@artooro is it really true ? I saw it's conflicting with NAT port forward on 443.

And it's understandable pfBNG and DNSThingy both need to use it, no ?

@knebb
Final solution:
Outbound-NAT was misconfigured to always map to the VirtualIP even in backup mode.

Switched to automated outbound NAT and now working fine.

It's mostly less then %1 cpu load, but we are running on such an environment that any less latency is an important gain. So I am doing everything to increase the performance.

What is the performance gain when I disable it? %10?
and the risk that something may go wrong, such as not a successful reboot?

Look under Diagnostics > States and compare what you see for the remote GRE endpoint before and after reloading the filter.

@johnpoz said in SSL Certificates for Local IP address:

Does that method also allow for rfc1918 IP san entries? Or for a use of domain that is not valid on the public via tld, like local.lan, or single label domains that many users are found of

No, it can't have IP address SANs and must have a valid domain that exists in public DNS. The hostname doesn't need to be public, but the domain has to be registered/have name servers.

If so will have to play with this. But then again not too many switches and other devices have support for ACME that I have seen. Sot he local CA still has multiple advantages IMO.

Yeah, for that kind of thing it could be a PITA to constantly update them with the ACME cert since it wouldn't be automated. Local CA does win out in that scenario.

Yeah why would you be running 2.3.5, clearly you can not be 32bit limited. And your esxi is not even current either. But has mentioned its impossible to even guess without some details of your hardware.

Thanks JimP for quick response.. I normally don't play with this stuff - but did recall a major change with the installer on 2.4..

Yes, both interfaces are on the same system.

It's a Netgate SG-2440, so there are four identical Ethernet interfaces. I can use the wake command from the command-line on three out of the four interfaces. WOL from igb2 also seems to work from the web interface. Only wake from the command line with igb2 is giving the permission error.

@bumzag IP4 IP contain valid GATEWAY parameter?

Go to a website and if...

Comes back and says "site unknown/not found" = DNS broken.
Comes back and says "unreachable" = no Gateway, IP4 missing/wrong param(s).

@ink

You may find something here:
link text

If you set the primary console to be the video/vga console then most of the bootup messages would only go there.

The kernel startup messages always go to both, then the pfSense boot scripts output only to the primary console, and then all consoles get a menu.

Thx @jahonix
I actually see it ob Chome and FF, very annoying