@keyser the authenticator application is called authelia. All incoming traffic passes through PfSense then the majority goes to my NAS that runs several applets. One of them is traefik which acts as the networks proxy server. All apps are resolved internally via PfSense (so, when internally I go to audiobooks.mywebsite.org it doesn't leave the network. Anyway, that's separate from this.

A captive portal is just a webpage that requires authentication of some kind to proceed to connection. I'm just creating an airlock system in my network that also notifies me of new connections. It's essentially nothing fancier than what is effectively 2 captive portals wherein you can't reach the second without passing through the first.
All of this was pretty well explained above. And repeatedly.

@stephenw10 Guess I need to prove it - assuming I get a few more days without incident, there are some settings to disable EEE which I'll try with the old wiring setup and see if that's stable.

Problem is that I've had many months of stability in the past - so unless it shows an incident pretty quick I may not know.

FYI - seems that this site may describe the innards of the ONTs - it's in a BT Openreach branded box but otherwise all the lights and sockets match.

Nokia ONT chipsets

Paul

@viragomann

You were right my friend, thank you thank you thank you. I was nearing giving up on this project lol. Was about to plug the broken router back in for now.

My OpenVPN config was 'tap' mode, which mainly was because of the previous system requiring me to use it. I didnt think it would cause to much problems but behind the scenes what needed to happen was not happening. I had no gateway interface being configured (thats why i had added one a couple times for testing).

I've set it to a /30 and 'tun' mode and it seems to be working without further input now.

@jimp Thanks! Will make a note of that :)

Resolved issue in Sunny Valley Forum.

Now back under control, and have new script to see how large these files are in compressed and uncompressed size

find . -type f -iname "*all.sqlite" -exec sh -c "echo -n ' de-compressed: '; du -Ah '{}'; echo -n 'compressed (used): '; du -h '{}'; echo ' '" \; de-compressed: 44K ./usr/local/datastore/sqlite/alert_all.sqlite compressed (used): 4.5K ./usr/local/datastore/sqlite/alert_all.sqlite de-compressed: 8.0K ./usr/local/datastore/sqlite/sip_all.sqlite compressed (used): 4.5K ./usr/local/datastore/sqlite/sip_all.sqlite de-compressed: 73M ./usr/local/datastore/sqlite/tls_all.sqlite compressed (used): 30M ./usr/local/datastore/sqlite/tls_all.sqlite de-compressed: 443M ./usr/local/datastore/sqlite/conn_all.sqlite compressed (used): 187M ./usr/local/datastore/sqlite/conn_all.sqlite de-compressed: 184M ./usr/local/datastore/sqlite/dns_all.sqlite compressed (used): 78M ./usr/local/datastore/sqlite/dns_all.sqlite de-compressed: 58M ./usr/local/datastore/sqlite/http_all.sqlite compressed (used): 12M ./usr/local/datastore/sqlite/http_all.sqlite

@stephenw10 Yep, that’s what my testing shows.

@ali_jobia I take it you looked at this: https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html
and this: https://docs.netgate.com/pfsense/en/latest/captiveportal/index.html
https://forum.netgate.com/topic/83082/pfsense-squid-squidguard-for-captive-portal-with-ldap-auth-title-edited

Then see whether this applies to you case: https://redmine.pfsense.org/issues/10749

@jimp Ok thx to everyone. Decided not to go via VPN route. Worst case will use TOR

@rcoleman-netgate said in Identical Netgate Device ID and Activation Key:

Running the SAME NDI on two different systems may be a violation of the terms of service -- but I'm not a lawyer and not an expert on the license terms, either.

Thank you for your clarification. This was also what my question was about besides the technical aspects.

@stephenw10 said in e6000sw0port3: link state changed to DOWN:

The LAN side DHCP issue could be unrelated. It could be a rogue DHCP server in some other device for example. Check the logs for reported IP conflicts.

Hello Steve,
Would you be so kind to continue anything you wish to add to this discussion in the other topic?
I prepared a post for you there with a reply to your suggestion.

@stephenw10 Thanks. I'll try and tell about

THX @dobby_ i will do that

@keyser said in WAN dhclient (DHCP) issues - bug in time intervals?:

vlan.pcp

Ah, OK I see, it's because the renewals are unicast and don't use the bpf rule. So, yes something similar is required there. Set the tagging on the pf pass-out rule if they are enabled in the dhclient.

Let's see...

@jimp it seems it neeeded a restart after I applied the suggested patches. It just stopped the next day. I will keep an eye on it.

@fireodo said in PC Engines APU2 - 23.01- Working fine:

@dobby_ said in PC Engines APU2 - 23.01- Working fine:

Did you get it working? Iam using 23.05 RC and 2.7 now

No. There is no kernel module for freeBSD 14 :-(

Thanks for that information then I could save the time for searching for an workaround, I was thinking perhaps I have overlooked something or was not able to find it right.