Messages

I normally don't follow links from forums. I made a tweak to make an exception. I'm unable to do it again for the moment, sorry.
Best to paste here in code quotes the main parts.

Many additional options have been added to the plugin in the time since the original post.
I suggest to have a look at them. I wonder if you need the "option forwarded".

Code Select Expand

re0: watchdog timeoutThis is your problem or at least one of them. Realtek NICs are bad in freeBSD. Ideally you change to a better supported one. Intel ones are the ones usually suggested.
As a temporary mitigation you could -if you haven't yet- use the realtek-vendor driver "os-realtek-re"

Do you want to be the one going to the *nix and *bsd developer groups to tell them they are using a logging technology from before the 21st century, and why in your opinion it needs to change?

True. I'm pretty sure I saw one somewhere, maybe the network guy place.
Point being though, although double nat is not necessarily something that doesn't work i.e. it is best to avoid if possible but otherwise things work fine, there are so many threads here where the user plonks their new router with OPN behind their existing one "so to test and ready for switchover" but then so many "things don't work correctly", and not having done an even cursory read of the basics, that it is worth IMHO to write this note from the off.

Before I start this, is there anything I should be aware of/worried about/ensure that I do?

Is there any guides on how to do it properly, without bodging the family internet?

The docs are a good place to start but they don't have this scenario. It's not an unreasonable one but is not described, so if you know your way around networks, it isn't too hard. But if you aren't, then you could have some networking behaviours that might seem "broken", or things might appear "not working".
Think of it this way, have you ever put a router behind another router and all was good? Then you're ready.
You haven't done that before, then you need to start reading. No, there is no recipe. Why? Because there are so many options and services in OPN that can be used, or not. Are you familiar with NAT? What about double NAT? Well, you are heading in Double NAT direction, with additional networking thrown in (Proxmox has its own networking stack).
I'm not trying to put you off. It'll be a good ride. Just be prepared for some new learning.
https://docs.opnsense.org/intro.html#reading-guide

You are in the English section of the forum ;) You might want to post it in the Portuguese one so you get more eyes on it.

wild guess. Have you changed the root user's login shell? What is it set to?

do a search on the forum for "uart console" please. It should get you a couple of threads about what hints to use as something to try.
I can't search for it for you at the moment.

In VLAN2, I have a firewall rule that explicitely blocks all traffic (inbound), however, if I say RDP from devices in these VLANS from VLAN1 to VLAN2, I am able to make the connection, even through in my VLAN2 firewall rules I explicitely deny all traffic.

You want to make the rule on VLAN1, direction IN, destination VLAN2 and block.

@iiAmLoz good to see you around here.

Probably the parser for it is setup for that. Hopefully there'll be engagement from the crowdsec people here.

Ah, of course. I didn't think of an easiest route.

you can still use ZFS with only one disk.
No, a restore of the config will not affect the OS files, but it needs them to work ;)

"Missing LF on last line" . There are online posts about it. But my guess is at some point you were manipulating the config file in a MS Windows machine. LF is a Unix line ending, and that is what haproxy expects.
Solution is to add the missing unix type line ending. I'm pretty sure there are editors that can do it in Windows as well.