Wow, there is considerable information you have provided, thank you! DNSBL reloads once per day at 15 minutes past midnight, 00:15. I am using KEA for DHCP services which does not contain the DHCP registration setting. Knowing the origional DHCP service is will be remmoved at some future point appeared to the best option. Service _Watchdog is not installed given the issues it creates. I added the service status to the dashboard for monitoring.

@stephenw10 exactly 7547 is the TR-069 service.

"is a bidirectional SOAP/HTTP-based protocol that provides communication between CPE devices and auto-configuration servers (ACS)."

Would seem quite possible that the isp device, ie the CPE is using this.

https://en.wikipedia.org/wiki/TR-069

@viragomann they are being processed by the floating rule
maybe I should get rid of the floating rule, at least that might help with future trouble shooting.

@netpatje said in Lost power, can't boot!:

No config.xml f...

See if you have a config file in /conf/backup...menu option 15 if it lets you use that.

A reinstall will use ZFS which is more resilient towards power loss.

@jminnebo Not sure about certs specifically but one can restore parts of a configuration file. Or copy/paste in the XML.

@stephenw10 I had to force reboot at the time to get back online so unfortunately can't try now but if it happens again I'll run a capture and check that. Thanks!

@Gertjan I have provided the system.log covering the duration from when I initiated a reboot to the first two lines of the next boot after I had to pull power as the system appeared to have gotten stuck. Is there a different log file which you're interested to see?

@jrey Thanks so much for your help and input it is very useful info to have to be able to put this into perspective. Sorry delay in getting back to you, was also working on a rules issue which seems to now be resolved. I appreciate your time and patience on this. I hope all that we covered will be of use to others in the future. Thanks again and have a great week.

@georgelza said in Network performance issue using pfSense v.2.7.0 running as router:

pkg-static -d update

ok... we're back cooking with gas, as the saying goes, got haproxy installed and my external exposed services are working again.

Would have been great if the restore allowed me to re-attempt the installation of previously installed packages.

G

@milindhvijay

A test, and you need the console or SSH to execute it :

On the main menu, use option 8.

Then :

dig @127.0.0.1 google.com

This test executes a dns request on port 53, 127.0.0.1. Unbound should be listening on that port.

Another test :

sockstat -4 | grep 'unbound'

This shows you on which interfaces unbound is listening.
I see :

unbound unbound 83642 5 udp4 *:53 *:* unbound unbound 83642 6 tcp4 *:53 *:*

which means : unbound listens on every (like "all") interfaces, for IPv4 and IPv6, on port '53' (of course), using TCP and UDP.

This means that this :

dig @192.168.1.1 google.com

should0 give an answer = the IPv4 of Google

Btw : I presume your LAN IPv4 is 192.168.1.1 - take yours if yours is different.

This :

dig @192.168.1.1 google.com AAAA

should give the IPv6 is you have a working IPv6 setup.

@axot said in Intel igb optimizations (EEE):

igb1: Connected to a WiFI Router
igb2: Connected to NAS (can be woken up via magic packet and goes to sleep when inactive)
igb3: Connected to Mac Studio (wakes up from sleep when needed)

These are end-user devices and not switches ?!!
So, in case of a power glitch, all interfaces will flap. That's normal.

@keyser Oh I see, thank you so much for your explaination, I went toward freeradius webpage and they did listed TLS only supported cleartext password. I have also made sure to disable weak protocol like MD5 or anythig less than TTLS.

Thank you so much for your time

@sstatjm Curious... Did you ever get this sorted out? I am building out the 3rd node for a ceph cluster and planned to use it in Debian (Proxmox VE) and pass it thru to my VM of pfsense kinda like ive been doing on two other machines in a cluster + CARP setup :-\

@stephenw10
Hi Steve,

Ok, I got around to this this morning. Your steps were all that was needed to install the alternative Realtek driver.

Was able to

install the new driver, activate it, and was able to see from the log that the new had been loaded successfully.

Both firewalls are now updated. I will need to wait a while to see if this resolves my crash issue. Hopefully this will.

Learnt a bit about freebsd in the process.

Again, thank you for your generous help.

Regards

Rudolf

Better to be overly vigilant! 😉

@provels said in RAMdisk or not?:

Can you tell me where these lists exist after reboot if they're not in the db directory?

the DNSBL you've highlight are with unbound.

@jrey said in RAMdisk or not?:

it backs up unbound

that is what is "providing" the DNSBL function

-- pfB just aggregates sources of data to build lists(alias) then used by unbound or rules. The data pfB uses is just the "step" between in that process of getting from source and using in DNSBL/firewall.

Source (Download) -> Originals (raw as provided by source) -> (Process to) (Deny, Match, Native, Permit etc) -> (provide to) DNSBL(unbound) OR (alias firewall)

(process to) = options like de-duplication, CIDR Aggregation etc -- not all options you've selected apply to all Originals. (check the info blocks, usually provided with each option to determine what happens for a given option)

so for example in the IP settings De-Duplication -- "Only used for IPv4 Deny Lists"

@zennb1 Thanks, but that did not work with my card. It seems though that any change I do to the settings, like shifting from Automatic to 10G full duplex, triggers som initiation of the device which resolves the issue. Disabling and enabling for example, has the same effect. But nothing that I do seems to "stick"... And since I have the driver SW as a shortcut it's quite simple to just run it...

Hmm, still unable to replicate it here without any optional fields on the CA or cert:

Multi-SAN-cert-3.jpg

Do you have all the recommended patches applied?

@stephenw10
No further crashes since carrying out those repairs etc so that's great.
36 lan in errors for 1.8 TiB of data of which the majority have come from that annoying intel wifi adapter!😤....