@johnpoz You are right, pfsense box gets the public IP. I get internet directly from my pfsense box (wan) and share the internet over lan of pfsense.

I don't do any interception at least by doing it on purpose.

Reinstalling pfsense box fixed the issue about resolving domain/hostnames.

Thank you... @Gertjan @johnpoz @SteveITS for your help. I wish, you all get help in the world that you live in more than you did!

@guybrush2k4
Long story short
Screenshot_2024-08-20-16-13-21-074-edit_com.realvnc.viewer.android.jpg
And then you see
Screenshot_2024-08-20-16-18-06-688-edit_com.realvnc.viewer.android.jpg

@gkokkinis

You've missed the very important Netgate Blog post. Read that first.
Netgate Adds Kea DHCP to pfSense Plus Software Version 23.0

Now visit the pfSense GUI and read this one, as it is a follow up :

8477993a-3a79-49c7-9485-fd2218ecdab3-image.png

As stated : this will be the future as 24.08 isn't out yet ...

Now, look up the top 10 KEA post on the forum ... and you'll notice that KEA somewhat works, but no options, gadgets or special requests. It servers leases and doesn't take your needs into account. This will change in the future, of course.

To make a long story short : don't use KEA, use ISC.
KEA doesn't support "DHCP Static MAC leases" yet.

@gkokkinis said in How can I automatically assign Kea DHCP leases to reservations?:

the lease table is cleared and they all try to obtain another address in the pool range (subsequently getting a different IP than they were initially given)

A device on a LAN will recognize a DHCP by its interface MAC addresses. If it already used that DHCP ones before, it will request for the 'prefered' IP, the IP it had before.
That's why you see :

2ef13369-2782-496d-8a19-3da879c2769a-image.png

This says that my PC wants to have 192.168.1.6, if possible.
Even if the remove the lease file from the DHCP server- this file is actually the DHCP server's memory - the DHCP server will grant that request, if - only one condiotion - if that IP wasn't already assigned to some device.

@M0L50N - Update

Just for info, If I switch back to ISC DHCP, everything works normally and I can update and start my DHCPD service ... When I was in Kea mode, I was unable to start Kea-DHCP4 service

To be operationnal for tomorrow, I just forget the idea to change DHCP mode to Kea for now ... but if you have idea to help me diagnose this, this would be really appreciate!

Thanks!

for clarification,
on DHCP server -> GUEST (static IP 192.168.42.1) i set
DNS servers : 192.168.42.1
Gateway: 192.168.42.1
Domain name: homelab.cu

@JonathanLee said in DoH list:

There is something we can use to detect DoH use

DoH is a TLS data stream going a some destination IP using port 443.

Just by looking at the random bit stream, the size of entire stream open - data exchange and stream end, you might be able to say : hey, that's not a classic web page, but something way smaller like a DNS request. But how to be sure ?

DoH server are special, and by nature their IP addresses are semi static or 'always the same', so they can't hide for long time, they will get known. If you're not sure, throw a DoH DNS request on it, and you'll be sure its a DNS server, as a web server will say 'sorry, error'.

To block DoH the explicit way, there is only one solution : go MITM.

@frater Unbound does seem to need a restart to see new interfaces.

In many places pfSense will overwrite files based on the pfSense config file. Best to make changes in the pfSense GUI.

@ojosaghae said in Connection Problem for some devices:

It pops up a Screenshot 2024-08-15 at 10.31.17.png from time to time.

That's nasty and probably means : radio wave issue.
As we humans can see these waves, we can't see interference, collisions, leaking micro waves and things like that.
And its not because we can't see it, it isn't there.

The logs that follow is normal and correct : as soon as the connection comes back up, the wifi device starts with negotiating a DHCP lease. The same thing happens when you disconnect a wired device : when putting the cable back in place, DHCP kicks in first.
Do this ten times a minute, and this will happen ten times a minute.

The thing is : this could have a lot of causes ...

If your AP has a 'scan' mode, use it to see if there are other SSID's around using the same frequency.
Or de activate all your wifi stuff, and activate them one by one. In between, test for a while.
As soon as things go down hill, you've found the device acting bad : remove it permanently.
Or look a the zillion "My wifi is bad, what can I do ?" youtube videos 😊

@Gertjan
talked to my isp, they just replaced all of my coax lines since they were bad and they wouldn't let me talk to them about the dns problem.

This was in fact not my current problem, it did improve my upload and download speeds but thats about it.

very unexpected.

Tomorrow ill call again since they are closed now.

@viragomann
Thanks for asking question, problem solved....

Some information :
The interval between the 2 parts of log where only 3 seconds
no gateway display in the pfsense...

But in System->Routing menu, the default gateway IPV4 was in "automatic"
If I set it to WAN_DHCP it works!!!

@AndyRH
I made a local A DNS record for every IP Adress :) This also worked for me since I dont have that many devices :)

I have this problem also.
Way havednt they manage to fix this when they have added the new DHCP server version, it most get this working fast as its a verry important thing.

@Uglybrian Thanks. There are no settings relating to handoff in the WiFi setup. I will open a case with NetGear support.

Turns out it wasn't too difficult to do myself.
PR: https://github.com/pfsense/pfsense/pull/4693

@Uglybrian You'd need two NAT rules for IPv4 and IPv6 anyway, they can't be combined.

@NickJH well register static, is what you have made a reservation for, that is loaded when unbound loads, so yeah changing the config would be instant because unbound restarted and loaded in all your dhcp reservations.

@mcury that is what I was looking for thank you.