Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.

@stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

@jarmo said in Should my dhcpv6 clients also get a /64 address?:

clients get one /64 address from a correct subnetwork.

Initially, there should be 2. A consistent address and a privacy address. You get another privacy address each day, up to 7, when the oldest one falls off the list.

@wc2l said in Teams Issues:

teams.microsoft.com works just fine.
Host "msg.teams.microsoft.com" could not be resolved.

Same for me.

edit : while waiting, read also C:\Program Files (x86)\Microsoft Teams Network Assessment Tool\Usage.docx - this is a Microsoft tool with a manual / notice .... ( 😊 )

@tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

I've never encountered any problems

And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

@luckman212 No idea, just spitballing, but is it dependent on the type of VPN you choose? I use OpenVPN, not IPSec.

@stephenw10 I made some further changes. I removed the gateway for that problematic tunnel and also removed keep alive etc so that it is not expected to be running at start.
That didn't changed anything for me. At next reboot, gateways are down as is WireGuard. So it seems more of a general problem, although no one else is reporting it...

Wichtig die richtige MSS setzen, die beste für IPsec ist 1328, da hier immer ganze Blöcke übertragen werden können und das Padding gegen 0 geht.

Fahre hier auch mit IPsec zu mehreren Standorten und da geht das durch was die Leitung kann, wenn das kein SMB ist was bei hohen Latenzen halt total nutzlos wird.
Sprich, es muss schon was WAN optimiertes sein.

Fahre leicht andere Einstellungen und DH 21 aber auf den + Kisten.

I have already solved the problem by using the Python library. You can delete my post. Thank you for your help)

@stephenw10 said in 2.8.0 config.xml wont apply with /etc/rc.reload_all:

his confused me since there's no way to update the running ovpn server config without restarting it and disconnecting users.

right, so I modify the /conf/config.xml and a cronjob ( 3 am) is only executing /etc/rc.reload_all
This was working in 2.7.2

In 2.8.0 this is not working anymore.
The changes in /conf/config.xml will not be applied.

deleting /tmp/config.cache was not changing the behavior

@johnpoz I was thinking about doing this, but I was unsure if it was the right way to go or if it was the "lazy, easy, not-so-safe" way. Thank you for the advice.

@Gertjan shame on me! Didn't see that ... thanks a lot!

Nice. Weird though. 😕

@NickJH
Not clear, what you intend to achieve with this, but the Directory container in Apache is meant to be used for local paths. "/" might not be correct here.

If you need to describe a virtual path use "Location".

@luckman212

Click on the image :

1c8c8a2b-ed5f-4dd1-8694-8be0e58350e8-image.png

I didn't test other search engines ...

edit : the link @kpa posted is, imho, the best answer ( and totally not-FreeBSD related ^^ ).

@TonyArizin
The destination has to be the local IP of the server, not the public one, since this is, what you want to access in fact.

@AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

You've found a reason to use a VPN.

Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.