@johnpoz said in Specific website access.:

when you leave off the www. is when wrong cert is presented

Could be worse...we recently got referred to a new small client having (among other things) email problems. Their email provider AFAICT deleted two email accounts on them, the webmail link on the provider's web site uses HTTP and displays a different client's home page (including a button to request restroom access...??), their actual webmail URL has a mismatched cert, there is no encryption available on the POP/IMAP email connections, etc., etc. Also the same email provider was "out of town on a job" so took a week to respond to emails and voicemails. But, ya know, they are not quite sure about moving email elsewhere.

Also the same client has been paying a different IT provider "for four years" for Microsoft 365 Apps, yet has Office 2021 (perpetual) installed on his PCs.

Just venting. Carry on.

Indeed, only Plus is supported in Azure.

@stephenw10 Oh, maybe I misread the thread I thought it wasn't sending the alerts. I'll give it a try once I have my LAN smtp server setup.

@johnpoz said in Is it possible to determine the internet speed at the router (netgate 2100)?:

You should order one and give it a go - let us know how it turns out

No way! I like my netgate 2100.

Witth the great help from this forum, I was able to configure 2 VLAN kind of setup WITH dumb switches (not managed).

@dennypage helped me to setup NUT as well. Thx Denny!

I only hope netgate comes with a similar product for prosumer along with 8 port POE++ switch etc just like ubiquiti. My understanding is netgate farms out hardware and is not manufactured in-house. Netgate needs to up their game !

Then I would still be looking at the actual packet captures in Wireshark to see what's not passing (or being sent).

@Gertjan

I have just done it and lived through it.

The messaging at the top (from the originator) is the same as mine with an Intel system set incorrectly to RAID access for single HDD, with a Pfsense install. (install of the system was with AHCI)

Invalid file system configuration for every Zpool based command.

Changing BIOS back to the correct setting (AHCI) resolved this startup issue, and the system continued to boot as usual.

So, whilst I agree, you would think such a change would lead to a completely non bootable system (and different trouble shooting) I can 100% confirm that it does not and lead you down a Pfsense install troubleshooting path (when issue is nothing to do with Pfsense)

Glenn

The new installer version (real soon now) can pass though the WAN config to the resulting install.

Hi,

I suffered pretty much the same issue,and given this is first google hit thought would update solution for me here in case it helps others.

Exactly the same as here:
https://forum.netgate.com/topic/184135/mounting-failed-with-error-5/7

Pfsense Plus power cut (backup exhausted) bad shutdown.
Then failed to start.
Root mount waiting for: CAM (lots)
Then:
Mounting from zfs:Pfsense/ROOT/Default failed with error 5
Error 5, as per screen shots here.

Any zpool command gave error
“Invalid file system specification“

I pulled PC, pulled drive, booted from USB Pfsense stick.
Pulled hair.
Could not seem to get to bottom of.
Was going to reinstall Pfense (not plus) from USB stick - no drive to be found other than USB (?). Was going to replace drive altogether.

Then discovered one post, in a forum, somewhere, which I will link to if ever can find again, talking about BIOS drive settings changed in power cut.

Solution:
Somehow power surge/power cut had changed BIOS to RAID for drives from AHCI. (interestingly did so for another PC I discovered later - Pfsense was first job - this was Windows PC and failed to Boot altogether)
Oddly here though - Pfsense partially booted - as above so for drive was readable for parts…. (Hence hadn’t considered drive issue)

Solution:
Check BIOS Settings
Hard Drives - Selection - AHCI. (not RAID)

Hopefully this helps someone else in the future.

Yeah can confirm, NordVPN speeds aren't quite what they used to be.... Still they seem better than most others. I hear ExressVPN may have slightly better speeds recently, but NordVPN is unmatched on getting good streaming IPs that aren't blocked.

@Jens-0 said in pfSense 2.8.0 ISO:

Hi all,

has anybody managed to download a pfSense 2.8.0 CE ISO? When I try to do so, I end up with a pfsense+ ISO. It would be handy to have a proper ISO for repairs or new installs.

Kind regards,

Jens

There is no ISO.

@Morphal said in Questions about log messages:

In case it's useful to know: the 5 and 6 after the fe80: in the link-local addresses is BSD notation for the interface index (the thing that's after the % on other OSes, for example %eth0).

https://docs.freebsd.org/en/books/developers-handbook/ipv6/#ipv6-scope-index

Very interesting. Thank you for the reply.

@cyberstudentnewbie if you’re not setting up HA so they are both on, one will eventually be a version behind so you’ll need to update then restore.

Same with a disk image unless you’re going to do it regularly.

If you’re just trying to get the same starting spot just doing a restore on the second will be much easier. A restore will install packages.

Hmm, interesting edge case though!

@stephenw10 wouldnt surprise me if either my hdmi cable or hdmi port is failing, I have updated to 2.8.0 fine now without issues, but still plan to test boot the installers at some point.

@stephenw10
As long as this temporary private IP isn't causing issues I don't mind at all.

At the end of the day what counts is, that things work properly - and even while the first test looked a bit odd it's looking like setting the floating rules' "State Policy" to "Floating States" did the trick...

Thanks a lot for your precious help! 😄

@stephenw10 said in How to scroll the backup restore list?:

The Scroll-Lock button should work for that on a directly attached keyboard/monitor.

Hit ScrollLock then use the cursor up/down keys. Retro-tastic! 😉

Steve

Amazing thank you !

@Proton

Check when the daily upload happens (If you have the pfSense Cron package, you can see this ) :

9d1fb2da-ac30-4d0b-84e8-717a95fa685a-image.png

So for me, at 47 minutes past midnight.

You could change your cron timing ?!

Btw : example : as you can see, the cron services page lists a lot of timed processes.
If one of these has as a side effect that unbound gets restarts - and close at that moment the execacb starts, then for a short moment (a coiuple of seconds), DNS won't be working.
That would explain your issue.
You could see this : in the resolver logs, you'll see the stop and moments later the start of the resolver.
In the system log, around the same time, you see abc start, and fail ... and now you know why.

Again : this is just an example.

@wifi-will said in Ruckus vSZ-H and 1 public IP:

I guess I would setup a rule for every site using a source rule right?

That would not be necessary, an alias can have lot's host aliases. You would add all the FQDN that go to one vSZ into one alias and the others in another alias.
And host alias can be a list of FQDN and IPs.

The FQDN get resolved by pfSense at a certain interval - not sure right now, every hour every 5 minute?

Addition: pfSense Doc: Hostnames in Aliases:

"The firewall periodically resolves and updates hostname entries in host or network type aliases. The default interval is 300 seconds (5 minutes). This behavior can be changed by adjusting the Aliases Hostnames Resolve Interval."

@stephenw10 I did another packet capture after this android effort so that previous capture is gone since it appears the GUI only maintains one copy. However, Everything is now working fine. I didn't fix this...it all just seems to work now after 2 weeks of pulling my hair out trying to figure it out. If/When it happens again, I'll get a better capture but I wanted to give you an update just so I didn't leave you hanging. Thanks for your help.

@Gertjan 😊