@tbbz8x8 said in Port aggregation:

I have absolutely no use for more vlans as I only have one device that uses Ethernet

@jknott said in Port aggregation:

Unless it's over 1 Gb, aggregation won't accomplish much

Even if over 1 gig, wouldn't matter lagg is not going to allow 1 device to use more than 1 physical path..

From the OP statements - other than a failover for failed port.. I don't see any use to setting up a lag.. And what switch is he using? Most likely since he doesn't have any vlans, just the 1 lan connection more than likely doesn't even have as smart switch capable of lagg, etc.

I would suspect some hardware off loading not playing nicely.

Things can get weird when you are testing from the host itself as traffic does not actually enter/leave the NIC. It not subject to the same path as traffic from external clients.

Steve

attached two trace, one of my ntp local server and one of pfsense box with the same server configured.

1_1531170243257_pfsense.pcap 0_1531170243256_local.pcap

@stephenw10

yes it was lastpass causing the issue. thank you.

No. If you needed to NAT on IPsec you would use the NAT in IPsec Phase 2 not Outbound NAT.

Once the Phase 1 (IKE) tunnel is up you can forget all about the WAN interface.

In your case, if you wanted to only pass traffic between those hosts you would probably want to make these Phase 2 Networks:

Local Network Remote network Host 192.168.2.61 Host 192.168.81.3 Host 192.168.2.61 Host 192.168.81.4 Host 192.168.2.61 Host 192.168.81.5

You can further enforce inbound connections with proper rules on the IPsec tab.

Seems like a personal choice.

When I run that command I see this in the system logs (reversed):

Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: pfB_Spamhaus does not need updating. Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: pfB_NAmerica_v4 does not need updating. Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: Starting URL table alias updates Jul 8 12:30:00 php-cgi rc.update_urltables: /etc/rc.update_urltables: Starting up.

Those are url aliases added by pfBlocker that point to lists of IPs.
Do you not see that logged for your custom alias?

Steve

When you select option 15 "Restore recent configuration" it will show you two options: view and restore. Select view and look at the previous dates that you want to restore. I think, it will show you 30 recent configurations. Type the number of the backup and press enter, wait a moment. Then try to login pfSense web gui.

I am back trying to solve this problem.

One thing I have noticed on the wireless clients is I can get them to connect to the VLAN ONLY if the interface is selected as the same as my LAN interface.

Example:

LAN is on igb1 (switch is patched to this physical port to port 1 on switch)
VLAN10 set to igb2 = No IP address on wireless device (phone)
VLAN10 set to igb1 = IP address connects and appears in DHCP table correct (192.168.10.100)

From there, the phone says "Connected, no internet" which leads me to believe the issue is with the firewall rules. I believe my Pass rule is correct but would like to know if I need to add NAT rules. A recent post in this category had a guy connecting a Ubiquiti AP to an unmanaged switch and he required a NAT rule as well as a firewall rule. I have attempted to duplicate both but cannot make it out to the internet.

As always the help is appreciated.

UPDATE:

Progress. The phone is now on the internet. I had to select the SECURE interface in the DNS Resolver in addition to the already selected LAN & localhost.

I still have the firewall rules but deleted the NAT rules I was trying to make. So I'm still looking for answers there.

ETA: IT WORKS!!!

I chased this all night but it came down to my NAT rules being set to manual due to an older OpenVPN setup. One click on Auto and all devices have internet.

Talk about a nightmare. I'll get to setting up the VPN later.

@gentlejoe This is what I can find https://forum.netgate.com/category/28/development

There are no tools in order to do so to one of those extensions exactly. As far as I know, you need something like this in order to proceed with this thing https://4000a-125-2-form.pdffiller.com/ that's actually an editing tool for pdf's but fits well for your purpose as well as it cost not that much as the other tools with these features

Thanks for everyone's response!
I have solved, I will use a machine with I3 / 8G / 500Gb.

On modern pfSense installs, there are a number of ways. The uname data as already mentioned, the contents of /etc/platform, the presence of the pfSense pkg, and likely dozens/hundreds of other methods based on the presence of certain files around the filesystem specific to pfSense.

The dashboard shows your CPU and memory usage. Watch your CPU usage when you run a bandwidth test.

You can also go to the shell and run 'top' to see how much CPU is being used.

hello friends,

if you are looking to setup PlayStation VPN then I have a complete guide on it. This is because with a virtual connection, not only are you a free gamer, but you can also stream endlessly. You are free to tap into massive nooks and corners of restricted content all around the world.

As of now, I think was able to achieve this firewall rule/s....what I did was allow the target devices to connect to Amazonaws.com IP Range, firewall alias URL's....so allowing connections to Viber.com, allowing connections to Amazonaws, then blocking everything else. The tricky part is Amazonaws got a couple of ASN.

Thanks a lot for your help Stephen!

I haven't had a lock up in the past few days. I am leaving on vacation for a week. I will report when I get back.

Hit the wrench top right from the firewall log page and it's an option there in 'Manage Firewall Log'.

It's likely nothing to worry about though.

Steve