@getcom
Thank you! That worked!

Unclear. By 'router' here you mean the gl.inet GL-MT6000? And that is connected to the pfSense LAN?

I can only imagine that device drops the link to the LAN when it reboots and the other device does not. However that should not affect the WAN. The other possibility is that during boot it comes up with a subnet that conflicts with the WAN causing the default to flip.

But however it's doing it you should definitely set WAN_DHCP as default to prevent it trying to use the VPN as default.

@Bambos
When stating an alternative hostname, pfSense generates a SAN certificate. There is no reasonable case for me to do this with a user certificate, however.

The CSO check verifies only one value, either the common name of the client certificate or the username, not both. As mentioned, which one to use can be set in the server settings.

@do3lk
Hast du die korrekte externe Domain beim Setup angegeben?
Falls nicht, kannst du hinterher die config.php editieren und die Domain bei 'trusted_domains' hinzufügen bzw. den vorhandenen Eintrag ersetzen.

Okay, ich sehe gerade, dass du AIO verwendest.
Aber auch da müsste man die Domain im Setup angeben können.

AIO möchte standardmäßig ein Lets Encrypt Zertifikat installieren. Das wird hinter HAproxy nicht möglich sein. Macht auch nicht viel Sinn.
Da sollte es andere Optionen geben. Vielleicht kannst du TLS deaktivieren oder ein eigenes Zertifikat dafür generieren.
Das habe ich auch so laufen, allerdings hinter OPNsense. Der Backendserver hat ein Zertifikat von einer internen CA und HAproxy verwendet ein LE Zertifikat, das er vom ACME Client bekommt.

Allerdings die Konfiguration dafür müsste im AIO Setup gemacht werden. Ob es diese Option bietet, weiß ich nicht.

@viragomann thank you very much it now works.

It was set as "My IP Address" but seems that it don't work when it is not explicitly set.

I spent some time yesterday learning how to build from ports, and I was able to create Zabbix 7.0.6 proxy and agent binaries using a fully updated FreeBSD 14.2 VM. I didn't use Poudriere jails or anything, just ran

cd /usr/ports/net-mgmt/zabbix7-server/ && make

I copied the binaries to a pfSense 24.11 box for testing and so far they work perfectly.
This is not a proper build and testing process, but it's a good indication that Zabbix 7.0 should work fine on pfSense 24.11.

I'm not a developer and don't have a Github repo, so I guess this doesn't help anyone unless I setup an account and submit a PR for my binaries to be included?

Also, is there a guide of what the statuses mean on Redmine? The Zabbix 7.0 package request is "Confirmed", "In Progress", and target is 25.01. Does this mean that Zabbix 7.0 will NEVER be released for 24.03 or 24.11? Is Netgate staff working on the packages to include with 25.01, or is it waiting on someone in the community to submit it?

If 24.11 is the currently supported version of pfSense, and assuming the Zabbix package doesn't require modifications to pfSense, then it should be possible for an official package to be released for 24.11, right? As far as I can tell, it can 7.0 behaves exactly the same as 6.4.

I think my test port uses different default paths for the config, log, and pid files than pfSense does, but the log and pid paths can be set in the config file, and the the config file path is given as a parameter to the binary. Or someone with more knowledge than me could just set those correctly in the build.

KvY6SmgB4s.png

The latest version of the Net Installer can install many different versions of pfSense. The image linked in the store will allow installing both 24.03 and 24.11. You just select it during the install.

See: https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#version-selection

@stephenw10 said in device has not been registered for pfSense+:

Yes adding or removing any NIC, including USB, will change the NDI.

If you run pfSense-repoc -DN at the CLI it wil print the NDI actually being sent to the repo servers to check against.

Well dag nabit! Thanks Steve! I just promised Craig I will never do such a bad thing again.. 😌

I should have been using my test box to test and not my primary.

Found a setting on newer iOS that may help here as well … wife was reporting in parts of the house her phone would swap from WiFi back to 5g during a call

Can try disabling Settings -> Cellular -> Wi-Fi Assist (“automatically use cellular data when Wi-Fi connectivity is poor”)… maybe a dead spot or between APs fools the iPhone to opt for the crappy cellular signal ?

@aivxtla Here you are:

s3.amazonaws.com s3-1.amazonaws.com # CNAME for (s3.amazonaws.com) .github.com .githubusercontent.com github.map.fastly.net # CNAME for (raw.githubusercontent.com) .gitlab.com .sourceforge.net .fls-na.amazon.com # alexa .control.kochava.com # alexa 2 .device-metrics-us-2.amazon.com # alexa 3 .amazon-adsystem.com # amazon app ads .px.moatads.com # amazon app 2 .wildcard.moatads.com.edgekey.net # CNAME for (px.moatads.com) .e13136.g.akamaiedge.net # CNAME for (px.moatads.com) .secure-gl.imrworldwide.com # amazon app 3 .pixel.adsafeprotected.com # amazon app 4 .anycast.pixel.adsafeprotected.com # CNAME for (pixel.adsafeprotected.com) .bs.serving-sys.com # amazon app 5 .bs.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com) .bsla.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com) .adsafeprotected.com # amazon app 6 .anycast.static.adsafeprotected.com # CNAME for (static.adsafeprotected.com) google.com www.google.com youtube.com www.youtube.com youtube-ui.l.google.com # CNAME for (youtube.com) stackoverflow.com www.stackoverflow.com dropbox.com www.dropbox.com www.dropbox-dns.com # CNAME for (dropbox.com) .adsafeprotected.com control.kochava.com secure-gl.imrworldwide.com pbs.twimg.com # twitter images www.pbs.twimg.com # twitter images cs196.wac.edgecastcdn.net # CNAME for (pbs.twimg.com) cs2-wac.apr-8315.edgecastdns.net # CNAME for (pbs.twimg.com) cs2-wac-us.8315.ecdns.net # CNAME for (pbs.twimg.com) cs45.wac.edgecastcdn.net # CNAME for (pbs.twimg.com) cs2-wac.apr-8315.edgecastdns.net # CNAME for (pbs.twimg.com) cs2-wac-us.8315.ecdns.net # CNAME for (pbs.twimg.com) cs45.wac.edgecastcdn.net # CNAME for (pbs.twimg.com) .pfsense.org .netgate.com

I've not seen anyone use Nextcloud specifically but it's just a matter of code. 😉

See: https://docs.netgate.com/pfsense/en/latest/backup/remote-backup.html

Yes, I would expect so.

hey all,
I could narrow it down...
found my zyxel switch was causing the problem...it is (I guess) another bad IPv6 implementation. So I offed my v6 Interface on my xs1930. Still reachable with v4 and no more spamming my logs.
Thank you for your hint @stephenw10 :)