You should not see firewall logs for it on WAN unless it's being blocked. Do you have some odd pass rules on LAN? As I said it's possible to create rules that pass the traffic without creating a state but you have to create that specifically and they're almost never the right option.

Nope the putty log should capture it.

Thanks @stephenw10 , that's very helpful. If the images or at least the checksums were gpg signed, that would be another way to give more confidence in the downloads, but that's another topic. Thanks again!

Yes they should be able to set that public IP on the Meraki WAN dircetly. And yes they could setup a VLAN or just a separate port to isolate a connection from pfSense and NAT it.

@johnpoz said in OpenSSH v9 new default conf directive "PubkeyAcceptedKeytypes": Only thing I am still using rsa on is like my old sg300 switch doesn't support anything else. Unfortunately even the current CBS switches only allow RSA 2048 and SHA1 as well. I believe this is scheduled to be fixed in the next release though.

@floydque said in Remote Access with Mediator: that would add another point of maintenance for me Yup that's true. But it would also be way more flexible....

@louis2 re: changing hardware; as I understand it the NDI is based on MAC addresses, so changing NICs will change your NDI, and invalidate the license.

Definately, I can accomplish that as I have a DHCP WAN. I appreciate everyone's comments! Very helpful!

Ah, good result! Interesting that pfSense didn't log that. I would normally expect to see 'xxxx is using my IP address' entries.

@HorstZimmermann said in [SOLVED]LCP: no reply to 1 echo request on PPPOE: but they kept denying An ISP denying they have a problem? I'm shocked!

@june said in Backup config file: I am putting it into usb mini slot in front of the rj45 which I am unplugging from my pc. Hmm, that's confusing There is no USB-mini socket on the 4100. There is a USB-micro socket but that's for the serial console only. It's not clear what you're trying to do here. Steve

@Pablomdli said in OpenVPN site to site not working both ways: The only weird things is that it gives the ip 10.0.8.0 to de office#2 openvpn client So I'd suspect, that you stated this IP in the CSO. You should enter an IP out of the tunnel network there, but it have to be one from the second upwards.

@johnpoz oops... You were correct! In previous setups I did some static routes to mimic my outgoing Juniper.... With that fixed, I can move on to the next phase. Crash and burn, I mean, testing LOL. You've been a great help as I journey to the pfSense world. Cheers.

@viragomann That was it. Once I removed the NAT entry and added the firewall rule to allow it back in, it started working. Thanks,

@stephenw10 Hi Sorry for the delay, did get some strange error but now it working :) Thanks alot for all the help

Found my issue. I had the wrong IP set in the backend. thanks,

@stephenw10 At least it's fixed now for me and looks like the missing /n after the "missing interface" comment was the culprit.

Hmm, what did you actually change? I'd expect to see that repopulated correctly after saving the config in the gui.

Yup it's that. If an interface goes down then IP addresses on the firewall change. I agree it's a bit of a big hammer and ideally could be far more nuanced. But that's what you're seeing. Interestingly there is a quirk you can probably use to stop this happening. If you enable IPv6 on the wifi interface and set it to track a WAN for v6, even if there is no IPv6, it will by ignored. Steve

@mikeehendricks said in PFSense no internet: Thanks for your help! You are welcome, glad that it helped.