@JKnottYes, that is the correct question, I want to install pfsense on a machine with those characteristics to manage 20k users.

@viragomann Thanks! Your reply helped me understand the flow which I was trying to do from the IPSEC and WAN Rules.

Kept the WAN Rules simple and fixed IPSEC Rules and added LAN rule.

Works now! Thank you for a quick educational lesson!!

That link makes no sense for a pfSense install. This reads like spam....

Yup that ^.

If you only see it reboot it's nothing to worry about.

Try running a backup manually and make sure that works as expected.

@dennypage Thought I would share... I was able to track this down via packet inspection. Turns out, these errors are the result of prefix delegation requests. pfSense does not yet have support for delegation when using Kea.

FWIW, the prefix delegation requests are coming from Apple devices in the role of Matter hubs. There does not appear to be a way to turn it off.

@Bob-Dig Hmmm. 🤔 Not sure what would differ then. I can test again but would prefer to wait until the weekend, or maybe late at night.

I can set it up statically but per my other thread that you responded to, the route for the delegated subnet (pointing to the internal router) is lost if the ISP router restarts, either in that router or in my "outside"/building router.

@stephenw10 said in To do 24.11 or not? That's the question.:

Hmm, should be fine. We can only speculate though without more information. If you can I would boot back into 24.11 and look at the CPU usage and system logs to see what's happening.

I am physically don't have access to my psF bix now and hesitant to mess with it remotely.

Hope somebody else reports similar (or not) and I will try later and wait for a point update.

@Yoe777 To check if the IP address that ftp.ut-capitole.fr resolves to, 193.49.48.249, is listed anywhere:

grep "193.49.48.249" /var/db/pfblockerng/DNSBLIP_v4.txt /var/db/pfblockerng/deny/*.txt /var/db/pfblockerng/original/*.orig /var/unbound/pfb_py_ss.txt

If no output is returned, that means the IP is not potentially being filtered anywhere by pfBlockerNG. (The "No such file or directory" output should be ignored.)

I've also noticed just now that the domain heimdall.ut-capitole.fr is a CNAME of ftp.ut-capitole.fr. You should ensure that heimdall.ut-capitole.fr is also either not listed and/or whitelisted.

No, I do not have it activated. The image shows the CPU usage when the dashboard is not on screen. The high CPU usage is only when the dashboard is on screen.

Nice. 👍

@viragomann I forgot to do that. It's in there now. I don't get the too many redirects but now it just spins.

@ekaiser said in OpenVPN SSH & RDP:

I have seen a few posts on this issue but unfortunately either the resolution is not posted or does not fit my scenario.

So maybe you should provide some more details about your setup and tell, what you tried yet.

Hello @bmeeks,

This was indeed exactly what happened.
I have rebooted my pfsense server in the past, which I would expect create same results, but either it didn't work, or it spinned another ghost process afterwards.

Anyways, I will monitor to see if it keeps happening.
I have seen other posts where other people have similar issue indeed, and will investigate from there if duplication happens again.

In any case, thank you very much for your kind help here.

@keyser

Put it in a new file

/boot/loader.conf.local

That way it will survive pfSense upgrades.

I personally install nano to make small file edits via SSH CLI

pkg install nano

@stephenw10

Yep starts up fine, no issues.

Unless i can reproduce it or others have a similar issue might have to throw this in the mystery box.

Which RAM disk are you running? If it's /var you are probably losing logs when it restarts. Try disabling that at least as a test so you can get the full logs across a reboot.

That is the error I'd expect when trying to authorise against radius but I'd expect some other code when trying to start the service If it fails to start.

@getcom
Thank you! That worked!

Unclear. By 'router' here you mean the gl.inet GL-MT6000? And that is connected to the pfSense LAN?

I can only imagine that device drops the link to the LAN when it reboots and the other device does not. However that should not affect the WAN. The other possibility is that during boot it comes up with a subnet that conflicts with the WAN causing the default to flip.

But however it's doing it you should definitely set WAN_DHCP as default to prevent it trying to use the VPN as default.