@gertjan said in Most secure for WPA enterprise (FreeRadius): ** we're all dummies ..... otherwise we wouldn't be posting here ^^ Haha ;) dude that made me laugh.. Guess I will go away now ;) And you prob have little need to be here as well ;)

@openwifi I had tried that as well, and for me it didn't work. I then tried restarting the ntopng service, and once it restarted I was able to see the host's detail when I clicked on the IP or the three lines/hamburger icon.

@stephenw10 I don't know if this is related to the same issue, but this only happens since the 2.5.1 upgrade. I switched the default route to using Single WAN instead of the GW, but I still have the following issue. Momentarily drops, most visible to the user when youtube videos or streaming are playing. There are periodic moments where it repeats a few second of video.

I found it, its under System -> Advanced -> Firewall & NAT -> Network Address Translation -> TFTP Proxy Now that I found it, I do remember turning this on when I was having issues getting NAT to work properly, but I dont remember why I did it.

@smoothrunnings Try clicking the Reissue/Renew button

@automatican Seems pretty freaky to me. There are some additional ports, which might be usable for outgoing connections on most networks like 25, 80, 110, 143, 465, 587, 993, 995. Anyway, to have the site2site VPN on 443 maks no sense at all. You ISP should not block any outgoing port. Some may block specific P2P ports though.

@viragomann this home dev / concept. Not had a need for a this scheme in production. Shame I cant route in dual wan. Will have to opt for dual server over single WAN for now. Pfsense is a great product and I really cannot expect every angle to be covered. Kudos to the netgate team. P.s But would be great for this to be resolved soon. :)

I went into the files described and increased the memory with an editor, saved the changes and resolved my memory issue. Good Stuff here. Thanks

@akegec I have tried and on the latest 1.6 but having issues with it where it worked perfect before on 1.5.1 dev.

@johnpoz if you understand diplomacy you will also understand that some accidents or events are not for public consumption like USS Scorpion. Some people are already playing the blaming game, the attacks because of Islamic radicals. The same as for Corona virus, China got the blame while in early 2019 (before China) there were a mysterious vaping illness outbreak in the State, Hmm.. where could the origin of Covid19 be.. Fort Detrick, U.S. biological weapon lab? Anyway I think yesterday attacks for some odd reason made my clients server-agents compromised. @Gertjan , Britain : I don't know .... the British didn't want to do the maintenance for the channel-tunnel on their side, so we flooded it. LOL That's a good one.

@tac57 I agree with @JKnott. I don't think a DMZ is what you want for your IOT network. If your IOT devices are truly on a normal DMZ setup, the are exposed to the internet and anyone can find and access those devices. They may be insulated from the rest of your network, but they are susceptible to intrusions from outside your network. I do think setting up some VLANs is the best option. This keeps the IOT device behind your firewall to help protect against intrusions, but also separates them from the rest of your network incase there is an intrusion. Honestly using two IOT VLANs is probably the best option. Use one for devices that need to access the internet to work - such as streaming devices, smart TVs, etc. Use another one for devices that don't need to connect to the internet such as CCTV systems, smart plugs/lights, etc. Of course you can do this with one VLAN and just create an alias and corresponding firewall rules to allow devices to connect to the internet while blocking anything not listed on the alias. But that requires that you manually add a new device to the alias list whenever you want to allow a IOT device to connect to the internet. By using two VLANs, you can simply connect a new device to the corresponding wifi network (the one that has internet access or not) and not have to manually change anything in the firewall. I would assume you can use two of the three guest wifi networks for these two IOT VLANs. This still leaves you with one guest vlan and hopefully your regular wireless LAN network. If for some reason you only have a total of 3 wireless networks available, I would probably set it up like this: regular LAN wifi, no internet IOT wifi, and a combined guest/internet IOT wifi.

Its possible their device the .121 doesn't answer pings.. Do you see its mac in your arp table?

So I was able to find some information related to my problem. You do have to set the gateway to bridge mode. There is a certificate authentication process that can only be handled by the frontier gateway. Supposedly there is a workaround on pfsense, but it's way over my head. Here is the link on reddit. [https://www.reddit.com/r/PFSENSE/comments/eukg72/is_there_a_way_to_completely_remove_the_att/] The other problem I have with my gateway is that there is no bridge mode. So I ended up disabling everything on the gateway except for dhcp, and set a dmz. I then set it to forward all packets to a mac address I set for the wan on pfsense. Everything has been working perfect, so I guess this is what I have to live with until there is a better solution for certificate authentication on pfsense.

@ddave So internet is working, I mean you can access it but DNS is not working. If you go around the DNS of pfSense (for example use 8.8.8.8 directly on your computer) internet is then working fine. At the point where unbound is not responding anymore, can you check what the status of unbound is? Go to Status -> Services and check if unbound is running. If it is not then I would try and disable pfBlockerNG (even better remove it) reboot pfSense and see if it stays stable. If not then it is time to start enabling unbound logging / debug and try to figure out what is crashing it. I remember unbound being unstable on my 2.5.0 install and from what I read on the internet a lot of people reported that. I then decided to move on to AdGuard Home (or PiHole) for my DNS and DNSBL needs and just hope that Netgate would fix that. Then I found the link about updating unbound and since then my install has been running fine. BUT I do keep my AdGuard Home server running in case unbound decides to quit again because I cannot be bothered to troubleshoot something that basically was running fine in 2.4.5 - p1.

@kiokoman Ok, thanks, will try that.

@nollipfsense said in PFsense Box with 32 gigs or ram: Or one could set it to 192.168.1.1 ... correct? 192.168.1.1 ? The resolver normally listens to all LAN type interfaces, and the local host 127.0.0.1 So, typically, it listens on 192.168.1.1 by default, so it can receive DNS requests from the local LAN clients. It looks for the root servers on WAN type interfaces (the ones that have a gateway), because these interfaces could (should) route a (the) TLD's or "13 root name servers." Setting to 192.168.1.1 means : unbound points (forwards) to unbound (forwards) to unbound (forwards) to unbound (forwards) to unbound (forwards) to unbound ..... and then it crashes. Happily enough, it's protected to ignore such setup errors.

@tagit446 forgot to tell, don't forget to enable log for these rules.

@bob-dig thanks that worked deleting the files there in the db... after deleting it changed everything to .localdomain and then after another 10 min it renamed everything to the localhost names so i dunno why it was going crazy with the number or so.. but deleting fixed it.. i was going crazy shutting off everything refreshing clearing rebooting pfsense 3 times nothing had solved it but deleting thoses files did