@dhenzler said in pfSense HAproxy system adjustments need a shell command:

tune.ssl.default-dh-param

Does that exist without a value? Or with a value too low?

What do you have set for it here?
Screenshot from 2024-04-10 04-00-44.png

Steve

@stephenw10
I will attempt to find.

You don't have to run a controller at all, the AP can be configured from a phone app. But there are some features that do require a controller running so most users do.

@stephenw10

Just an update for you stephen. ATT offered to replace the att gateway (router). I didn't think it would help/hurt so i ended up replacing it. Ill be....
Its been stable for well over a week.
Replacing ATTs equipment ended up solving the "issue". Why? I dunno.
Why did a bad gateway ended up crashing my 6100? I dunno.
Its fixed tho..... yay.

@stephenw10 thanks, I happened to come across that last night and it works good.. my only concern is when I updrade to a 6ghz band access point then I would need to move over to wpa3 and that does not support PPSK (as far as I know). I am just trying to see what method should I move forward with.

@teicors On AWS Plus is licensed per hour, above the VM cost. So right, if you don't like it you can terminate it.

@DominikHoffmann said in What is the meaning of this dpinger log entry?:

What does this mean

For future reference, see here.

As @stephenw10 noted, the issue is that your immediate gateway (default route) is not reachable. A much more basic problem than what IP you decide to ping.

As for choosing a target, I usually recommend performing a traceroute to 1.1.1.1 or 8.8.8.8, to help choose a target inside your ISP's infrastructure:

traceroute -I 1.1.1.1

Look for an address that is a hop or two inside your ISPs infrastructure and has fairly consistent response times. YMMV.

@stephenw10: Thanks very much! Excellent point!

@stephenw10

THANK YOU VERY MUCH for helping me analyze this weird issue and what finally lead me to solution! Your support and input was amazing! Thank you!

Yes. 😀

Nope, it only blocks connections coming into the WAN sourced from a private IP address:

# block anything from private networks on interfaces with the option set block in log quick on $BT from 10.0.0.0/8 to any ridentifier 12006 label "Block private networks from BT block 10/8" block in log quick on $BT from 127.0.0.0/8 to any ridentifier 12007 label "Block private networks from BT block 127/8" block in log quick on $BT from 172.16.0.0/12 to any ridentifier 12008 label "Block private networks from BT block 172.16/12" block in log quick on $BT from 192.168.0.0/16 to any ridentifier 12009 label "Block private networks from BT block 192.168/16"

Thank you everyone, I figured it was safe to do so but wanted to ask before I committed, much appreciated!

And yes @keyser I am not talking about removing ix0, just the assignment for it.

@Jarhead I could go this route but I'd rather just remove it TBH.

@stephenw10 I'll get that submitted tonight. Thanks for talking through this with me. 🙂

For example using the Network tool in Firefox shows how long it took to open the page and which components took time:

Screenshot from 2024-04-05 13-04-54.png

Other browsers have similar tools.

Ok so only for file transfers? You can access the server correctly otherwise?

Do you see that traffic passed by the correct rule on WAN2?

@Gblenn The patch seems to be working here, as well. Thanks to you and @stephenw10 for your help. Much appreciated.

@stephenw10 --- After making the subnet change to the pfSense LAN, that resolved the connectivity issue. I now have an issue with the NordVPN config, but I'll create a separate thread for that. Thanks again for the help!

The problem lies in the router, I tried another Internetconnection and it works fine. I'll contact my ISP. Thank you for your help!

@stephenw10 I don't want to praise the day before sunset but the new RAM may have done the trick! So far, the router has been stably running for almost a day without crashing!

Thank you for your support and for deciphering the crash report.