The WireGuard package is considered experimental because it has only recently been added and I'm sure there will be things discovered. I use it here though and have not seen any issues for a while now. The current package version seems good. The lack of OpenVPN interfaces there is probably not a bug, more likely the presence of WG interfaces would be. However you can open a feature request to add them: https://redmine.pfsense.org/projects/pfsense-packages Steve

Whatever local clients those are on 192.168.0.30 and 192.168.0.45 are sending a POST to the firewall web server. You'll have to see what's running on those to know what they're doing.

I didn't read carefully, and didn't see that in your question you ask for 2 separate subnets int1, 192.168.100.100/24 int2, 192.168.200.200/24 Subnet1 192.168.100.0/24 Subnet2 192.168.200.0/24 So, I changed my test but the result is the same. 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:78:d8:01 brd ff:ff:ff:ff:ff:ff inet 192.168.100.141/24 brd 192.168.100.255 scope global dynamic enp0s3 valid_lft 86383sec preferred_lft 86383sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:78:d9:01 brd ff:ff:ff:ff:ff:ff inet 192.168.200.141/24 brd 192.168.200.255 scope global enp0s8 valid_lft forever preferred_lft forever # arping 192.168.100.141 ARPING 192.168.100.141 60 bytes from 08:00:27:78:d9:01 (192.168.100.141): index=0 time=377.666 usec 60 bytes from 08:00:27:78:d8:01 (192.168.100.141): index=1 time=427.840 usec But this is a configuration on virtualized environment, without any smart/manageable switch. All my PC/servers are connected to netgear non manageable gigabyte switch. I think, when you have this kind of complex configuration (router, multi-subnet, ect.), you may need manageable switch which can separate VLAN and use spanning tree and others features like that. I don't really know because I don't have a manageable switch for the moment, but I'm looking to buy one to test :)

@keyser Huge thanks!

@gabacho4 Thanks for getting me over the first hurdle. I've now got my device configured as a rudimentary hardware firewall, with all of the basic settings ... I'll see if it will play nicely with my WiFi router, and if that is not an unmitigated disaster, I'll work through the documentation and see how VPNs and other layers can be added incrementally.

@gertjan, thanks for your wisdom on your replies. You were 100% right. I ended up opening an enterprise ticket to see what support had to offer. I ended up having to export the config.xml, rebuild the box from the recovery image and then import the config.xml back. Now the box is back to 100%. It might be a good idea for Netgate to put some "stops" in place when an XML is exported on intel and a restore is attempted on ARM. It was interesting because there were zero errors. It was not until after the box was up and running that I noticed the error. Anway wanted to reply back on this thread and close the loop. Thanks again!

Try running at the CLI: pkg-static -d update What error is shown? You might need to set the update branch to 2.5 dev to allow it to pull in the repo updates. Then set it back to latest stable when that then shows as 2.5.2. Steve

@stephenw10 said in For The Suggestion Box: It is generally preferred to restore the full config to avoid any config version problems. I would agree.. But I could see maybe restoring a couple of them only if you were in the middle of messing with those.. But yeah I would think there shouldn't be any reason not to just restore all, since you didn't mess with any of the other things during a specific sort of project.. But I don't see why you would just backup couple of them.. Its a few K at best.. not like hey I only need to backup this that is 1MB vs 100MB

Do you have a multi-WAN configuration? If you do, there is a known bug in 2.5.1 with port-forwarding and a multi-WAN setup. The bug is fixed in the 2.5.2-RC (that will be released soon). Here is that bug report: https://redmine.pfsense.org/issues/11805.

@thierrym hahaha. Oh yeah, now you’re talking about something much larger than I thought you were initially. I think the pfblockerng option is your best choice based in your clarified requirements. Shouldn’t be too bad to set up. Best of luck!

@n99r First off, arp will only show devices that have recently communicated with the device you're running the arp command on. Beyond that, you have to check addresses. Are you using DHCP? Static addresses? These are all basic network issues that have nothing to do with pfsense.

@johnpoz Yeah those speeds even with USB NICs blow his statement out of the water. I'll keep that in mind thanks.

@radicalentity This is not enough, those devices need to be in their own VLAN, taking advantage of the default block-to-all rule.

@annycat1 said in pfsense no da internet: hola tengo un problema estoy aprendiendo esto, al momento de instalar pfsense todo bien junto con la configuración inicial pero no me da internet mi servidor, pero si me arroja ambas ips tanto wan como lan pero no recibo señal en mi maquina cliente y el error que me arroja win 7 es que el servidor DNS no responde que puedo hacer? From Google translate: hello I have a problem I am learning this, when installing pfsense everything is fine together with the initial configuration but my server does not give me internet, but if it throws both ips both wan and lan but I do not receive a signal on my client machine and the error that it throws me win 7 is that the DNS server does not respond, what can I do? First off, make sure you have a working connection. Ping an address such as 8.8.8.8 to see if you get a reply. If that works, check your DNS server address. You can try a public server such as 8.8.8.8. En primer lugar, asegúrese de tener una conexión que funcione. Haga ping a una dirección como 8.8.8.8 para ver si recibe una respuesta. Si eso funciona, verifique la dirección de su servidor DNS. Puede probar un servidor público como 8.8.8.8.

@kom I thought so. Perhaps it could help alleviate the burden on the backup server if users could enter the minutes at which the cronjob occurs? As of now, users can enter hours but not minutes. [image: 1625505544452-dfe0d2ab-836e-49e5-a27f-df5b9ed2f01e-image.png]

@areckethennu Nope. I think this might be log noise, but at least I know I'm not the only one seeing this. I borked my previous installation and when I started fresh, I thought my hardware was messed up some how when seeing that. Like something was wrong with my hardware clock, but it's just fine apparently. It's set correctly to UTC.