@stephenw10 I ran MTR for ~24 hours, 1 second intervals, behind pfSense to the Verizon address pfSense is monitoring. There was very little packet loss.

The pfSense monitoring has improved also. So, I'm going to assume it was some change on Verizon's side and it has been resolved.

@stephenw10 thank you! I went ahead and put a new device in service for now. Going to try formatting and reinstalling the original one and let it sit and run to see if it does it again. If it does then it will get a new drive and put in place as the backup.

@stephenw10 said in Sorting of Firewall Alias settings:

You wanted the port in numerical order? The description in alphabetical order?

...alphabetically by number? (which I see occasionally and annoys my mild OCD)

@CreationGuy The brute force way would be to edit the config file and restore... I would think it's just in config file order.

Oke i tested it with a backuped VM of my OpenLDAP server and the memberOf overlay module is not needed it stil works without that module 💃🥳

So traffic from pfSense is being routed over OpenVPN on the host machine? I'm not sure WireGuard would be able to connect over OpenVPN to the same provider. I could imagine routing issues.

@virusbcn that will lead to asymmetrical traffic flow. And the return traffic to the other pfsense would have no state.. Even if you created a transit between the pfsenses.

Use 1 pfsense, create 2 different lan side networks that your pfsenses have a transit network to talk to each other to get to each others networks. Do source natting of the traffic, use host routes on your devices.

There are many ways to skin this cat.. Pick one of the ways. The easiest solution is just to do a source nat, an outbound nat on the pfsense doing the vpn so that clients you talk to on this shared lan think the traffic is just coming from that pfsense lan IP.

Hello!

You could try qemu-img

qemu-img convert -O qcow2 in.iso out.qcow2

John

You don't mention a switch configured to separate the VLAN. That's what I'd expect to find.

You're awesome @stephenw10.

I was able to add a rule above my other rule to pass all to my LAN subnet first, and now it seems its all working as expected.

The learning curve for pfsense is steep (or just understanding firewalls, NAT's gateways, rules, etc in general).

Appreciate you holding my hand and helping me out!

@zkhcohen, thanks for the pointer. I was having this same issue and came across this post from Google. The issue you linked to I think describes the problem pretty well. If it keeps getting removed we might need to add a cron job to keep adding it back for now as others did for https://redmine.pfsense.org/issues/14374.

@stephenw10 Thanks! This solved my problems!

@stephenw10 makes sense, will look into all this. appreciate your help!

@akashphx said in Router Recommendations:

I'm looking for 2 router recommendations. One for my home and several for my business.

You might consider one of those mini PCs that are popular these days. I've been using the one described in my sig for about 3 years.

@Gertjan

I run the following command via the console

/etc/rc.php-fpm_restart

Yup that^. Just be sure that your outbound NAT rule is highly targeted so it only ever matches traffic trying to reach the modem.

Well if we look at how dpinger is called in pfSense, for example

/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 172.21.16.226 -p /var/run/dpinger_WAN_DHCP~172.21.16.226~172.21.16.1.pid -u /var/run/dpinger_WAN_DHCP~172.21.16.226~172.21.16.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 172.21.16.1

And at the man page: https://github.com/dennypage/dpinger

It appears the values are available on demand (-r 0) whenever it's called.

@nfaheem said in Trying to Access Home Assistant from outside network:

but recently tried to migrate to Home Asisstant and using their cloud service, I still cannot using certain services because my network blocks traffic.

If Home Assistant has a cloud service then I wouldn't expect any of this to be necessary. Everything would be accessed via the cloud. I could be misreading that though.

Create the file /boot/loader.conf.local. At the command line run: touch /boot/loader.conf.local
You have to use the .local file so it is not overwritten by the system.

Edit that file and add the line:

i915kms_load=YES

From the command line you can use the Easy Editor: ee /boot/loader.conf.local

That will load the driver and may be sufficient. Deppending on your hardware you may also need one or all of the following lines:

drm.i915.enable_unsupported=1 kern.vt.fb.modes.VGA-1=d kern.vt.fb.default_mode="1024x768"

It's seeing the 2.5 version. You should normally see that as an available upgrade on the dashboard. If that has been disabled you would need to visit System > Updates.

But from such an old version you should consider installing 2.7.2 clean and restoring your config.