You will continue to have problems as long as you're on 2.3. That was only current for about 1 month waaay back in April 2016: https://docs.netgate.com/pfsense/en/latest/releases/versions-of-pfsense-and-freebsd.html#id7

You could try creating the file /boot/loader.conf.local (if it doesn't already exist) and adding to it the line:
kern.smp.disabled=1

Then rebooting. Otherwise you might have to disable all but one CPU core manually which we did as a workaround at the time for a few systems. It was fixed for 2.3.1.

Steve

So I wasn't able to figure out exactly what the problem is because I reinstalled pfsense completely and it did the same thing but I tried using a different old pc and switched my intel network card over and now it's working again, i guess it has something to do with the other pc, no idea what though.

Use policy routing
https://docs.netgate.com/pfsense/en/latest/routing/directing-traffic-with-policy-routing.html
https://docs.netgate.com/pfsense/en/latest/book/multiwan/policy-routing-configuration.html

Hi,
I have upgraded to 2.4.5.
please find screenshots requested below.
still does not authenticate.

24c8657b-7bef-4d5e-9656-dddeb6686050-image.png

58141b71-156b-465b-97d7-71340053b0ec-image.png

There isn't any way for the firewall to tell two MACs apart. You'll need something more. If it's that bad, you need L2 auth (802.1x) in your APs, not firewall controls.

@markgca said in SNORT Enable Performance stats not working:

When i check the "enable performance stats' feature on Preproc page of services/snort/interface, the interface restarts but never quite gets there.
Turn that feature off, and it works again

i have several snort instances running on different vlans and they continue to work.

Is this indicative that i need to allocate more space or change some option? i have 24gb of ram, and only about half of that is used.

thanks for any thoughts

Have you looked in the pfSense system log to see what, if anything, is being logged by Snort when attempting to start it?

Are you running the performance stats on those other instances successfully?

You will generally have better responses to IDS/IPS package questions when you post your inquiry in the IDS/IPS sub-forum under the PACKAGES section here on the board.

Hi all,

Looks like the GPON gateway had locked on to the previous devices hardware address. After power-cycling it the latest version connected without issue. (Piece of junk unnamed cheap manufacturer). May be good to get some output added as to why the process is terminated, to assist others - if there is anything useful that can be logged - just an idea. Very happy now PPPoE is running as it should! :)

Please mark as solved and close thanks.

Hello!

Maybe some variation of :

awk '{print "0.0.0.0|0" > FILENAME}' /cf/conf/dyndns*

...in a cron task?

John

@jasonsansone
I just acquired a sg-3100 and currently struggling to identify how to implement the hardware. Preferably I would rather replace the Pace hardware from AT&T with the 3100.

Note: Currently, I have the Pace in use with a netgear router in bridge mode.

Traffic is neither passed nor blocked. It is matched. You can do things like assign a queue or a tag or log it but it does not change the pass or drop status of the traffic.

quick has no bearing on match rules. They always flow though and rule processing continues.

have you checked the wan drivers ? Idk, I have never experienced anything like that. I am playing a lot of CS GO and everything is fine. I am sure that there is a software problem, maybe you should reinstall the drivers. By the way, when you will solve that problem, we could play together a couple of games. If you have a very low rank it's not a problem, you can always use a rank boosting service like eloboss.net. If you are interested, leave me a message! It's going to be really cool! I am waiting for your message, dude!

The driver built in to FreeBSD for Realtek chips will crash under load. You can use the latest official Realtek driver to achieve stability, but if you already got Intel cards you're better off anyway.

A device with a Celeron CPU and 8 GB of ram wouldn't be my first choice to install a hypervisor on. Not to mention, the Realtek NIC's aren't doing you any favors either. The first thing I would do is install PFsense on bare metal and blow Proxmox away. Also, if that ZBOX is modular, grab some Intel NICs.

@iberiaerik did you reboot the firewall since enabling the proxy? I believe this is required.

@beria-pl said in Issues after upgrade 2.4.4p3 to 2.4.5:

@bmeeks

Thanks - works like a charm, after setting up 1 vCPU on both.

At least it working now for 30 minutes without any issues.
Is there any timeframe to expect this fix? Or in longer-term it may be better to wait for 2.5.0p1 ;) and now survive with 2.4.5 or downgrade to 2.4.4p3 ?

I am not privy to the release dates as I am not affiliated with Netgate. As with pretty much every software company out there, Netgate is usually tight-lipped about release schedules (at least ones with very specific target dates). I suspect companies do this to minimize flak in the event they miss the release date due to unforeseen issues that may crop up.

I personally don't expect a long delay in the 2.4.5-p1 fix for this issue, but whether that is later this week or several months from now, I have no idea. If one virtual CPU appears to be working for you, then I would suggest staying on the 2.4.5-RELEASE and not moving to 2.5.0-DEVEL as that branch understandably may have issues crop up -- especially if you keep up with the snapshot updates.

The upstream FreeBSD guys merged the fix into FreeBSD-11.3-STABLE on May 11th, and so far as I can tell from the Github updates, the pfSense team is keeping up. So maybe the fix release won't be too far away.

Restarted the Virgin Superhub 3 last night and it's great again, we monitor again, but it will start to degrade later today or tomorrow as others have mentioned.

If I set back to just use their Superhub as an all in one again all is fine, it has to be something to do with the hub in modem mode and the way it talks to pfSense.

Sorry for troubling you guys. I got it solved by adding following line to the moodle config file. (Instead of using a hardcoded IP)

$CFG->wwwroot = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/lms';

@Rico Thanks.. I saw LAN when I read the OP the first time.

^^ what Rico said. :)