@ahking19 OK thanks for correcting me - I thought he did.

@stephenw10 - Thanks for the response. I'll keep your points in mind as I see what I can do with my first managed switch.

@diyhouse: Trying to get log files...but web documentation does not seem to work,.. will have to contact Draytek tomorrow..

adsl idle dti_on # Followed by sys reboot

Does not give me the ability to pull logs in the diagnostic window

You probably have some pkgs installed with lists etc?

You're still at >20% unused RAM though.

@JonathanLee

the nginx GUI web server doesn't use "/usr/local/www/nginx-dist" or "/usr/local/www/nginx" which links to the first.

It still works, though : https://pfsense.yourlocaldoimain.tld/nginx :

069a610b-39ff-47e0-9e77-2b5217541b1a-image.png

These were the initial html files that come with a basic install of ngins, like apache2.
A simple html index file to demonstrate that the server works.
These files have been put out of the way 'somewhere'.

The nginx config file is here : /var/etc/nginx-webConfigurator.conf

You'll find this :

server { listen 443 ssl http2; listen [::]:443 ssl http2;

so it's actually simple to do this :

server { listen 192.168.1.1:443 ssl http2; listen [::]:443 ssl http2;

(maybe you should also add the IPv6 of your LAN)

to make it listening only on LAN (nad localhost) and no where else.

Do not edit this config file.
Edit the file that edits the config file : /etc/inc/system.inc, look for the function system_generate_nginx_config(), you'll get the picture 😊

A lot has changed in 6 years. What exactly have you setup so far?

@stephenw10

Yep starts up fine, no issues.

Unless i can reproduce it or others have a similar issue might have to throw this in the mystery box.

@getcom
Thank you! That worked!

Unclear. By 'router' here you mean the gl.inet GL-MT6000? And that is connected to the pfSense LAN?

I can only imagine that device drops the link to the LAN when it reboots and the other device does not. However that should not affect the WAN. The other possibility is that during boot it comes up with a subnet that conflicts with the WAN causing the default to flip.

But however it's doing it you should definitely set WAN_DHCP as default to prevent it trying to use the VPN as default.

@stephenw10 said in device has not been registered for pfSense+:

Yes adding or removing any NIC, including USB, will change the NDI.

If you run pfSense-repoc -DN at the CLI it wil print the NDI actually being sent to the repo servers to check against.

Well dag nabit! Thanks Steve! I just promised Craig I will never do such a bad thing again.. 😌

I should have been using my test box to test and not my primary.

Found a setting on newer iOS that may help here as well … wife was reporting in parts of the house her phone would swap from WiFi back to 5g during a call

Can try disabling Settings -> Cellular -> Wi-Fi Assist (“automatically use cellular data when Wi-Fi connectivity is poor”)… maybe a dead spot or between APs fools the iPhone to opt for the crappy cellular signal ?

I've not seen anyone use Nextcloud specifically but it's just a matter of code. 😉

See: https://docs.netgate.com/pfsense/en/latest/backup/remote-backup.html

hey all,
I could narrow it down...
found my zyxel switch was causing the problem...it is (I guess) another bad IPv6 implementation. So I offed my v6 Interface on my xs1930. Still reachable with v4 and no more spamming my logs.
Thank you for your hint @stephenw10 :)

I don't believe so since the radius traffic never leaves the firewall.

@jeep417 my guess would be you had UPnP before opening the ports needed for stuff like the.. I don't think I would ever make my network app open to the public. Not sure about protect or site manager - but the normal network app can be cloud enabled. I always turn that off, but believe it phones home to get any info you change, etc.

If I need to access my unifi controller while out and about I just vpn into the network.

Cameras normally work without opening ports because they phone home to the mothership and open the connection outbound that your app is able to use. I access my cameras when out and about this way..

You could enable UPnP on pfsense - but I would suggest against that. If you can not enable cloud/remote in the different unifi apps, I would vpn into manage those.. I don't use protect or site manager but the unifi controller believe if you enable it is in the unifi portal

remote.jpg

Out of the box pfsense doesn't block anything outbound.

Everyone,
Netgate helped me solve it. As usual, operator error.
It had wireguard on it, and I didn't know it. It was an ip conflict.
Yes, the firewall was open to make it easier to troubleshoot. I can close it down now.
Thanks !
Gary

@joshgreyz
Again we're off topic. Security updates. Period.

The other releases are mostly unrelated to what CE wants and needs. Only thing I can really think of is moving to new dhcp service...and that isn't exactly a severe security related thing just moving a very slight piece of the stack.

A large quantity of built in bsd vulns (of which there are few) don't exist here because they're compiled out - remember this is primarily a firewall/router that is designed to live in a hostile environment.

We're like 33 posts in and whining about release quantity. Specific patches are available when necessary, and they're available very quickly. Period.

@Patch yeah...development work is happening in areas that corp customers have been stating that are stoppers for a decade. Again...CE is not behind on security. You're measuring commits that include UI typos and saying that something that is completely unrelated to that is dead.

Moderators can we please lock this thread as it is literally just wandering in the desert complaining.

Mmm, so probably no hardware to attach to.

Try reverting the widget reload behaviour as shown here: https://forum.netgate.com/post/1191398