I don't get it why I need to configure DNS server IP address to PFSense firewall. It doesn't matter when I setup with Unifi switch after PFSense, but with the Cisco switch it was an issue. For the DHCP, we don't use DHCP on PFSense and server networks are always use static IP. Thanks to you, I have checked DNS setup on PFSense configuration and the problem solved. I am really appreciate your reply.

See: https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html

The Squid access log is a separate log. It's not part of the main pfSense logs. Configuring an external syslog server in the pfSense log settings will not export the Squid logs. It is possible to export the Squid logs directly, see: https://forum.netgate.com/post/936222 Steve

@aclouden said in Broken traffic graphs?: @steveits I put snort into legacy mode and the wan traffic graphs work as expected. Thanks for the tip! Chris The problem with the traffic graph and Inline IPS mode operation is due to a bug in the netmap kernel device. That kernel device is needed for Inline IPS Mode to work. That bug was recently fixed with an update to FreeBSD. That update was merged into FreeBSD back mid-August if I recall correctly. So at some point in the future it will make it into pfSense when they pull an operating system update from upstream.

I assume that's running OpenWRT? I would expect it to come up as a DHCP client be default but it may not. If it's static you'd have to set it in the correct subnet. It should appear as a wifi AP to wireless clients even if it's not connected so you'll have to check it's config. Try connecting to it's console so see what's happening. That's probably better served on the OpenWRT forum (assuming it's running that). Steve

It's possible it's being blocked be something other than Squid so check the firewall logs. Check Snort/Suricata if you're running them. You should see connections from the PS4 logged in the Squid realtime logs. So are conections to the Epic severs shows as passed or some errors? Steve

I've never used ADCS so I could easily be overlooking something! But if you're not generating certs for users in pfSense you don't need to import a private CA cert key. Steve

Nice. Thanks for the update.

@interessierter said in Boot loop: mode = 0100666, inum = 321055, fs = / panic: ffs_valloc: dup alloc cpuid = 2 time = 1633349216 KDB: enter: panic Yes, that is a filesystem damage error. But it will have been caused by something else previously. Whatever caused it to reboot initially is the real cause here. Steve

Generally you would want an Intel compatible module there but I would expect those to work. Steve