If you want to confirm that definitively, then you can always check which library versions both haproxy and the openssl command you run link against, such as:

[2.4.0-BETA][root@master.dw.example.com]/var/etc: ldd `which haproxy` /usr/local/sbin/haproxy: libcrypt.so.5 => /lib/libcrypt.so.5 (0x800995000) libz.so.6 => /lib/libz.so.6 (0x800bb4000) libssl.so.8 => /usr/lib/libssl.so.8 (0x800dcb000) libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000) liblua-5.3.so => /usr/local/lib/liblua-5.3.so (0x80166d000) libm.so.5 => /lib/libm.so.5 (0x8018a8000) libc.so.7 => /lib/libc.so.7 (0x801ad3000) libthr.so.3 => /lib/libthr.so.3 (0x801e6f000) [2.4.0-BETA][root@master.dw.example.com]/var/etc: ldd `which openssl` /usr/bin/openssl: libssl.so.8 => /usr/lib/libssl.so.8 (0x8008a2000) libcrypto.so.8 => /lib/libcrypto.so.8 (0x800c00000) libc.so.7 => /lib/libc.so.7 (0x80106d000) [2.4.0-BETA][root@master.dw.example.com]/var/etc: openssl version OpenSSL 1.0.2k-freebsd  26 Jan 2017

Well, I just realized when my dhcp server machine went down, that I have a lot of services redundant or in failover mode, but unfortunately not dhcp. So I was looking for an easy way to do it, and one option was the pfSense machine (where I quickly put up a dhcp server with another address range as a quick fix).

Since I had that running, I wondered if I couldn't just use it on a more permanent basis. I understand from your reply, however, that the pfSense implementation was not meant for this. So I'll probably just take some other machine already running here.

Yes, it's something you shouldn't need for a home setup. Unless you are the only one who can fix such things in a family, and if you're at the same time away frequently for days or weeks even. And leaving the family with no working IT is not always something they appreciate.

I'm a moron. There is a 64 bit version available here: fetch -o /conf https://sites.google.com/site/pfsensefirebox/home/WGXepc64

This should fix any issues in case someone Googles this.

1: You should search the forum vigorously - this setup is discussed for more then decade literally
2: you wire your WAN to the switch, changing this port to some separate VLAN (so packets from ISP are marked with this VLAN), and on the port on which you connect your pfsense you should add this VLAN to tagged list.

Problem found!

netstat -r

revealed that an openvpn P2P tunnel was inserting some routes when it refreshed, and the static routes were getting overwritten.  Only affected the secondary.

OK, Stupid mistake. SOLVED

#1 enumerating"memberOf=CN=pfSense_admins,OU=Service-Groups,DC=example,DC=com" is NOT necessary

#2 you need to set Search Scope to "Entire Subtree"

Yes I got the dashboard working as advertised. I just had to refresh a few things and reimport the visualizations Jason are some files were successfully parsed and it worked! Check out my linked post, it says more specifically the steps I took.

You could try out to set up all in VLANs and then you may configure it out with switch ACLs if a managed switch will be there in use.

Not the main topic but i don't want to open a new thread.

I did build a DCF77 radio receiver for a view bucks with a Arduino.
It is now connected to the motherboards serial port of my Hyper-V 2016 server.

I did install the Meinberg Driver and there NTP package on the Hyper-V 2016 server.
On the other windows PCs I use the NTP package.

I have in pfSense now 10.1.0.2 + Prefer.

Is there something in Services > NTP > ACLs i need to set if i don't want do use pfSense as timeserver?
Does "Service - Disable all except ntpq and ntpdc queries (noserve)" disable the timeserver?

Some images in the attachment if somebody want to see it.

Hyper-V.jpg
Hyper-V.jpg_thumb
Workstation.jpg
Workstation.jpg_thumb
pfSense.jpg
pfSense.jpg_thumb

The corresponding port on pfSense could also be considered a VLAN "trunk." It would look something like this:


I think you're on target there buddy.
Assign VLANS via PFsense, and configure switch trunk ports and access ports as you desire.

As far as I can see, you're golden.

Good luck.

Take your time, and as a rule, if it does not appear to be working after you configure, as a first step, reboot / restart.

^ exactly.. But I would suggest you move to current vs 2.3.2 - current is 2.3.4..

Thank you for your explanations.
I think my way of thinking is still to much connected to terms like NAT where the IP of you wan interface is probably the most important one.
Will take some time for me to change that way of thinking i guess. ^^

Thank you.
Dennis

Untag the port for the PC on 116.

It sounds like you should just remove the layer 3 configuration from the switch on that VLAN which will revert it to simple layer 2.

Tag that to pfSense and configure that VLAN interface with whatever services (DHCP, etc) and firewall rules that you want.

It is very important, however, to know who is routing for what. is pfSense doing the routing or is the switch.

That diagram I posted covers both scenarios.

If you assign an interface in Interfaces > (assign) to eth0 that will be untagged traffic on eth0.
If you assign an interface in Interfaces > (assign) to VLAN 100 on eth0 that will be tagged VLAN 100 on eth0.
Your switch should be configured accordingly.

Thank you very much for the reply kapara!

I have found these settings before and did not add them because this was on boot, not per device.  If I unplug the MIFI device and plug it back in, will this command rerun?

Thank you!

One more thought on this - as I was able to build rrdtool with all the needed libraries … and I have those (shared) libraries in another folder. Is there an easy way to have pfSense / FreeBSD add another folder / path to the library search?

Thanks!