The important thing is that it uses a globally routable address rather than the WAN link-local address automatically. So you only need a public address on any interface for pfSense itself to have IPv6 connectivity.

@darcey

Cool !

[24.03-RELEASE][root@pfSense.bhf.tld]/root: ppp-uptime.sh ovpns1 93693

uptime of my OpenVPN server ...

Try manually reloading the ruleset in Status > Filter Reload. See what errors are shown exactly.

Steve

Module/library errors like that are almost always because pfSense has pulled in newer pkgs somehow. Did you ever select the 24.08 update branch?

Those could also be logged during an upgrade. Did you upgrade to 24.03 recently?

It might be set to use the serial console as primary. It would usually show the console menu on both consoles if it boots correctly. You can try forcing the video console at boot:

https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html#booting-with-an-alternate-console

Yup we can convert that for you if you open a ticket: https://www.netgate.com/tac-support-request

Otherwise you should be able to import the old config whilst checking the 'preserve switch config' option and then reassign the interfaces as the VLANs. But I would just open a ticket!

Steve

Hmm, well I'd try a packet capture on the tunnel and see if the download is being fragmented or there are retransmissions etc.

It uses the ssh key which should be in the backup config.

I assume you mean the ACB key? If you send me the NDI or Hint/Identifier in chat I can try to look it up for you.

Steve

As a test try just linking two ports together directly and then check the link state at the CLI with ifconfig -v.

There shouldn't be an issue linking at 1G. You may have a bad port.

@stephenw10 Ah, I see. Thanks!

@tomasenskede said in The renewal of certificates does not take place:

So, why didnt the auto update ran

It did :

f55ea3b5-5e4b-478f-aed9-8a88b7fd89c8-image.png

or was to you, at 03h16 AM (middel in the night for me) clicking on 'run' ?

@denitrosubmena said in Where are .iso (not .iso.gz) download files?:

upload files from your computer because they dont want risks

How does that in anyway mitigate risk?? I just serve up my "risky" iso from my machine, or anywhere else on the planet - like some cheap vps, etc.. With for example the tiny little exe that was linked to that provides a http or https server, hfs

Now if they did something that checked that hey the https url is to a legit company that provides distros ok maybe it some very slight risk reduction..

Well Ok, I resolved it.

The backend for cockpit (port 9090) must be encrypted. And the only acceptable healthcheck is Basic.
Also, once the backend is updated, I had to change its name and reallocate it to the front-end rule with the new name. There must be an issue with the cache.

For reference one other thing you could have tried there would be to run at the CLI:

pfSsh.php playback generateguicert

That should create a new cert and assign it to the webgui.

Bug to track it: https://redmine.pfsense.org/issues/15684

@stephenw10
The ping graph is on a 500/100 connection. Each of my players connected to the game server use 250kb/sec so even on a busy night, I'm maybe using 5mbit of WAN and on my 100mb upload, that shouldn't cause any saturation. I'm sorry the Netgate 1100 doesn't have the horse power required for 5 friends to play games.

Thank you for your time and feedback. I don't think this product is strong enough for a home network, I'll look for a more powerful router.

@Gertjan hi sir

noted on this sir and thank you.

cheers

@meowmere said in What is the best way to protect this network?:

but what does pfSense do in the background to prevent outsiders from entering the network, how do they work exactly?

Dangerous question.
As it shows that you don't know what a firewall is.
pfSense, or the firewall used by the router from your ISP, or any other firewall (router) out there, behave the same way.
IMHO, the fastest way to understand what happens, what this is, a "statefull firewall", install "Youtube", search for "what is a state-full firewall", hit enter, select the videos that have 'zillions' of likes, watch them all, and done.
Be aware, a couple of decades ago you had to visit Havard to know what you know now.
It's as easy as that.

How do they filter outbound and inbound data?

Everything initiated from the outside, also known as the Internet, is blocked.
Everything initiated from the inside, also known as the LAN, is passed.

With you doing nothing more, without changing any settings, without you activating any pfSense "gadgets", if the LAN users behave as real adults, you're job is over.
Keep in mind : it happens a lot : the real security problem of a network can be the admin itself, because he doesn't know what he is doing - or worse, he thinks he does ....

@meowmere said in What is the best way to protect this network?:

I am in desperate need of information

Not that hard to find.
Half the planet is now hooking up his home, small company or what ever else to the Internet.
Everybody has the same question.
The most discussed subject on the Internet is ... not the new car of the neighbor, or who win the elections, but Internet itself and everything related.
It's like playing chess. There is no short cut, not brain implant possible, no miracle solution.
It's the good old ancient process : you have to take some time, sit down, and learn.

Ah, nice! 👍