@virusbcn that will lead to asymmetrical traffic flow. And the return traffic to the other pfsense would have no state.. Even if you created a transit between the pfsenses.

Use 1 pfsense, create 2 different lan side networks that your pfsenses have a transit network to talk to each other to get to each others networks. Do source natting of the traffic, use host routes on your devices.

There are many ways to skin this cat.. Pick one of the ways. The easiest solution is just to do a source nat, an outbound nat on the pfsense doing the vpn so that clients you talk to on this shared lan think the traffic is just coming from that pfsense lan IP.

Hello!

You could try qemu-img

qemu-img convert -O qcow2 in.iso out.qcow2

John

You don't mention a switch configured to separate the VLAN. That's what I'd expect to find.

You're awesome @stephenw10.

I was able to add a rule above my other rule to pass all to my LAN subnet first, and now it seems its all working as expected.

The learning curve for pfsense is steep (or just understanding firewalls, NAT's gateways, rules, etc in general).

Appreciate you holding my hand and helping me out!

@zkhcohen, thanks for the pointer. I was having this same issue and came across this post from Google. The issue you linked to I think describes the problem pretty well. If it keeps getting removed we might need to add a cron job to keep adding it back for now as others did for https://redmine.pfsense.org/issues/14374.

@stephenw10 Thanks! This solved my problems!

@stephenw10 makes sense, will look into all this. appreciate your help!

@akashphx said in Router Recommendations:

I'm looking for 2 router recommendations. One for my home and several for my business.

You might consider one of those mini PCs that are popular these days. I've been using the one described in my sig for about 3 years.

@Gertjan

I run the following command via the console

/etc/rc.php-fpm_restart

Yup that^. Just be sure that your outbound NAT rule is highly targeted so it only ever matches traffic trying to reach the modem.

Well if we look at how dpinger is called in pfSense, for example

/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 172.21.16.226 -p /var/run/dpinger_WAN_DHCP~172.21.16.226~172.21.16.1.pid -u /var/run/dpinger_WAN_DHCP~172.21.16.226~172.21.16.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 172.21.16.1

And at the man page: https://github.com/dennypage/dpinger

It appears the values are available on demand (-r 0) whenever it's called.

@nfaheem said in Trying to Access Home Assistant from outside network:

but recently tried to migrate to Home Asisstant and using their cloud service, I still cannot using certain services because my network blocks traffic.

If Home Assistant has a cloud service then I wouldn't expect any of this to be necessary. Everything would be accessed via the cloud. I could be misreading that though.

Create the file /boot/loader.conf.local. At the command line run: touch /boot/loader.conf.local
You have to use the .local file so it is not overwritten by the system.

Edit that file and add the line:

i915kms_load=YES

From the command line you can use the Easy Editor: ee /boot/loader.conf.local

That will load the driver and may be sufficient. Deppending on your hardware you may also need one or all of the following lines:

drm.i915.enable_unsupported=1 kern.vt.fb.modes.VGA-1=d kern.vt.fb.default_mode="1024x768"

It's seeing the 2.5 version. You should normally see that as an available upgrade on the dashboard. If that has been disabled you would need to visit System > Updates.

But from such an old version you should consider installing 2.7.2 clean and restoring your config.

@johnpoz said in Native 2FA In PfSense ?:

Do you recall where that was at..

It was at a Royal Bank of Canada data centre, on Front St. W. in Toronto, over 30 years ago. That was just the first time. There have been other occasions in other data centres. I have also done some work in a prison, where it's fun getting in. No cell phone, pager, camera, pocket knife, etc. Take in only the tools you need for the job. Pass through a metal detector. Everything inventoried coming and going, including parts used & removed. Escorted by a guard and locked in the room where the work is.

One system I worked on many years ago was called CPIC, for Canadian Police Information Centre, which was operated by the RCMP. They had Silent 700 terminals at the various police departments, which had an answer back board. That board used a diode matrix to contain the terminal ID. When replacing that board, we had to cut some more diodes to obscure the ID. Of course, if one wanted to be sneaky, one could hold the cutters one way, when installing the board and the other way, when removing it. That way you could look at the ends of the wires, to determine the original vs new diode cuts. 😉

@stephenw10 Will do, thanks for your help!

Yeah, it's a long standing issue in pfSense that is finally addressed in 23.09. From there on you have to opt in to new releases so you cannot accidentally get the wrong packages.

@stephenw10 resolved before seeing this, but you are correct. thanks very much.

for posterity, from loader prompt:

load /boot/kernel/zfs.ko

Hmm, well I would be trying a clean 2.7.2 install at this point. I'm not aware of any known mbuf leak so we need to determine if it's the config or something broken in the install.