1 ssid would be I nice goal - but don't really see it as viable option.  For starters not aware that you could mix wpa-enterprise with wpa-psk.. My trusted devices require eap-tls to get on that network, etc.

And the psk I would use that are on a isolated guest network would prob be easier then the psk I would use on my vlan psk where my iot devices go, etc.

Yeah your exactly right you can not seem to be able to assign a static IP on same ssid you do dynamic - which agree not a big deal.  But would like that vlan to be different than some untagged vlan which is currently the vlan that the AP IPs and controllers sit on, etc.  Once you can tag the admin vlan in unifi that whole concern does go away.  And from my testing if there is no auth to the radius with the mac you just don't get anything, etc.

Thanks, I wish I saw that. I hope the web configuration will get fixed soon though

Check system -> Routing -> Gateways -> edit.

Good luck.

Ok i will open another topic for that i don't know how to do it and would be really nice to work, but i am not sure if it will work since i have a pppoe with dynamic ip gateway and ip always changes

Fixed :)

Eventually, yes. No immediate plans though.

same issue here… openvpn rules same thing 104 times for the rules

@Hugovsky:

Yes, you're right. I'm not blaming suricata. It's my fault. And intended. I will correct that rule to include ntp. Do you think I should delete the thread so people don't be confused?

You can delete it, or leave it with [SOLVED] in the title.  Your call.  It might prove educational for someone else later.

Bill

Hi all,

I have updated the PR with a second patch.
https://github.com/pfsense/pfsense/pull/3892/commits/f95579a6c42ab6bce1a103b8277c0cee93302b16

There are among other things a couple of visual changes
which intention is to give a better overview, because the
space in the tables are limited. You might want to read
the commit log message for further details.

Applying the newest patch with System Patches
won't work. I guess it is because of the files
that moved.

You will have to copy the files to their target
locations manually when testing.

Thanks :)

With the newest snapshot 2.4.3-DEVELOPMENT (amd64) built on Wed Jan 10 20:07:40 CST 2018 FreeBSD 11.1-RELEASE-p6, the issue has been fixed.
THANKS!!

For stream men cap default is 64MB. Flow mem cap is 32MB

Tried to add path

/sbin/zfs snapshot -r zroot@currentsnap && /sbin/zfs send -R zroot@currentsnap | /usr/bin/gzip > /root/backup/currentsnap.gz && /sbin/zfs destroy -r zroot@currentsnap && /usr/local/bin/curl --upload-file /root/backup/currentsnap.gz ftp://pf@10.0.88.3:2121 && /bin/rm /root/backup/currentsnap.gz

Not helped.

At the end I got it working via bash package

/usr/local/bin/bash -c 'zfs snapshot -r zroot@currentsnap && zfs send -R zroot@currentsnap | gzip > /root/backup/currentsnap.gz && zfs destroy -r zroot@currentsnap && curl --upload-file /root/backup/currentsnap.gz ftp://pf@10.0.88.3:2121 && rm /root/backup/currentsnap.gz'

I have no clue what's happening but the Disk Usage has dropped off from 21% to 11~ 12%.  :o


So the temporary solution for those who have run into this issue is https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210686#c11
Thanks to Tomoaki AOKI.

Yes its still XML, and yes 'probably' a config from 2.4.3 can be 'somewhat' imported even on 2.2.x.

HOWEVER, it wasn't tested or even intended to work, and you will certainly loose some configuration settings (assuming you use those parts that were changed.) and end up with a 'dirty' configuration some tags could be there that shouldn't be, other might be missing that are normally always there..

When going to a newer config version 'upgrade steps' https://github.com/pfsense/pfsense/blob/master/src/etc/inc/upgrade_config.inc can involve modifying existing settings into a newer 'format' restoring the new config format on a old pfSense version will likely mean those converted settings are not understood by the software and effectively 'skipped' or cause other unexpected problems..

I'm not saying its impossible, and well sometimes like in this case the config didn't change and it can be done without a possibility for trouble.. But be very careful and double-check everything is still in working order when restoring a config on a old version.

Usually a increase in version number also means some config upgrade steps where added.. so your a) and b) are done together, and yes tags get deleted/replaced or little changes to their meaning..

My 2 cents :).