Sorry for the late reply.

For anyone interested in Minisforum releasing a bios fix for this issue, I'd recommend you email support@minisforum.com and voice your interest in this.

Hopefully they will not state a fix is not possible, but if they do, kindly point them to the following:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91

This is a competitor's board with an AMI bios and the same i226-LM chip. I am not a bios expert by any means (it probably is not as simple as this sounds), but that link did seem to get them to consider the possibility.

That's how the xmlrpc for config sync works. It implies the secondary didn't respond for some reason. Perhaps it was down at the time?

This issue is corrected in a forthcoming package update. I've posted a Pull Request for review and merging by the Netgate developer team here: https://github.com/pfsense/FreeBSD-ports/pull/1313. Look for a new 7.0.2 package version to appear soon.

@bmeeks

4.1.6_11 sorry I had a mix up.

I do not know if this has anything to do with the intermittent passlist block issue. I noticed this error shortly after the above screen shots. Thanks for all you do and also for sharing the code above.

Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/www/snort/snort_alerts.php:858 Stack trace: #0 /usr/local/www/snort/snort_alerts.php(858): fgetcsv(false, 1000, ',', '"') #1 {main} thrown in /usr/local/www/snort/snort_alerts.php on line 858 PHP ERROR: Type: 1, File: /usr/local/www/snort/snort_alerts.php, Line: 858, Message: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/www/snort/snort_alerts.php:858 Stack trace: #0 /usr/local/www/snort/snort_alerts.php(858): fgetcsv(false, 1000, ',', '"') #1 {main} thrown

Screenshot 2023-10-06 at 5.49.45 PM.png

https://redmine.pfsense.org/issues/14850

I had never used the custom feature before 23.01, so I don't know if it had worked previously or not. If not, then a blank end date defaulting to "now", or an option to select "now, would be a nice enhancement.

I spent last Fall updating an entire website from PHP 7.4 to 8.1, a month of tedium trying things, looking at the syslogs, fix, try again, etc. What a pain... I am still finding PHP warnings and deprecations in my logs that I have to chase.

Danke - hatte ich noch nicht entdeckt! 🙈

@jeffreyn said in No Clients Can Connect To OpenVPN Due to CRL Expiry:

@jimp I applied the patch when it was released. I'm reading the release notes for 23.01 and see Issue #13424 has been addressed in the new version. Do I need to do anything like remove the patch before or after I upgrade? Or does everything take care of itself?

You do not need to do anything with the patch after upgrading. You can delete the entry from the system patches package.

@jimp I ran 'pfSens-upgrade' from the Shell and the world is now safe!

Other than something in item #1, none of the other issues should have been a problem on my system. Here is what I have installed.
b15b044b-06b8-4008-8a2a-22786ca6a1e2-image.png

@gianpaoloracca UPDATE:
you can scroll dragging the column header.
So it's clunky but it works.

Ah, sorry if I misunderstood.

re: network alias, that can be one IP by using a /32 mask.

@autourdupc said in VLAN to LAN ping always possible despite rules:

Next time, i will ask community before spending soo much time !

What we are here for.. If there is some issue you have question on - or not sure if your understanding something correctly.. Yup just stop on by, here to help.

@stephenw10
Answer, hopefully in order...

Version is 2.5.2 on the Azure VM and 21.05-RELEASE (amd64) on the 5100s

OVPN is site-to-site, pre-shared key, UDP on IPV4 only, Layer 3. On the remote server there is a point-to-site server (for use as a remote internet gateway). It's for travel use but nobody's travelling so there are no connections.

Latency is 27-32 ms, WAN Azure to WAN local; 100-130 ms to the other sites from WAN local.

I only have one local device so I haven't tried to replicate here. I could spin up a Hyper-V guest but not now, I am currently working on alternative method, most likely a Linux server on the local LAN, running OpenVPN as a server and NAT port forward Linux server. We are up interactively but backups through the tunnels are an issue.

Not an expert regarding state tables so I wouldn't know what to look for. I can try clearing the state tables after the trouble begins to see if that reset avoids a reboot to restore WAN performance. Would that provide useful information?

We're not running IPSEC now. We were, but IPSEC failed after a recent upgrade. We switched to OpenVPN. I have read that the IPSEC issue has been resolved but haven't switched back.

One more observation. We do have a point-to-site server running locally. There is one user, a Synology raid device that phones home and stays connected 24x7. It is used as an off-site backup device accepting snapshot replication and file share backups. It's been running without issues. It seems to be the site-to-site tunnels that are tripping us up, on the client-side.

In the time it took to fix this critical bug, I was able to:

Set up and thoroughly test out OPNsense in a staging environment Find viable replacements for all the pfSense plugins and features I was using Weigh the pros and cons of switching to OPNsense Realize that open source pfSense has become a second class citizen Provision a new production firewall with OPNsense Manually copy the configuration from pfSense to the new OPNsense box Retire my pfSense box and switch permanently to OPNsense

@viktor_g Thanks for your help.

Linked issue:
https://redmine.pfsense.org/issues/10445

That file could only be stuck if somehow the notifyqueue_running lock is stale or not being released. Maybe something in your notification settings is broken and it can't get messages out.