@Wolfgangthegreat For example (this is checked by default):
8544523b-d69b-4088-b221-d2532912455c-image.png

@stephenw10 I don't have enough points to upvote, so I'll just say thank you Stephen 👍 !

Now, if the seller agrees to selling me that M570, I should be good to tackle this thanks to all the good info supplied by the community in this thread :)

and then it worked...

@Bob-Dig thanks
But I cannot understand why the FTP performance is crippled when going via Wireguard and not when going via the WAN.
The same happens for NFS and SMB file sharing protocols. The performance over Wireguard is rather poor, although I haven't tried these over an unencrypted WAN for obvious reasons so can't really compare.

@Bob-Dig
Not seeing those in my firewall logs. Yours do look rather odd.

No, just ordered from Amazon.

@Bannister8487 This worked for me, but I'm on 2012R2... LOL

Create /boot/loader.conf.local (or add to it if it exists)

kern.vty=sc hint.sc.0.flags="0x180" hint.sc.0.vesa_mode="279"

Nice. 👍

I managed to resolve my above issue and for anyone ending up with the same question:

My issue was caused because of a colleague who added a floating rule, rejecting traffic coming form another alias with logging disabled on that rule. Unfortunately that alias contained a different FQDN that resolved to the same IP of the removed FQDN.

What is the important lesson here:

Apparently the PF box handles floating rules AFTER interface rules. And since logging of that floating rule was disabled, the firewall log logged the allowed traffic from the interface rule, but blocked the traffic afterwards based on the floating rule with no logging! You end up seeing an allow in your log, but it is blocked in the end!

This must be a culprit some else will face one day or another :)

I use a gateway group as the default gateway for both IPv4 and IPv6 and it works as expected - igb0 is tier 1 and igb1 is tier 2:

# netstat -rn | grep default default 192.168.1.254 UGS igb1 default fe80::da21:daff:fe19:dbb0%igb1 UG igb1 # ifconfig igb0 | grep status status: no carrier

You can share the files/logs here for review:
https://nc.netgate.com/nextcloud/s/Dj3ZbjQstNB52e7

Do you have the NDI from the device? If you send that to me in chat I can check for an ACB key.

What is the difference between the device/PC that IPV6 works on and the ones that don’t? I would start with looking at the IPV6 settings on the devices/PCs that are having problems. I’m going to guess that your router advertisements are managed. Try stateless DHCP advertisements and see if that solves your problem.

Sulla web GUI di pfSense vai in diagnostica e poi in command prompt,nella casella execute shell command digita il seguente comando: certctl rehash
Attendi un output e poi ricontrolla gli aggiornamenti o i pacchetti e dovrebbe funzionare.
pfSense 2.7.0 è una versione vecchia,quindi penso dovresti aggiornare alla versione 2.7.2 e poi alla versione 2.8.0,prima di fare qualsiasi cosa ricordati di salvare il file XML della configurazione attuale di pfSense.

Saluti

Hmm, I thought we'd fixed that. Let me see...

Ah, maybe not: https://redmine.pfsense.org/issues/16207

@EChondo

What's your pfSense version ?
The instructions are shown here :

1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

@EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

No need to wait x days.
You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

@dlogan From the console restart the webconfigurator and/or PHP. Check the logs?

@jhg said in Installing 2.8 behind archaic PPPoE/VLAN from CenturyLink:

Is this available yet?

It's in testing now. No issues so far so should be available soon,

@greatbush while I have about 3 minutes here
do you realize that windows machines by default will not allow pings and such from outside their own subnet to come in? Just trying to rule out any issues that you might have with Windows firewall on those machines..

@luckman212

Click on the image :

1c8c8a2b-ed5f-4dd1-8694-8be0e58350e8-image.png

I didn't test other search engines ...

edit : the link @kpa posted is, imho, the best answer ( and totally not-FreeBSD related ^^ ).