@jc1976 said in Squid on 2.8:

upgrade an issue developed between suricata, pfblocker, and unbound. when i disable the two packages, all works fine

Let's consider :
If you leave the 'unbound' (the resolver) settings to "all default", the way you found them when you first installed pfSense.
You remove / don't install the extra stuff = suricata and pfblocker.
Then : no issues what so ever.
Right ?

This means your issue isn't "pfSense 2.8.0" or the upgrade. Its an 'ordinary' package settings issue - call the admin 😊

Tell you boss that suricata can only filter non TLS traffic **, something that doesn't exist anymore. Check for yourself : who visits http (port 80) sites these day ? Who collects mail using port 110 ? Who sends mail using port 25 ?
Imho : suricata, for what it's worth, can't do much these days, it can 'see' the data payload in the packets. Everything is TLS these days.

** It is possible to do TLS filtering, but that demands a 'proxy' setup, making you a real expert.

pfBlockerng is blocking you, DNS or something else ? That's any easy one, and rather simple do debug.

Hmm, I thought we'd fixed that. Let me see...

Ah, maybe not: https://redmine.pfsense.org/issues/16207

The default LAN to any rule should pass that traffic.

What rule did you add exactly?

@EChondo

What's your pfSense version ?
The instructions are shown here :

1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

@EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

No need to wait x days.
You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

@stephenw10 Today I rebooted the host (Hyper-V) and had no problem at all. Don't know if this points towards being a weird virtualization issue... But then, why would WireGuard be effected...

@nicolasfo said in [RESOLVED] IPSec tunnel OK but routers can't ping each others:

You can know everything about everything thanks to Google. But if you don't know what to search, it is useless.

The problem is resolved, by adding a bogus route, by hand.

Here's the explanation :

https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

Thanks for help

Oh my god this worked! Created an account just to say THANK YOU for this. I have a pfSense<->Unifi connected via IPSec. Applying it on the pfSense side makes pfSense->Unifi direct gateway/FW connection possible. Applying it on the Unifi side made my IPSec work perfectly.

Again, thank you!

@dlogan From the console restart the webconfigurator and/or PHP. Check the logs?

@jhg said in Installing 2.8 behind archaic PPPoE/VLAN from CenturyLink:

Is this available yet?

It's in testing now. No issues so far so should be available soon,

@drodgers Hey. I'm going through this exact thing now with Vodafone and pfSense and struggling. I've replicated your settings but it seems very intermittent.

My clients get ipv6 addresses and can ping out fine however browsing this forums dies because it responds with and ipv6 address.

For some reason as soon as I enable ipv6 netflix and paramount also stop streaming 🤦 They browse fine but as soon as you try to play a video it's a no go.

Any ideas or pointers please or could you post your most recent working config please?

@ashleygavin said in Vodafone UK - IPv6:

What error do you get if you wget -6 a website?
And you have the two default LAN firewall rules, one for IPv4 and one for IPv6, and only the LAN net? On WAN you won't need any rules for accessing internet. And do you see open states for the (web) connection?

NAT would not be a topic for IPv6 in the default config.

I had same issue for a long time.

Then I tried pkg update -f and got an error for SunnyVally repository
I figured that I had a old version of zenarmor installed that matches the FreeBSD 14 and not 15.
Upgraded the zenarmor to the latest version.

Haven't had any of the error messages for some time now. hopefully that was it.

Maybe this can be helpfull to someone.

What gets logged when you run that in 2.8?

@greatbush while I have about 3 minutes here
do you realize that windows machines by default will not allow pings and such from outside their own subnet to come in? Just trying to rule out any issues that you might have with Windows firewall on those machines..

@johnpoz I see, thanks for explaining and the help!

I have already solved the problem by using the Python library. You can delete my post. Thank you for your help)

@wc2l said in Teams Issues:

teams.microsoft.com works just fine.
Host "msg.teams.microsoft.com" could not be resolved.

Same for me.

edit : while waiting, read also C:\Program Files (x86)\Microsoft Teams Network Assessment Tool\Usage.docx - this is a Microsoft tool with a manual / notice .... ( 😊 )

@luckman212

Click on the image :

1c8c8a2b-ed5f-4dd1-8694-8be0e58350e8-image.png

I didn't test other search engines ...

edit : the link @kpa posted is, imho, the best answer ( and totally not-FreeBSD related ^^ ).

Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.