It depends who/what the users are. If they are real people they usually let you know pretty quick when things don't work. If it's IoT devices etc you have to test yourself. As with all things it's a question of security vs convenience. Though the actual security benefits are questionable at best and the inconvenience is significant so.....

@abuttino there was a really long thread a while back about - android seems to be very problematic with trusting CAs https://forum.netgate.com/topic/180369/freeradius-eap-tls-android-13 Only android I had to work with was a lenovo tablet.. Using an older version of android. I use eap-tls with chromebook and ios phones and tablets and my windows pc without any issues.

Thanks for all the great suggestions. Found that the log issue was with PFblockerNG with log files being huge, reset the logs and we are now at a normal level . Thanks CJB

You don't need to know anything about Python. That just sets the module Unbound is using to import the lists from pfBlocker.

@rheritier yes as long as IPv6 clients know where the proxy is your good to go.

@stephenw10 I tried again today. This time I used my latest config backup in version 2.6, deleted the said rule and its duplicates (size 398KB), and then rebooted. It booted up properly with config size 399KB. I initially got no internet and later found my LAN interface rule, which allows any sources/ports was missing. Adding the rule back and the internet was back. I tried changing a few configurations and the config file has not grown like before. I'll keep monitoring whether there will be any other side effects. Thanks. update on Oct 2, 2023: The problem has been permanently fixed, though I don't know how such Openvpn wizard creation xml section was there.

Thanks for your help Steve. Ujjwal

@Vinatra configuration wise - we simply edited the config file and put in the IP of the Wazuh server That was the full extent of any configuration

@stephenw10 thanks I will try it out. I appreciate it.

@cornerstonefound said in Noob q what ip should show in iplookup, still my dns ip or firewall lan ip?: Btw, your profile pic is satanic Ok -- sorry don't like it, I think its cute.. And btw it's the mascot of bsd, which is what pfsense runs on a flavor "freebsd". So guess your saying pfsense is satanic.. Maybe it will take your soul if you use it? https://en.wikipedia.org/wiki/BSD_Daemon His name is Beastie btw.. It has taken mine ;) I know Jesus, he lives down the street - his wife makes great freaking tamales!!

@Trent2458 This ended up fixing it. I was trying to connect while on WAN, connected to my LAN and it started working

Both could be DHCP. The 4G router would be handing a DHCP lease to the pfSense WAN. pfSense would be handing DHCP leases to the clients on it's LAN. The link between the pfSense WAN and 4G router could use static addressing instead but I would use DHCP initially. Steve

@tman222 said in PPPoE - Single Core - SMT / Hyper Threading On or Off: Xeon D-1718T I went with the D-1736NT (8-core QAT) wrapped in the very familiar Supermicro short-depth design (SYS-510D-8C-FN6P). I did look at the 4-core QAT version for the lower TDP but they were exceptionally hard / impossible to find in the UK and not much cheaper than the 8C. No doubt I will end up running a few things on it so the extra cores will probably get to stretch their legs at some point. The rest of it will come from stuff existing I have kicking around - a couple of 16GB RDIMMs, Optane (M.2 and/or U.2), slimSAS to 4x or 8x SATA SSDs are all candidates. These things always tend to get 'played' with. Tempted to try Proxmox too.

Ah nice result! Yeah that can be hard to get past if you think you've already disproved something.

@stephenw10 This was the golden suggestion. All works now. In the advanced settings I changed to using VGA console as default console, so using VGA works again, which was the behavior I initially expected. Thanks for responding!

Sure I can check that. Send it in chat

@dennypage said in Avahi not restarting at boot: I expect that you are using DHCP to acquire an IPv6 delegation from the WAN, and then using it to configure internal interfaces via Track Interface. Unless you are using fully static IPv6, I would recommend that you do not use IPv6 in Avahi. You don't loose anything by having IPv6 disabled in Avahi, and many devices that depend upon mDNS won't use IPv6 even if it is offered. IPv4 works just fine. On pfSense 23.09d-20230921-1219 Avahi does now restart at boot with IPv6 selected. Hurrah! ️

Powerd (with Speedstep) works fine but only if you disable SpeedShift since it takes priority. But you should use Speedshift on any CPU that supports it, it's much better in almost every way.

Hmm, what's shown in the logs when you connect/disconnect the ports?