@serbus said in Where can I apply an easyrule?: proceed at your own risk... That.

No worries. Good to put info where it's likely to be found.

Yes. Filebeat is not directly a syslog server as far as I can see. You have to configure it with the syslog input module: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html And possibly some other config there. As I say I've never used it. Steve

You could post up these rules you created on the lagg interfaces. You stated you can not ping the pfsense IP of another interface? Lets say lagg1 is 192.168.1.1, and lagg2 is 192.168.2.1 And your on a client on 192.168.1/24 say 192.168.1.100, and it can ping 192.168.1.1, and it uses pfsense (192.168.1.1) as its gateway? But can not ping 192.168.2.1? Lets see the rules you have on lagg1 interface.

Thanks for coming back to me, that makes complete sense. however we don't have the admin user logged in at all. I am thinking that this could be caused by CARP using the admin user to perform operations with the admin user. I believe this is most likely going to be expected behaviour. I'll look to filter out the logs.

That's what the device reported as its hostname. Normally the DHCP daemon wouldn't allow invalid text in there, but that's up to the ISC DHCP daemon, not us. We just list what's in the lease file.

@hechtd, disable RFC1918 Network. Go to Interfaces > LAN > Reserved Networks > unchecked Block private networks and loopback addresses (RFC1918 Network).

@Derelict I had my hostname already set correctly to pfsense. But I hadn't changed my domain name. After changing my domain name, it worked. Thanks.

Ok, well it doesn't appear to be actually pulling an IPv6 address or at least a gateway it can reach. Do you have IPv6 connectivity? The VPN gateway will show pending until the client connects, that's expected. Steve

@AKEGEC : your second rule : include TCP. Your first rule : WAN is blocking everything, even for these devices : @AKEGEC said in DNS leak: but for some odd reason Pfsense responds differently with different hardware so the default block all rule will do it's job. If for some "odd reasons" devices could penetrate the firewall I recommend changing the firewall and/or the person that admin's it.

Ok, that's pretty generic. No way to pin down stuff in netisr_dispatch really. The thing to check is if other crashes have the same or very similar backtraces and panic strings. However, and JimP said, ESXi 6.0 does't support FreeBSD 11 and hence pfSense 2.4. You really need to get that upgraded before doing anything else. Steve

@Derelict said in Pfsense won't boot after power failure: Boot to single user (S at the logo menu), press RETURN for a shell when prompted and run /sbin/fsck -y / Keep running it until fsck stops complaining (maybe three more times). Then /sbin/reboot/ Thank you for your input. I did EXACTLY has stated, except the last part. I had to type reboot instead of /sbin/reboot/ in order to reboot. After it booted back up, everything was working perfectly!

Right now im not running HA pair , i restore my firewalls and only one is up in standalone. I use Nat Outound in automatic mode Yes still have loss connectivity despite the fact that the configuration is at the minimum. Loss appear after hours. I see my gateway in ARP Table. still looking for solution... Thank you for helping me

Bump.. No comments about Jimp’s suggested solution Is unavailable when you use the the more modern and secure IKEv2 EAP based solution?

ok thank you, will delete rule

Yeah HAproxy would be the way to do it, and you can do ssl offloading so all the certs are managed in HAproxy, and sure use acme to do the certs, etc.