@reberhar I have 4 pairs of HA/CARP pfSense units and 1 stand alone.

9 pfSense units, plus other servers at these locations that occasionally send logs in this manner.

@spotlizard said in New Pfsense install results in greatly reduced upload/download speeds:

They had taken the modem OUT of Bridge mode. A normal reset doesn't change this, so their tech must have done it in the background as part of their troubleshooting. Once I changed it back and restarted Pfsense I saw a significant increase in performance.

Wouldn't this have been visible in the pfsense dashboard? Your WAN IP would change to something very different than the public IP normally showing up there... probably a 192.168.1.N subnet?

@klubar That issue has been fixed in recent versions. I suggest simply reinstalling the latest version on it first, then restoring.

@azizth said in Unexplained Behavior on a Network Interface 192.168.1.2:

Moreover, PCs in the Administration network, when configured with DHCP, have no access to the network

The show use and yourself why ?!!

and you see everything about the lease : the IP, the gateway which must be 192.168.1.2, the DNS that must be 192.168.1.2 etc.

Just for my own curiosity why 192.168.1.2 and not 192.168.1.1 ?
192.168.1.1 has been tested by millions, and doesn't need any thoughts.
Changing it to 192.168.1.2 is like opening a can of worms, which isn't a big deal, but look again, you can't see the bottom of the can.

SWAP is used to store crash reports. Have you seen a lot of crashes?

Otherwise what packages are you running? The load averages look pretty high.

Steve

@jim82 said in Localhost IPv6 added as resolver after 24.11 upgrade:

it's a viable option

But limited in time.
I'm like everybody else, I saw IPv6 coming, and thought back then (early 2000) : "wow, that's something my kids have to deal with, IPv4 rocks, works fine, and I've other things to do".
Now, its 2024. Every OS on planet earth will use initially IPv6, and if that doesn't work out, it will fall back to IPv4 if available.
Read again what I've just said. For every connection that is created, this decision step is taken.

True, not every ISP offers a IPv6 connection. Lets presume most do now. And if they do, chances are the connection is pretty broken in the way they implemented it "not as it should be". (RFCs are clear, but they are like us : don't want to learn new things, and, it costs them $€)
We've seen this already happening ones, when IPv4 went mainstream for 'everybody', when ISPs were created. It took a decade or so for IPv4 as a connection method became a no-brainer. These days, it works out of the box, with much knowledge needed.

Anyway, if you can, make IPv6 work. deal with it now. Our kids have already enough problems to deal with, like flooding, overheated planet and so on 😊

@jhmc93 said in Plex through surfshark wireguard pfsense vpn:

@Patch pfsense doesn’t have a WiFi device to broadcast WiFi. Pfsense is a side step as it also ran off a power line network plug for just my media servers, so I narrowed it down so when I connect to my isp WiFi my Plex shows indirect connections but if I join my VPN program through my laptop it goes back a normal connection.

Yes, that ^ otherwise what is the point of having pfsense at all?
If you are looking to improve network safety/security and perhaps add more functionality, you really need to move everything over to be on the LAN side of pfsense.
Right now you are just making life difficult for yourself.

The best, and also cheapest solution would be if you can connect pfsense directly to the incoming cable (ISP WAN cable in pfsense instead of ISP router). Then turn off DHCP in the ISP modem, and connect one of it's LAN ports to pfsense LAN. This turns it into an AP and you are good to go...

Otherwise check if the ISP router has bridge/passthrough mode. If not you need to place pfsense in a DMZ, which the router probably has.

You can sort of do it using the pftop state and rules views but you don't get the rule description (label). The label view doesn't really help.

@jarlel

dtrace has quiet a list of conditions to be met for it to work.
The kernel has to have supported modules, and compiled with 'trace' options set. I wouldn't be surprised that can't be found on pfSense, a firewall.
A FreeBSD dev station, yeah, of course.
Look here.

@jarlel said in dtrace command to analyze file modification:

I am trying to find a way to detect changes

An idea :
The file your interested in, change the owner and or the read write execute flags.
Make it read only for everybody.
What will happens now ... will the process that actually updates = writes, will it cash ? complain ?
FreeRadius has some pretty extensive logging : just stop / kill it in the GUI, and then on the console (or SSH) access, fire it up :

If a process fails, freeradius or some other process, you should see it complaining - in the logs of course.

Hmm, so it appears that just the extended query is filtering out all users even though they should be members of the G_Open_VPN group?

@stephenw10 hmm will have to look out for that. Part of the reason for doing it also to tinker and learn more about the possibilities. I don't learn as much from just reading but from guided setups then messing around with them once I see how it is supposed to work.

It does have a switchable setting to turn DST on and off. Basically I just had to unregister the device, remove the location defined, recreate the location then register the device. All good now.

Yup, exactly just recover it during the install or at boot afterwards using the External Config Locator. 👍

@provels said in NTP driving me crazy: offset -1410.220612 sec:

They say the man with 2 watches never really knows what time it is.

That's why you pool them up 😊

Ok i'll write you privatly

@Gertjan

Yes these two are the ones I meant by saying "default".

but yeah you are absolutely right about the others generated by other packages.

@stephenw10

Thanks for the info dear 🙏

What widgets do you have on the dash?

Did you try the suggested patch to revert the widget refresh method?

@stephenw10 said in How to handle Crash-Report:

Is this the first time you've seen it?

Yes, it was first time.
I do use pfsense since mid June 2024. So not for very long

Mmm, that is probably the way to go. Those scripts are expected to be run as root. Curious that it changed in 24.11 though.