@jhg You could edit the /conf/config.xml directly. Search for 'spoofmac' and the first instance should probably be your WAN.
https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html

@GPz1100 said in Empty Message-ID in SMTP Test email?:

As I understand it, so long as there's at least one valid tlsa record, then it's all good?

That's what I do, I publish the four (5 ?) "2.1.1" hashes that could be used by LE to sign my certificate. As long as one of them matches, the TLSA validation will work out : example :

039e2d13-3531-42af-b85e-674d67acd371-image.png

@alban4 I'm happy it worked :)

@michmoor happy it worked.

I wasn't sure how it handles adding other interface(s) later. And gave it a go on testing pfSense CE.
If you ever add another interfaces (virtual, pppoe) it will end up as the lowest, free OPT. OPT5 in your case on the backup node.

Ha

Nothing fixed yet for a release.

Currently it's using 23.7:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/globals.inc#L85

@stephenw10 ok thanks will schedule the update once I’ve backed up some files and got a copy of the firmware from TAC support.

You're only seeing that because you're running the custom package notification script. Most users don't see that and don't need to. The pfSense-upgrade package updates itself when it's run at upgrade.

But you can update that anytime without issues. It's only used at upgrade.

@CatSpecial202 said in Allow only ssh login for admin:

Is it possible to enable SSH login via public key for the admin user?

Not only possible. Its imho pretty mandatory.

Any every server device you use, rent, buy create, uses initially a SSH connection, and the admin (mostly root) + password is send to you.
Or you created these when installing the OS.

Os soon as you enter the first time, you create cert. Export the public part to yoruself, so you can use it with your SSH client, for example Putty.

The 'admin' user on pfSense should have this part :

f6007dfb-5168-45c3-94ac-6a40cb5ad49d-image.png

and then you select (again : pfSense) :

7afdc234-f7df-4035-8ef6-381c4dc4708e-image.png

and from now on, your SSH client will be needing the exported cert to be able to connect to pfSense :

69e4ee4d-b341-4809-a487-237a2f376f0a-image.png

and I have to type in the password == passphrase of the cert, not the admin password.

Do this with pfSense, and any other device you can connect to over SSH - if possible.

edit : don't even bother grating other users access to pfSense with non admin accounts.
pfSense is a router, not some multi media file server.
I always recommend severely creating an ssh admin pfSense so you can have access, when needed.
Some will then never really use it afterwards.
Other - like me - use it several times a day. As I use the same connection with for example WinSCP, so I can explore the file system, and look at things like using Windows explorer. Don't ask me why ^^

If needed, block the SSH port TCP 22 to some known LAN IPs.
Lock your own devices, the ones you can use to connect to pfSense, with a DHCP MAC lease, so from now on they will always have the same IP.
Throws these IPs in a Alias.*Use this Alias to create a LAN firewall rule.
From now on, only these IPs can use the pfSense SSH port.

Read security nerds will use a dedicates admin LAN, and connect to this LAN with their device to access pfSense SSH.
Now lock your pfSense into a safe. Lock the safe. Done. Now you're close to what they use at Langley.

Hmm, that output looks as expected. There is no significant CPU load shown.

Does it only appear when checking the dashboard in the GUI?

@Gertjan
Well, thanks. That did work:

[2.7.2-RELEASE][root@router.somesite.com]/root: fetch --ca-cert=/var/etc/cert.crt https://router.somesite.com/android-chrome-192x192.png android-chrome-192x192.png

@erfggi 👍 Thanks.

The size and usage are shown on the dashboard in the Disks widget.

Screenshot from 2025-01-15 13-05-33.png

@jimp say you use a second drive for logging should it be gpt and ufs what would be the newfs?

@Mushvan said in Why is my pfSense Firewall Lagging and Giving 504 Gateway Timeout Errors?:

But should pinging 60 interfaces really be this difficult for pfSense?

Wow .. 60.
A small script file that send a ping packet every ... not sure, 250 ms or so, and even 60 of them, that's no big deal.
But when one, or more of them get triggered because the interface and/or isn't there anymore ... dpinger will take action : it will reset (like pull down == destroy and pull up == recreate) the connection.
And now for the fun part : this will have a cascade effect on other processes, like nginx and unbound, just to name two of them, that will also get restarted. I've this 'feeling' that the 'mess' this creates goes up exponentially.
Your router is lagging, spikes to 100 % core usage etc ? I'm not very surprised.

I don't have the hands on experience, as I'm just a "2 WAN and 4 LAN ports guy", but If I had to 60 interconnections , 60 interfaces to manage, I wouldn't take that "Swiss Army Knife" firewall router called pfSense, but something more bare bone like TNSR ?

@stephenw10

yes I believe I believe it's stopping at the loader prompt.

I will test it further again with it unplugged, change of cable and so forth.

I have a couple of the RJ45 to USB cables including an office Cisco cable.

@Gertjan said in Console connection halts reboot:

@stephenw10

Nice catch !
The issue looks like this : 24.03 no auto boot.

I'll have a read, thank you.

@stephenw10 said in 4100: pkg: An error occured while fetching package:

Looks like there were some backend issues earlier today but that should be resolved now.

We noticed 😊

Nice. Significant!

Yeah we are looking at how best to handle this going forward.