ok, bad new so... Thank you for your reply.

@mk873425 said in Adding a second drive to pfSense 2.5.2: but once I reboot the machine it refuses to boot, and goes into a read-only state. Any ideas? When rebooted, the drive is 'umount' properly ?

Thanks. Just ended up moding it a bit. Access all rule with no restrictions on the bottom. Above it is a rule to block WAN at the scheduled times. I can now go in and disable that rule for holidays and non school day week nights.

It can sometimes fail if the initial restore sets an invalid pkg repo or if the installed version needs to pull a repo update before it can access them. However if that does happen you should just be able to restore the same config again and it will work the second time. Steve

@testcb00 said in Virtualize pfSense, two WAN, one switch, possible?: I am not familiar with VLAN Here's your chance to get familiar! Traffic from the modems is almost certainly untagged. Which is very much not the same thing as VLAN1 but is a surprising common misconception. https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan1 Port based VLANs is probably not what you want here. That is typically used for separating switch ports into groups but not for trunking tagged traffic which is what you need to do here. You need to use 802.1Q based VLANs to tag the traffic and trunk it to pfSense. So, yes, set the PVID / Default VLAN ID (whatever it's named on that switch) on the WAN ports to 50 and 51. Then set the port connected to pfSense to trunk those VLANs. The traffic from each will arrive tagged to the pfSense NIC. In pfSense setup VLAN interfaces for 50 and 51 on the parent Mellanox NIC. Assign those interfaces as WAN1 and WAN2. Done! You can the same with other VLANs. You only actually need one NIC there, all the interfaces could be VLANs on it. Steve

@norsak-0 said in Strategy for site to site VPN, when one site is a cloud provider without a pre-built pfsense image?: What is the strategy for site-to-site VPN when you 'only' have a linux box at the remote site? If you really only have a Linux box at one end then you could only run pfSense virtualised there as has been said. But you can run whatever VPN client/server you need there and connect to it with pfSense. Any of the supported VPN types would work. Steve

@stephenw10 Yes resolved.

Be aware that disabling CARP either there or in the GUI is also temporary. As soon as anything makes a change to the interface config section, or just reloads it, it will be re-enabled. Steve

@stephenw10 ... it finally worked. Created new CA/Certificates for Freeradius. Created new CA/certificates for Captive Portal. Finally what actually worked : User Manage : Authentication Server : Selected Radius Server and saved it again. And every thing started working. Kept it under testing (finger crossed)

@stephenw10 no, re-connecting the cable does not bring connectivity back

Yup, you can use /tmp/rules.debug and load that into pf with pfctl directly. You could export, for example, the OpenVPN conf file(s). And the Squid conf file. And that would be most of the config but there would certainly be a load of other work required. Steve

@flybye I made a brief mini pfSense Vlan how2 here , and a few posts forward. https://forum.netgate.com/post/944381 /Bingo

@johnpoz nothing a VM won't solve to see if the driver actually works :)

@johnpoz got it thanks, never thought of that !

How do you have it configured? What is happening? What do you expect to happen? Steve

@bmeeks Thank you sir!

@raymondchauke A little further afield , central and western EU (HU and PT)

You can't test like that using the WAN. The route-to rules will force and traffic sourced from the WAN IP via it's gateway if there is one defined on the interface. You can try sourcing from another interface to check the target is responding to anything outside it's own subnet. The VLAN 10 interface maybe. Steve

This? https://redmine.pfsense.org/issues/9267 Yes, that's been in since 2.4.5. Steve

Yup, it's possible to use TCP. I was more pointing out that rule is set to TCP and that's probably unintentional. I doubt that's the issue though since OP says he's checking his pubic IP which I assume is via ipchicken or similar. That would be TCP anyway. Steve