@stephenw10 nevermind, unless someone can replicate this, I think I found the issue, and as much as I want to claim I still think its a bug, now I'm not so sure...seems that I was having sporatic connectivity, and that was leading it to ACT like it was not working, when it in fact was, just very very limited, and few and very far between in doing so.... so unless someone can replicate this, I do not think this is a bug anymore, or at least have enough doubt to not think its a bug still...not totally sure, but in any case I seem to have fixed the underlying problem I was having. as for what port, yea, I'm aware, both cards, old and new, are intel IX driver based cards, both quad gigabit adapters, so I just had to change the interface everything was mapped to, but the prior issues led me to believe something else entirely was going on... but yea, same driver, I'm aware of that one, thank you! interface order did change, and I was trying to update things to the new interface, which had worked, up till I noticed my vpn issues...not sure what the bottom line issue was for that, but its fixed at least.

oh and my current setup 1.1.1.1 1.0.0.1 192.168.0.1 works then it stops working then it will come back so i can ping say homeassistant i get the other IP then say 10 min later it couldnt do my ping request.. then give it another 10 min or so it will be able to do domain names again so i guess im conflicting it so it works then stops working i did try the DNS forwarder.. i chose LAN network figured it would force the local 192.168.0.1 to the local LAN but thats probably not what it does

@freyja Not sure sorry I thought you were talking about sending the logs.

Crash report no longer. Seems it was Ram related. TY

In fact they will be applied the next time something triggers a reload. So that could be a pfBlocker update for example. Anything that has to rebuild the firewall ruleset from the config. So you can't guarantee they will remain until a reboot. Steve

@cs Thanks for the feedback. Looks like they've found a bug. I reported this issue a couple of weeks ago: https://github.com/pcengines/coreboot/issues/469

@norcarde A transparent proxy would solve your application problems, but they are a hassle to setup and can introduce their own problems.

@jfish said in remote mail server rejects connection after 2 hours: Has the remote host black listed my external IP address now Is that a question or a fact ? Check with them ? Packet capture the traffic to them, using their IP, TCP, and the ports 110 143 or whatever you use. If you set Outlook to sync with mail servers every minute or so, then yes, you would get blacklisted everywhere ^^

@hawksploit said in Pfsense logo error: this path /usr/local/www/logo.svg I told you that @gertjan said in Pfsense logo error: Or really changing some "image files" (which are not image files ;) ) ? so have a look at that a "svg" file is. You can open it with Notepad, as it is a text file, not an image file. <svg id="logo" role="img" aria-labelledby="pfsense-logo" x="0px" y="0px" viewBox="0 0 282.8 84.2"> <title id="pfsense-logo-svg">pfSense Logo</title> .......

@danielvanderwal said in Wrong external IP set after rc.newwanip restarting pppoe0: @viktor_g Thanks Victor, this seems a related/the same issue. Could we contribute with our Logs to this bug in anyway. For us it's a bit of a show stopper. Are there any workarounds possible or would reverting to 2.4.5-p1 the only option? pfSense 2.4.5-p1 doesn't support Virtual IPs on PPPoE interfaces, this is a new 2.5 feature: https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html#virtual-ip-addresses

@johnpoz Also, according to the RFC, those addresses are not to be pre-configured. They are supposed to use the automatic method.

You just enabled SSH? You hadn't yet added a firewall rule or port forward to access it? Hard to imagine what that could have caused if so. Is it inaccessible both internally and externally? Can you get the serial console connected to anything locally? It's possible the process required to generate the SSH keys is simply using all the available CPU cycles if something else was already stuck using a lot. If that is the case it may finish doing that after some time and become available again.

@cool_corona Or checking out (depends on the usage) 2.5.2 Beta tree. If you're running a box at home that should be no biggie. For a company box I'd stay at 2.4.5 (and switch update paths to that, so your packages won't go nuts) and wait for release (candidates) of 2.5.2.

@viragomann Thanks for pointing that. So I guess I need to wait till the next update. Also I have noticed if I run a speedtest on the firewall using speedtest-cli, WAN1 shows the desired result but WAN2 shows around 0.69 Mbps as download and 1.08 Mbps as upload. WAN1 and WAN2 are 10Mbps leased line. However if WAN1 is down then the speedtest for WAN2 shows the desired result. I know there was a big discussion whether to run speedtest on Firewall or not but this is just for testing. Moreover it's just a 10Mbps line. Is this also a bug.

@flow said in Rule/Aliases creation with easyrule: Furthermore, is it possible to create/modify aliases from the Pfsense shell? According to redmine, that feature should be coming in 2.5.2.

@razer1073 I have a Qotom PC too and it's OK with pfsense. As mentioned above, you should be asking in the OPNsense forum.

@razer1073 Forgotten to enable the interfaces?

Yup you can just use one interface. Yes, having two routers in one subnet is a recipe for asymmetry. https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html#troubleshooting-asymmetric-routing If you disable pf entirely in pfSense it won't care but your other should should if it's a proper stateful firewall. The correct way to do that is use a separate transport subnet between pfSense and the other firewall that doesn't have any clients in it. Steve