https://redmine.pfsense.org/issues/15470

Indeed you have to create a new certificate with the CA. You can't edit a cert, that would break the chain of trust.

@stephenw10 said in ZFS POOL UPGRADE?:

No I would not upgrade the ZFS pool.

Good advice. I tried it a while back and system became unbootable.

Sorry missed the replies here.

It looks like you're using the webgui cert as the server cert? It has to be a cert created against the server CA.

It also looks like the TLS key is different. Both ends must have the sane TLS key.

You also still have a bunch of routed tunnel settings like pushing routes and adding gateways. But I'd fix up the cert/key first before looking at that.

Steve

I found the issue I changed the OPT1 name and it would not change in the config.xml so it does not bind to the new name, I set it back to OPT1 after seeing that the config.xml did not recognize this as selected for upnp section of the code and it worked.

It is like the name change messed up somehow

restarting only OSPFD produced nothing but restarting the pfsense 2.7.2 box output this on pfsense+ 24.03

2024-05-06 10:56:04.896 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:09.660 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:11.667 [WARN] ospfd: [MS0DP-CEKYV][EC 134217751] Point-to-Point link on interface ipsec2 has more than 1 neighbor. 2024-05-06 10:56:22.682 [WARN] bgpd: [JG0WZ-7X009][EC 33554504] 10.255.255.254 unrecognized capability code: 128 - ignored 2024-05-06 10:56:24.339 [INFO] bgpd: [M59KS-A3ZXZ] bgp_update_receive: rcvd End-of-RIB for IPv4 Unicast from 10.255.255.254 in vrf default

@cometphoton said in Setting a different monitoring IP.:

what is the next hop in the trace.

I just did a traceroute to Google and picked the first address that worked.

AFAIK there's no way of reading the actual NIC chip temperature there. If the module reports a value that's the only thing you can check.

That can only be done manually currently. If you send me you NDI in chat I can remove it.

Did you try to open it with curl like I showed above?

@Unoptanio said in ARP TABLE Refresh time for Wake On Lan:

just add it in the /etc/sysctl.conf file?

Nope, pfSense doesn't use that. The system tunables table replaces it so add it there if you need to.

@stephenw10 - Right?

Thanks for all the help!!

There are several threads about boxes with N100 CPUs specifically where the default power settings in the BIOS interact unexpectedly with the speedshift driver in FreeBSD/pfSense.

@DominikHoffmann said in The oldest Netgate hardware still running pfSense+ 24.03?:

it’s good to know that in 15 years my Netgate...

By that time you may need a 128bit processor!

Responded in chat.

You would usually add VIPs (IPAlias) on the WAN for each additional public IP. Then change the outbound NAT rules to manual and add rules for the internal subnets via the appropriate VIP.

https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html#single-ip-subnet-on-wan

Steve

@stephenw10 Memories! Nokia ip530

@Gertjan Thanks , the trick at the end was "just " the cert , it is not mentionned explicilty in the post with the command but part of the actions to make.

For benefice of the Forum Q, command to run is

certctl rehash

This info is from PFsense Troublehoosting Manual
Solved !
Thanks !

Mostly it gives you access to the pfSense Pus pkg repos. It's the entry level subscription that does so.