Where should I block it? In the firewall rules? Thanks a lot! :) spotify premium seruapk

Thanks, that’s really useful! :) I’ve tried using aliases a few times before, but I’ll make an effort to use them more often. Just set one up for Spotify Premium https://seruapk.com/spotify/ now... :)

@stephenw10 yeah makes no sense to set that to something. Because if you have no san setup on the cert your doing, then the san should be blank.. If you put a space in for your san you get this error. [image: 1754309398040-blank.jpg]

Yup, new bug at the last minute forced a rebuild. Should be real soon now though.....

Yup that ^. If the NICs are are same driver and there aren't fewer then it should just boot normally. But be aware it's possible they may be parsed in a different order so be sure to test. But if it's a Plus install the NDI will have changed so you will no longer have access o the pkg repos until that is registered.

@ipguy said in I need BF-CBC: https://forums.openvpn.net/viewtopic.php?t=35809#p111709 These openvpn options : providers legacy default data-ciphers-fallback BF-CBC compat-mode 2.3.18 check if they still exist in the version used by pfSense. First : check the Openvpn version used by pfSense. Then, with that version number, look them up in the openvpn user manual. If it's the case, then use them here : [image: 1754303064757-c6da93cf-9502-4171-b791-b119919f5e6f-image.png] for example, I use the option status /var/log/openvpn.status; status-version 1; for my own needs. When yous aved tehse option, check how OpenVPN sarts up (the logs) and see if it doesn't scream with errors. Also check the openvpn config file (the one created with the GUI parameters) for consistency. You can find the file here : /var/etc/openvpn/server1/ and look for the file "config.ovpn". It's an ordinary text file. Don't (bother) edit(ing) this file as it is auto generated by the GUI.

@stbellcom said in 6100 Failed eMMC replaced with NVme but now no longer reboots: so we went the next drastic step and that is remove the eMMC from the board. Got any pictures of this process, that show the location of the eMMC chip(s) or tips for someone who wants to try it?

@ipguy Some services dont max out to the OS limit and have their own internal limit, but if it is the case then I dont know how you would raise it, I think a VPN hitting the listen queue limit is highly unlikely unless you running a public VPN server that has gone viral or something. So it seems odd to me you have this problem in the first place. 'netstat -L' shows listen queues, looks like OpenVPN has a limit of 1. My OpenVPN processes are running in client mode though. There is nothing in the manpage to tune it, and I found a very old dev post from people asking for the limit to be raised, it very likely is compiled in to the binary.

To anyone following this thread: I'm on pfSense+ 25.07 now and testing a new version of the Auto update check script. Once 25.07 is released (in a few days I expect...) I will push this update, should work on current pfSense 2.8.x / 25.07.

Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

@johnpoz said in Strange DNS Issue: Could be a peering problem your isp currently having.. But yeah if you are resolving and can not talk to the owning NS for a domain, your not going to be able to resolve anything from them. I came to the same conclusion as it's now miraculously working! I knew I dotted all my i's and crossed my t's and coming up with nothing on my end lead to me to believe it was something upstream. Thanks to everyone that chimed in!

@yellowRain What is exactly the point of hiding private ranges?

@dennypage said in pfsense-tools.git clang gcc: @phil80 said in pfsense-tools.git clang gcc: portsnap fetch properly fetches freebsd ports collection FWIW, portsnap is very dead as far as the FreeBSD folk are concerned. All references to it were removed from the documentation 5 years ago, and its use is no longer supported. The original announcement is here: [HEADS UP] Planned deprecation of portsnap. Thank you for the reminder. I usually only use Latest. I always use git for collaboration In short life or one use jails, portsnap is way faster to fetch than git for one package compile Based on your linked article, I'll favor git in the future

@rfranzke Its waaaay too difficult to blame faulty installation for random crashes. If something like that happens (say, a faulty drive) then crashes are immediate and repeatable. The bsd bug that Steven has found is a better candidate. Obviously its rare, if it wasn't there would be plenty of reports here about it. Now you are able to catch full crash dumps. A debug kernel is the next thing. This is deep waters and you know it. Give it some time.

@patient0 just a quick note, I updated that script to operate correctly on newer versions of pfSense (2.8/25.07). Let me know if you run into any issues.