Tangentially, Proxmox has a few ways to assist with that. See https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#network_pin_naming_scheme_version and the next few sections in the document.

@keyser My "security engine" which is the server that receives all the logs and makes decisions, can be run on a separate server. That is my exact setup so I can run my own web/php front end. As per the the url block list, or EDL since I'm entrenched in Palo terminology, doesn't do the log analysis and crowdsec reporting. Different strokes for different folks I guess.

@stephenw10 I agree @ramup thanks for keeping everyone in the loop

Nothing I'm aware of. Not yet.

@lc63 Thank you, appreciate it! So, in this topology, I would have two phase 1 tunnels with the same phase 2 networks, right? How would the pfsense know which one to use for the routing?

@Gertjan well..... finally i created a new user for inwx and just gave him dns_management role only AND without 2FA. So now all is fine, my PFSense has the LE Cert as it should be. Thanks and kr Mike

Try 2.8.1 first if you can. You are probably hitting this preventing the SWAP being enabled: https://redmine.pfsense.org/issues/16232 Unfortunately that fix didn't make it into 2.8.1 but you can apply that patch there. Or manually make the one character change! That should give you the expected 16G of swap which will be enough for any core file.

@pwood999 Hi pwood999 and Gertjan This happens with various service providers and I have changed ping targets. It also happens on various installs in different cities. I have installs in 5 different locations on 9 servers. I also know about the tweaks and the other things you mentioned Gertjan and used them heavily with marginal DSL connections. It happens very infrequently so it is difficult to know how to handle something that works 99% of the time. By the way, 8 of my WAN connections are statics. This is something to think about. I was about to make the 9th static as well, but maybe I will wait. Statics are especially useful with HA. The current DHCP unit is the only one that is not HA. I will be watching 2.8.1. Thanks so much for your suggestions. Roy

Hmm, curious it should have worked in 2.7.2. What modem is that exactly? I have hit that before and handled it by feeding the init string to mpd5 that allows it: &F&C1&D2E0S0=0${temp} Try that.

@patient0 Still the same issue with if_pppoe.

It's a one line patch so should be safe enough to add manually if anyone wants to try it: diff --git a/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc b/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc index 247cc3c4e1f4baf6325c22ab778d64c3bdf8afc2..e4c2f2b9e72d96a573c7ebb3ce52c01c278265ab 100644 --- a/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc +++ b/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc @@ -239,7 +239,7 @@ if ((false !== $message) && ((false === strpos($message, ': Cron ')) || $message = preg_replace('/^To: .*$/m', '', $message); $message = preg_replace('/^Subject: .*$/m', '', $message); $message = preg_replace("/^(\n){4}/", '', $message); - $send_subject = config_get_path('system/hostname') . config_get_path('system/domain') . " - Arpwatch Notification : {$subject[1]}"; + $send_subject = config_get_path('system/hostname') . "." . config_get_path('system/domain') . " - Arpwatch Notification : {$subject[1]}"; send_smtp_message($message, $send_subject); if (function_exists('notify_via_telegram')) { https://redmine.pfsense.org/issues/16410

It's no different in 25.07.1. The 1100 can take a while to complete the check I agree. It's not really a bug though, it really is waiting for another instance to finish. Previous versions just hid that.

Hello, I am also trying to use DNS-NSupdate / RFC 2136 with dynv6.com. I have used all the information in this and the other related thread, but acme.sh blocks when trying to read the key from the disk. The logs show that the key file is expected in /tmp/acme/home-mydomain-tld-test-dynv6/home.mydomain.tldnsupdatealias-mydomain-tld.dynv6.net.key but is actually in /tmp/acme/home-mydomain-tld-test-dynv6/home.mydomain.tldnsupdate_acme-challenge.alias-mydomain-tld.dynv6.net.key Did I mess up the parameters or is there a bug in the call to acme.sh? Thanks for your help, Atanis

Still running into this. No solution yet? :(

You can also do ACL modes where subnets can be told to bypass the proxy if needed

@Flowi001 Thank You .

@Gradius said in Unable to use BCM57810 properly, need new drivers: https://redmine.pfsense.org/issues/16321 Mmm, that's the same patch that's in 2.8.1 though.

@stephenw10 I did not know about that. Thanks - implemented and it's working!