@zsing82 said in Script not executing... command not found:

Debian boxes. BSD is a whole different animal

Actually, for the most part Linux and BSD are similar, in that they're both Unix variations. However, there are some differences, but nowhere near the difference between either and the Windows shell commands.

textdump.tar(1).0

might backup my config and reload it on a clean install. still crashing 😵

@fabiolanza I contacted the seller/company that confirmed the chipset was Intel made. I am waiting for them to list more so I can purchase.

Resolved by putting unbound into DNS forward mode, instead of resolver.

@carobell said in DDNS not updating, cert expired:

The problem seems to have been solved on my side.
Did a "save and force update" this morning with no change, tried again just now and it's updating!

Yepp: http://freedns.afraid.org/news/

Because of this: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

Steve

The J3455 is not powerful CPU but I would expect it to push more then 100Mbps of OpenVPN given a reasonable connection to the server.
You have to check top -aSH though to know what's limiting it.

Steve

Hi PiBa,

I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection

Under Advanced settings for the backend in Backend pass thru, I added this line you suggested
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

This appears to be working fine, since the older setting
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
was placed under the backend settings afterall.

Thanks

I figured out how to accomplish my goal, and I did not need to create a gateway or static route.

LAN is associated with 192.168.92.1 the switch ETH2 port, per the default setup for the XG-7100.

Opt3 is assigned to igb3 (Expansion Card)with a static ip of 192.168.93.1

I enabled the DCHP server for Opt3.

I added a rule that allows TCP traffic from Opt3 to LAN.

I added a rule that allows ICMP traffic from Opt3 to LAN

Now I can access the GUI from a machine connected to an ethernet port that is not part of the XG-7100 switch and pfsense response to pings from my PC with 192.168.93.10 to 192.168.92.1.

Doesn't matter which way you do it.. Be it your routed is native or a vlan.. Or if you change this one or add the routed space.

So easy, thanks :D

There is pretty much nothing different in 2.4.5 regarding the installation and configuration, Whether or not it has WAN access or not, etc.

In fact, 2.4.4-p3 and 2.4.5 use the same configuration version, 19.1. You can generally use a 2.4.5 configuration on 2.4.4-p3 and vice-versa.

Yes, the pfctl issue is a drag. 2.4.5-p1 will be released "soon." (When it's ready) and all indications are that problem has been solved.

@bmffsc said in redirect wan ip requests to lan ip address:

reaching through http://212.252.119.3:8092/OurApp/

Horrible setup!

Use a fqdn that resolves to this IP.. Now outside users can get to it via http://something.domain.tld:8092/ourapp where that resolves to 212.x.x.x. your public IP.

And internally it resolves to 192.168.1.100 or whatever you local IP of that server is. So the same bookmark works be it they outside or inside.

I had this same issue with my Zyxel GS1900-24e managed switch. It did not appear in the DHCP leases list, yet it was working like a charm. But I did not know its IP and thus couldn't connect to its GUi for maintenance, and I did not like that. Just for the record, and it may help someone after me with the same issue, here's what I did:

I unplugged the cable between the pfSense router (in my case, an SG-1100) and the switch.

On my Mac I configured static IP 192.168.1.2 with subnet mask 255.255.255.0 and then connected to 192.168.1.1 and there it was: the html GUI page of the switch. If this does not work, reset the switch by pressing the tiny reset button at the front using a paperclip or something like it for some time.

Then I configured the switch to use DHCP (in Maintenance > System > IP > Mode: DHCP). When that was done I configured the LAN on my Mac to use DHCP again and plugged the cable between router and switch back in. After restarting the switch its IP appeared in the DHCP leases list on the Netgate SG-1100.

@fishbone222 said in AddTrust External CA Root certificate has expired! Cannot update packages..:

https://forum.netgate.com/topic/154033/unable-to-download-available-package-list-cert-expired

That's useful thanks, worked for me! Seems problem is fixed now.