@Gertjan i can see only 3 pushover threats , and about 40 telegram threads. I see the probability to have success with pushover very slight. so i will check out telegram.

@stephenw10 yeah I have installed the CA on multiple computers, both windows and linux. iphones and android tablet and never ran into a issue. But yeah if should be tagged critical, should be an easy fix. @mmege Glad you found a simple work around with creating intermediate with openssl

So put the host override in whatever DNS server you are using.

Good question! Probably some small change to the bootup order.

You could add floating rules to just pass the traffic even if it is asymmetric: https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html But I prefer to avoid that if at all possible though. It almost inevitably ends up with other issues in the future. It will be confusing to anyone else looking at it later.

Got it. Thanks so much for the help!

@Reidid said in How change title from authentification page ?: pfsense/src/etc/inc/captiveportal.inc In that file you can 'find' the original 'With love from Netgate' portal login html file. Here you have mine : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html lang="fr-FR"> <head> <title>BHF</title> <meta name="viewport" content="width=device-width, user-scalable=no" /> <style> #content,.login,.login-card a,.login-card h1,.login-help{text-align:center}body,html{margin:0;padding:0;width:100%;height:100%;display:table}#content{font-family:'Source Sans Pro',sans-serif;background-color:#1C1275;background:{$bg_src};-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;display:table-cell;vertical-align:middle}.login-card{padding:40px;width:280px;background-color:#F7F7F7;margin:100px auto 10px;border-radius:2px;box-shadow:0 2px 2px rgba(0,0,0,.3);overflow:hidden}.login-card h1{font-weight:400;font-size:2.3em;color:#1383c6}.login-card h1 span{color:#f26721}.login-card img{width:90%;height:90%}.login-card input[type=submit]{width:100%;display:block;margin-bottom:10px;position:relative}.login-card input[type=text],input[type=password]{height:44px;font-size:16px;width:100%;margin-bottom:10px;-webkit-appearance:none;background:#fff;border:1px solid #d9d9d9;border-top:1px solid silver;padding:0 8px;box-sizing:border-box;-moz-box-sizing:border-box}.login-card input[type=text]:hover,input[type=password]:hover{border:1px solid #b9b9b9;border-top:1px solid #a0a0a0;-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.login{font-size:14px;font-family:Arial,sans-serif;font-weight:700;height:36px;padding:0 8px}.login-submit{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:0;color:#fff;text-shadow:0 1px rgba(0,0,0,.1);background-color:#4d90fe}.login-submit:disabled{opacity:.6}.login-submit:hover{border:0;text-shadow:0 1px rgba(0,0,0,.3);background-color:#357ae8}.login-card a{text-decoration:none;color:#222;font-weight:400;display:inline-block;opacity:.6;transition:opacity ease .5s}.login-card a:hover{opacity:1}.login-help{width:100%;font-size:12px}.list{list-style-type:none;padding:0}.list__item{margin:0 0 .7rem;padding:0}label{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;text-align:left;font-size:14px;}input[type=checkbox]{-webkit-box-flex:0;-webkit-flex:none;-ms-flex:none;flex:none;margin-right:10px;float:left}@media screen and (max-width:450px){.login-card{width:70%!important}.login-card img{width:100%;height:100%}}textarea{width:66%;margin:auto;height:120px;max-height:120px;background-color:#f7f7f7;padding:20px}#terms{display:none;padding-top:100px;padding-bottom:300px;}.auth_source{padding:20px 8px 0px 8px; margin-top: -2em; border-radius: 2px; }.auth_head{background-color:#f7f7f7;display:inline-block;}.auth_head_div{text-align:left;}#error-message{text-align:left;color:#ff3e3e;font-style:italic;} </style> </head> <body> <div id="content"> <div class="login-card" style="text-align:center; margin:0 auto;"> <form method="post" action="$PORTAL_ACTION$"> <p>Bonjour, <br />Vous &ecirc;tes sur le portail d'accueil 'Wifi' de</p> <a href="http://www.bhf.tld/" ><img src="captiveportal-nvxx-logo.png" width="200%" alt="BHF Logo" ></a> <p>Tout d'abord, nous vous <g>conseillons</g> de consulter notre Livret d'accueil.</p> <p>C'est ici : <a href="ROOM-DIRECTORY-BH-FUMEL.pdf?zone=$PORTAL_ZONE$">Livret d'accueil</a><br /> (Veuillez cliquer/taper !).</p> <hr> <p>Souhaitez vous accéder l'Internet ?</p> <div class="auth_source"> <input name="auth_user" id="auth_user" type="text" size="12" maxlength="10" value="#USERNAME#" placeholder="Numéro de chambre"/> <input name="auth_pass" type="text" size="12" maxlength="10" value="#PASSWORD#" placeholder="Mot de passe (dans le Livret d'accueil !) "/> </div> <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$" /> <input name="zone" type="hidden" value="$PORTAL_ZONE$" /> <p><input name='accept' type='submit' class='login login-submit' value='Acc&eacute;der &agrave; l&acute;Internet' /></p> <?php global $config, $cpzone; if(isset($config['voucher'][$cpzone]['enable'])) { ?> <p><input name="auth_voucher" type="text" value="#VOUCHER#"/></p> <?php } ?> </form> </div> </div> </body> </html> Big surpise, no ? It's the thing you've been looking at half a billion times in your live. It's just html. Here it is adapted (honestly stolen ^^) from what I've found in pfSense : [image: 1730813412465-63bd17a5-4439-46c5-bc27-8bb8becb18bc-image.png]

@Gblenn okay, yeah it is coax to xFi. So, bridge mode it is.

You can install it yourself but you should not be able to purchase 3rd party hardware with it pre-installed. It you do I would strongly recommend you reinstall it to be sure what you have is actually unmodified pfSense. If the license expires you will lose access to the pkg repos which means you can no longer see updates or install new packages. It does not prevent existing services running. If this is used Netgate hardware it will always have access to Plus, that does not expire. Steve

Hmm, interesting. Be sure to check the ware level again. That's not a set of symptoms I've seen but it does look like a failure mode that could also be the eMMC.

@Gertjan said in WAN requiring root CA to be installed for internet access: Ok to keep old software. But mixing new stuff (pfSense 2.7.2 uses FreeBSD 14) on old stuff, is like installing windows 11 on a PC without a TPM : you can (probably) force it, but it needs uncommon knowledge to do so. I know, but the iron does not support 6.0 and later. @bmeeks said in WAN requiring root CA to be installed for internet access: @reqman said in WAN requiring root CA to be installed for internet access: Unfortunately, a bit later the VM shutted down by itself. Tried the exact same procedure, but no go. The problem is likely the vmxnet3 driver. Change your virtual machine to use the e1000 NIC driver and try again. You will take a performance hit using the e1000 virtual driver, but that should let the newer pfSense boot and run. Very useful info, thanks. Will give it a try, when I find some time to reschedule this experiment.

@stephenw10 said in Wireguard with IPv6: Nope you are not wrong. My ISP only provides a prefix so I have no routable IPv6 address on the WAN directly. That's BT, the largest ISP here in the UK. Thank you stepehen. Helps a lot. :)

If you're running ZFS it may be old BE snapshots filling the drive. If you can reach the command line you can check that with: bectl list Otherwise it's probably logs from some package, check /var/log Steve

Wow, there is considerable information you have provided, thank you! DNSBL reloads once per day at 15 minutes past midnight, 00:15. I am using KEA for DHCP services which does not contain the DHCP registration setting. Knowing the origional DHCP service is will be remmoved at some future point appeared to the best option. Service _Watchdog is not installed given the issues it creates. I added the service status to the dashboard for monitoring.

@stephenw10 exactly 7547 is the TR-069 service. "is a bidirectional SOAP/HTTP-based protocol that provides communication between CPE devices and auto-configuration servers (ACS)." Would seem quite possible that the isp device, ie the CPE is using this. https://en.wikipedia.org/wiki/TR-069

@viragomann they are being processed by the floating rule maybe I should get rid of the floating rule, at least that might help with future trouble shooting.

@netpatje said in Lost power, can't boot!: No config.xml f... See if you have a config file in /conf/backup...menu option 15 if it lets you use that. A reinstall will use ZFS which is more resilient towards power loss.

@jminnebo Not sure about certs specifically but one can restore parts of a configuration file. Or copy/paste in the XML.

@stephenw10 I had to force reboot at the time to get back online so unfortunately can't try now but if it happens again I'll run a capture and check that. Thanks! @Gertjan I have provided the system.log covering the duration from when I initiated a reboot to the first two lines of the next boot after I had to pull power as the system appeared to have gotten stuck. Is there a different log file which you're interested to see?

@jrey Thanks so much for your help and input it is very useful info to have to be able to put this into perspective. Sorry delay in getting back to you, was also working on a rules issue which seems to now be resolved. I appreciate your time and patience on this. I hope all that we covered will be of use to others in the future. Thanks again and have a great week.