@bingo600 said in is it possible to run multi DNS Resolver via IP Range?: I don't think you can solve this issue with just one lancache That. pfSense, or the DNS service in it, cannot see the client IP queries come from, it sees only LANcache IP. That means it will do the same thing for all queries. If you have twp LANcache servers you can setup pfSense to send queries via different upstream DNS servers. Or just configure that on the LANcache boxes directly. You could also do this if one group of hosts doesn't go via the LANcache but there is no way to separate them if both do. Steve

I doubt this is going to be a problem but i will list the packages that the py38-openssl needs to have. pkg install py38-openssl Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating pfSense-core repository catalogue... pkg: https://files00.netgate.com/pfSense_v2_5_2_amd64-core/packagesite.pkg: Not Found pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 20 package(s) will be affected (of 0 checked): New packages to be INSTALLED: cyrus-sasl: 2.1.27_2 [FreeBSD] fontconfig: 2.13.94,1 [FreeBSD] freetype2: 2.10.4 [FreeBSD] gmp: 6.2.1 [FreeBSD] jbigkit: 2.1_1 [FreeBSD] jpeg-turbo: 2.0.6 [FreeBSD] libfontenc: 1.1.4 [FreeBSD] libssh2: 1.9.0_3,3 [FreeBSD] libunwind: 20201110 [FreeBSD] lua53: 5.3.6 [FreeBSD] nettle: 3.7.3 [FreeBSD] pixman: 0.40.0_1 [FreeBSD] png: 1.6.37_1 [FreeBSD] py38-cffi: 1.14.6 [FreeBSD] py38-cryptography: 3.3.2 [FreeBSD] py38-openssl: 20.0.1 [FreeBSD] py38-pycparser: 2.20 [FreeBSD] py38-six: 1.16.0 [FreeBSD] tcl86: 8.6.11_1 [FreeBSD] zstd: 1.5.0 [FreeBSD] Number of packages to be installed: 20 i don't believe that any of the packages listed here are already part of the standard pfsense repo and should be fine to have loaded in.

I also figured out why the 1:1 NAT (the (3) from above) wasn't working. It looks like you not only have to setup the 1:1 NAT and firewall rules, but you also have to define the outside IP under Firewall / Virtual IPs, otherwise the firewall will not respond. (Found this here: PFSense: 1:1 NAT Configuration) With that, all problems are resolved. Thanks everyone.

That's almost certainly nothing to do with pfSense. Most APs continue broadcasting an SSID whatever is happening upstream of them. Some do not but if you're still able to login into it to reboot it that's not the issue. Steve

@tyler-montney-0 said in AutoConfig Backup Location: I mean from the GUI. The file you download is a backup, meant to be stored on a device that you trust ^^ ( as any backup ...) @tyler-montney-0 said in AutoConfig Backup Location: Opened #12296 on redmine. You have a point. "We all know" what ABC is, where it's stored, and under what conditions you can retrieve it. ABC uses a server @Netgate where our copies are saved. They are encrypted, and can only be read back if you have kept that key (and ID etc) on a safe (local !) place. ABC was, in the past, on option that was not free. It was a package that you had to add, and set up. The doc doesn't really state clearly that is actually a 'cloud' thing. That it isn't a perfect solution. That it needs a working connection to the Internet. That you should backup the access credentials. Etc etc. @tyler-montney-0 said in AutoConfig Backup Location: I've opted to go the scp route, using the cron package (to set a cron job from the web interface). If you created a small shell script, you could add your own encryption. Take a copy of the config file, encrypt it before sending it away to some local device.

I do not disable the firewall function in PFsence. Disable the function will lose the basic protection for my firewall.

@cfrudolphy thanks for the reply. We ended up calling and requesting a level 2 they said they had enough calls on level 1 which is a lot of calls to go to level 2. He fixed it on the first try. It's been working great hooked up to Calix ONT > pfsense. Level 1 was blaming our equipment but this guy did not & actually listened to our problem which was on their end. We worked on this for 3 weeks and calling in constantly. This was some kind of DDoS attack coming through on that VLAN maybe? But the level 3s are going to have to look at it on their end. Solution: Switched to a static IP and to a different VLAN on their network. I would try to call in and ask for a level 2.

@stephenw10 Thanks for that info, I have created an account and provided the crash dump into the redmine ticket. I hope I could have provided the right information so they can fix the issue.

@flarednostril said in pfSense GUI unresponsive when WAN drops: @gertjan Yep reset to default. Then try disconnecting WAN. I suppose I will have to try that. Just surprised I'm the only one apparently having this problem. I will try reset to default and see if I get the same behaviour. We all agree the GUI may get a bit sluggish with no WAN connection, especially so if the Dashboard "home page" is being viewed and "Check for Updates" is checked. But I personally have never seen the pfSense GUI just basically slowly die as you describe.

You don't have to be doing anything with rules - just if you have an alias setup that wants to resolve that.. That is not something pfsense would be using. Do you have any aliases setup at all?

@noplan the one thing I would do differently (if you have the ports available) is connect your AP into your vlan capable switch. You can still use an uplink just for those vlans to another interface on pfsense. But doing so allows you to also put wired devices onto those vlans that your using for wireless. With your drawing, and only 1 vlan on that switch - it doesn't even have to support vlans, only your AP would since it looks to be directly connected into a port on pfsense.

@emmanuel-0 Is working well right now, I used use DNS Resolver then I change for DNS forwarder and made some changes at DHCP, is working now but is on trail. If continue to working well I write you, Thank for the help

@stephenw10 said in LCDProc CPU Temp Screen: Unfortunately my own php skilz are such that I'd have to spend significant time on it I understand that very well!

@marvosa Integrated and not having to use an Ubuntu server??

@johnpoz "Yeah you can leave your udm with a wan, I would put that on its own vlan for pfsense" First thing I did, actually.

@stephenw10 Found the problem, I was using Unbound python mode. Now it only blocks in the 101 vlan. Time to continue experimenting with pfblocker. Thanks again!

@stephenw10 said in Cloudflare Dynamic DNS error: Hmm, so you have it set to monitor gif0 but it cannot send updates from there? No, its monitoring opt19 but for some reason was trying to send updates out of opt15 (gif0). So I had to enable that hidden form field to manually change it. Question is, why is that form field even there and why is it hidden? I can only assume Firefox submitted the field even though its hidden (this is expected behaviour) and so the wrong interface got assigned, as gif0 was at the top of the list. I also noticed if I tried to monitor a ppp interface the IP just said n/a and it didn't even give a tick or cross. Fortunately I don't need to do that as both are static IPs, I just tried it while testing.

@stephenw10 Yep, had to reset the admin from the console. I was hoping for a remote solution, but hey, it's always fun to go to the datacenter, right? The weird thing about this problem is that an unrelated/unaltered user was showing the same error after we fixed admin.

@stephenw10 Except it failed overnight, when I changed versions. As the capture shows, there are 2 gateways involved, so there should be no conflict that way and my cell phone is with the same company. I do recall there were some OpenVPN changes when this happened. I redid my config to accommodate them and also because I wasn't thrilled with what I had. Correction, this came in with pfsense 2.5.0, not 2.6.0. I'm currently running 2.5.2. 2.5.0 came out on Feb. 17 and I was inquiring about the the OpenVPN version in openSUSE on Feb. 24, to see if that might be the cause of the problem.