Check out https://pkiaas.io. You can use SCEP to automate certificate renewal on your endpoints with MDM. There is also a self-service certificate options that use mTLS to authenticate renewal using the existing certificate.

@jackyaz

Is this of concern /* duplicates are ignored because keys must be unique */

@stephenw10 Ok I'll keep that in mind.

So I was able to use the console to go to an earlier configuration, reboot, and I was able to get into the WebGUI. Proceeded to immediately make a backup configuration on file just in case. Phew! Thanks for that suggestion, and thank the Devs for having such a feature available. Truly a lifesaver!

Next meeting we're gonna take it slow and only forward the ports that he needs. Maybe he won't need all of them.

@R-Mana So everything was correct and the VPN tunnel worked as expected. But I have a different problem to which I created a new post.

Try mtupath
mtupath www.detran.rs.gov.br

I have had similar problems some time ago, this was happening with IPv6 enabled but some sites were ipv4 only, so after mtupath discovery I have changed the MSS to 1352

BTW I have zero problems opening www.detran.rs.gov.br in firefox also, but not in edge.

@stephenw10 but THANK YOU 🙏 for your invaluable knowledge and desire to help. You really are indirectly one of the invaluable qualities that makes pfSense such a fantastic product.

@stephenw10 Actually I was just able to get it to work.

I logged in via my phone's web browser then switched to the app and got in just fine. Why, I have no idea, but it's working.

Thank you for your assistance!

Potentially you could use rules matching by priority tags perhaps. But you would need to be able to tag the traffic from the application in the client. Not something I've ever tried.

@stephenw10 I'm looking forward to the 25.03 version and will test it right away. Thank you for the information

@sensewolf restart the gui

restart.jpg

And yeah if your using acme for your webgui - then that command @Gertjan shows should be in your acme client.

I don't have it because I don't use them in my gui, only for my haproxy stuff

guirestart.jpg

Yes, that applies to the local side where the VPN would effectively be the other WAN.

At the remote side you just need firewall rules to pass the traffic coming in over the VPN and outbound NAT rules to translate it at the WAN. The OBN rules may already be added.

Try routing some traffic from a single client. Start a ping to something unique then check the states at both ends.

General Motors makes Chevrolets.
And Cadillacs.
EOF

Oh, yes indeed. And by far the easiest! 😁

Then the ISP router must be configured to forward traffic to the Sonicwall. It might be forwarding all traffic (a DMZ style setup) or just forwarding the required ports for the SSLVPN.

You need to setup similar forwards to pfSense.

But, yes, a better setup would be to eliminate the ISP router entirely. That may not be possible though.

@SteveITS said in host in alias used by firewallrule refuses to work:

@a1aba ...you're welcome...?

¯\_(ツ)_/¯

thanks for the help of course!
vereybody who helped thanks for the effort 👍 😊

No, patches survive a reboot. They may not survive an update but, yes, this would be in 25.03 anyway so you shouldn't need to do anything.

https://redmine.pfsense.org/issues/15544

That seems to cover what you're asking. You can add comments there.

@Fandangos said in DLNA discovery doesn't work:

I am not using the wan port. I'm using the first lan port.

Ok perhaps I found pictures from a different model router than the one you have. The one I found had one orange and four blue ports.
But that's good, you need to be connected to one of the LAN ports. And even though some routers these days have an "AP Mode", all you really need is to turn off DHCP to make it function as an AP.

So I guess, problem solved right?

@stephenw10

Thanks for the replies and insights. So far it's been over 24 hours with no issues. I'll report back after a longer period of time if issue re-occurs with details.