Some services are pre-defined in the shaper wizard but it's by no means definitive.

@stephenw10 @nimrod Thanks for the advice guys. I have been so busy but managed to get free to look into this. I nuked my pFsense and this time I set a keep alive 25 seconds on the peer, now I get handshakes. I followed every step in the Mullvad guide, looks like I've got a Mullvad IP assigned and no DNS leaks so I guess it worked. Only issue I noticed is that if I reboot my Protectli, there is still a handshake between the peer and tunnel but I can't get internet access. I had to nuke my install again and follow the guide again for Mullvad wireguard to work.

@sysadminfromhell said in pfSense vs TNSR: if I have to move to another Firewall Vendor :( Why move? I doubt you will get much better performance from other firewalls on the same HW. Assuming you want to have some level of functionality that is similar to what pfsense offers. I have been playing around with Sophos XG, which is available for free for home use. It has some minor limitations in # of CPU's and memory, but I get pretty much the same performance out of that as I do with pfsense in a like for like comparison (same amount of CPU's). Memory has never been an issue for me...

@bobleny said in Is there an RSS Feed with Patch/Release notes ?: Are they announced anywhere else Here Netgate blogs and pick one. Or a RSS reader on your phone - never tried that myself ? Or, somewhat related : [this](Auto update check, checks for updates to base system + packages and sends email alerts) - and this I'm using for years now, works perfect.

@stephenw10 Tremendous!! Upgrade completed successfully.. Much appreciated.

@vr3alist said in two routers configuration: what guarantees me the ISP won't change the settings in few months ? What setting would they change? My modem has been in bridge mode for many years.

Hmm, that has to be a security setting in Firefox.

Yes it could be but not in pfSense because pfSense cannot 'see' that device directly. It only sees a virtual NIC presented by VBox. So you need to check the NIC in Windows to see any errors present there. Unless you have configured VBox to allow access to the USB NIC directly? That would be a far more complex setup though.

FWIW upgrading to 24.11 didn't change this behavior. Private window still works. It remains a mystery.

@Gblenn HI Problem solved. The NUC has 2 Ethernet Ports as well as a Wireless Connection Capability. I did not connect the wireless but it still came up as Connection port 1, so my attempts to configure were using a Wireless link, which was not connected and the first Ethernet Port. I finally ignored the Wireless link totally, set up the WAN and LAN ports on the pfsense box as Ethernet ports 1 and 2 and lo and behold it works. Thanks for all the help. Cheers Colin

My thanks to all those who have started appreciating my posts and recognising their quality :)

@spyder0552 24.03 is a version old, did you mean 24.11? There are several posts about CPU usage in 24.11 while the dashboard is left open and the widgets are updating...

Were those binaries replaced? What's the file timestamp compared to others? What pfSense version are you running? Do you have the full list of deleted binaries?

It has to pass that traffic outbound obviously but no inbound ports need to be open. Replies from remote resources will be allowed by a stateful firewall like pfSense.

Glad you were able to get it sorted.

@stephenw10 made too many changes in the last 48h ;) now direct and reverse proxy nginx works, just complains about ltm vips

OK so the APU was also on the WAN side of the HA pair? You should still have the monitoring graph data (RRD) from the time that would show a spike in firewall states.

@johnpoz Both ns1 and ns2 i built are running on VMs, Cluster on Site and the second one a VPS at Hetzner, I have been testing as i have a bunch of Domains that were using my name server and domains using DigitalOcean but who knows what the problem is, i think it could be more down to Geolocation as the IPs of DigitalOceans shows America, I'm in the UK but it would be interesting to see what was causing the problem though. Regards

@stephenw10 said in Nginx and HNAP1: It's harmless in pfSense but it's caused by that local client trying to access a page at the pfSense IP address that doesn't exists in pfSense. So most likely that client was previously connecting to that service at the pfSense IP when it was some other host. It could be something on that client trying to actually use HNAP. It could be the client scanning local hosts. It could be malware on that client looking for local exploitable services. Check that client device. I see. I will try to investigate the client. Good to know that it´s harmless. Thank you, Jonna