Same issue, don't see a resolution posted so bumping it up. Time Process PID Message Sep 17 00:34:22 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/dnsmasq.pid) does not exist, No such file or directory. Sep 17 00:36:37 dhcpleases bad name in /var/dhcpd/var/db/dhcpd.leases 2.3.2-RELEASE (amd64) built on Tue Jul 19 12:44:43 CDT 2016 FreeBSD 10.3-RELEASE-p5

@johnpoz: " unbound doesn't list these interfaces to be selecte" Then assign them to an interface..  I sure see my openvpn connection in my interface list, how would that be any different from an ipsec connection? Ah, yeah, you can assign an OpenVPN server to an interface,  but no way for the IPSec connection, Can't use IPSec VPN unless ALL is selected, not sure whats missing. EDIT:  Could be because IPSec was set by using WAN interface?

Hi stan-qaz, that's what I wanted. thanks. Johnpoz jajajajaja thanks too.

@CiscoX: Try here: https://doc.pfsense.org/index.php?title=2.3_Removed_Packages&redirect=no :) its available and wiki needs to be updated

So did you delete the actual lease on the dhcp server, or have the client release it and then get a new one? I just recently removed a reservation for a machine to test that secondary pools were not handing out different info in that pool.  And to test that I wanted to put my machine in a 2nd pool. I removed the reservation I had.  Created a deny for its mac in the first pool.  I then release the reservation on the client, did a ipconfig /renew on the client and bing bang zoom got IP from the 2nd pool.  And as I found after verification that yup in dead extra pool info was not being handed out that there was a bug already entered for that very thing. You need to make sure there are no leases on the server for that client to renew if you want to have it get a new lease or use a reservation, etc or not use a removed reservation.

"It seems that this new version does not check the reservation table before the leases table." I do not agree, I have been using pfsense since version 1 and like 99% sure that has never been the case.  Maybe you were releasing your lease from the client before renew. I can tell you for fact that if on the client you do a simple release and then renew you get your reservation from the client.  Windows do a simple ipconfig /release ipconfig /renew And you will get your new reservation.  Again if the old lease is there and the client asks for it then yeah its going to be renew, does not matter if you have a reservation or not. I do not see why some sort of script could not be created to parse through the leases for matches to the reservation list and purge them.  Comes down to priorities I would assume.  If you want it bad enough then put in bounty, is there a feature request for this?  Check redmine and if not put it in.  If the bounty gets high enough then sure someone will do the coding required to do that. But once you understand that you need to make sure there is not an old lease be it from the client releasing it, or removing it at the server if you do not have access to the client at the time it really becomes a non issue.

that is something completely different than a host override or a domain override..  With that your doing a wildcard for anything.example.com to 192.168.1.54

@jetberrocal: I have the pfsense 2.3.2 RELEASE with DNS resolver turn on and DNS Forwarder turn off.  The general config I have the WAN by DHCP assigned and DNS from the DHCP. The DNS servers shown in Dashboard are: 127.0.0.1 and ISP DSN IP (10.168.0.1). You can also try with DNS Resolver without Forwarding mode. In General Setup, leave the DNS Server blank and disable DNS Server Override

Same issue. ISP originally stated they were receiving the MAC of the powerline, so I mimicked it in the firewall. The problems went away for about a week, then came back. I suspect it to be some configuration error on the pfsense side, as it seems to relate to DHCP not renewing properly.

Some symptoms are explained there https://forum.pfsense.org/index.php?topic=117570 https://forum.pfsense.org/index.php?topic=118092

I doubt the root servers are missing info about this domain..  More like their authoritative servers are not answering, or your connection to them is a problem.. Do a simple trace to these domains when you have an issue.. What do you get back? example dig www.dolphin.com +trace ; <<>> DiG 9.10.4-P2 <<>> www.dolphin.com +trace ;; global options: +cmd .                      78626  IN      NS      a.root-servers.net. .                      78626  IN      NS      m.root-servers.net. .                      78626  IN      NS      b.root-servers.net. .                      78626  IN      NS      c.root-servers.net. .                      78626  IN      NS      i.root-servers.net. .                      78626  IN      NS      g.root-servers.net. .                      78626  IN      NS      h.root-servers.net. .                      78626  IN      NS      j.root-servers.net. .                      78626  IN      NS      k.root-servers.net. .                      78626  IN      NS      l.root-servers.net. .                      78626  IN      NS      f.root-servers.net. .                      78626  IN      NS      e.root-servers.net. .                      78626  IN      NS      d.root-servers.net. .                      78626  IN      RRSIG  NS 8 0 518400 20160924050000 20160911040000 46551 . q5UthNJ4M+Zl2TjfY05SNu5RU57DkjKIXyaWz092XCN0cRaxBbvwy0OT xm2zE2NI36kHVccS2iKPIgDdR6/0DdBaY+f1Ibe0n+y/ipKpoDP RqTIu 1Usd9ltQF3c58aD5W+iU/ewkLuhBWnReyO1i12XTNwlHKjJZTKE4fwor gNw= ;; Received 397 bytes from 192.168.9.253#53(192.168.9.253) in 2 ms com.                    172800  IN      NS      a.gtld-servers.net. com.                    172800  IN      NS      b.gtld-servers.net. com.                    172800  IN      NS      c.gtld-servers.net. com.                    172800  IN      NS      d.gtld-servers.net. com.                    172800  IN      NS      e.gtld-servers.net. com.                    172800  IN      NS      f.gtld-servers.net. com.                    172800  IN      NS      g.gtld-servers.net. com.                    172800  IN      NS      h.gtld-servers.net. com.                    172800  IN      NS      i.gtld-servers.net. com.                    172800  IN      NS      j.gtld-servers.net. com.                    172800  IN      NS      k.gtld-servers.net. com.                    172800  IN      NS      l.gtld-servers.net. com.                    172800  IN      NS      m.gtld-servers.net. com.                    86400  IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com.                    86400  IN      RRSIG  DS 8 1 86400 20160924050000 20160911040000 46551 . XXFl3T8AiPbwLWJlhgoI7BkW9Jg1WFxziiVt4V1umAaUGhwpsbyy1rmq uOt/Mdru1WeaguvpA7IQR30Cix9XU1QekHayQjahH+XAAXeHTtE9 3rRS otpJ/SxCBfQco2vwq801wOyAI2fPn/Wxpk2HgT+8rA5cyte+MfHfqqBt GZc= ;; Received 739 bytes from 192.203.230.10#53(e.root-servers.net) in 11 ms dolphin.com.            172800  IN      NS      f1g1ns1.dnspod.net. dolphin.com.            172800  IN      NS      f1g1ns2.dnspod.net. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A  NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20160915044336 20160908033336 27452 com. xNERKmnAlkb3XiEf76OahP52D10WKZLu7GcWpYhVT4be0SBbmq9Kn+XV AnaMG/Ywu1/4VPyMfDxnw+XJLMXLn3NJN7TbNLA9Z 0TqcpbRZcnTq1Na cO9/iuAx32Oaf5pbJIwuSS7HAhfDY4tahpYuSYDz8xOQzyf5W6wnjWAL sAc= Q05059R7K3JFV1UDP1G1SM61I57CKHL2.com. 86400 IN NSEC3 1 1 0 - Q051JGOH12HHFA74IF5LTR5A3K8NGAAK  NS DS RRSIG Q05059R7K3JFV1UDP1G1SM61I57CKHL2.com. 86400 IN RRSIG NSEC3 8 2 86400 20160915044056 20160908033056 27452 com. NN6PIwgJuLkL0N6ZhwcHFUO7fe0K7AHyMTXoUITg1qjzpF5LXgko/5f9 BFh+mHWAMpwn2Yhu/zutJbMxZzSbo/ggLw43Onuq7 H67IOpG8zdIl+St 1D1uP/q8lrRkg9nY9XA8yuluAKYfS3EkBaUs/XE7HC7I1mA7w09HpoiV cgI= ;; Received 727 bytes from 192.5.6.30#53(a.gtld-servers.net) in 11 ms www.dolphin.com.        600    IN      A      23.21.255.26 dolphin.com.            86400  IN      NS      f1g1ns2.dnspod.net. dolphin.com.            86400  IN      NS      f1g1ns1.dnspod.net. ;; Received 124 bytes from 182.140.167.188#53(f1g1ns2.dnspod.net) in 379 ms

The workaround works but i would guess it should update by itself, or not?

Well I can say I seem to see the same problem from quick test.  I created an additional pool, denied my boxes mac on the normal pool, and put those options in on the added pool settings.  I then did a release and renew of my IP and did get a new Pool IP, but in the sniff I did not see any of those options in the offer. So this seems to be a known issue https://redmine.pfsense.org/issues/6720 And there is a fix for it.  https://redmine.pfsense.org/projects/pfsense/repository/revisions/285987208f31f38abe35b984b08645d43c11b001 You could apply that or wait til pfsense updates and includes that fix.

Dynamic DNS under pfSense will force an update every 25 days if the IP address doesn't change… hence this line in the log file: Sep 10 01:01:00 pfSense php-cgi: rc.dyndns.update: phpDynDNS (xxxxxx.noip.me): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. If your DDNS provider requires an update to be more frequent, even if the address hasn't changed, then you might open a feature request to allow a changeable setting for DDNS updates, for providers that need more frequent updates. The alternate solution is to edit the DDNS entry, then click the Save and Force Update button. No need to delete files or delete the DDNS entry.

Yes when going from rfc1918 space to public space you have to nat.  This is a given!!  But your pfsense wan is 192.168.3 this is some network inside your network..  And then its lan is 192.168.0 there would be only some special specific scenarios where you might want/need to this 192.168.3 network which is what pfsense is going to do out of the box. If your going to use pfsense as a downstream router in your network there is rarely a point to natting inside your network.  Yes at your internet connection your going to want to nat to what your public is.  And this device will need to know how to talk to pfsense lan network, and nat its 192.168.0 network etc..

If your using forwarder or resolver, etc.  I agree this is pretty straight forward ;) Messing it up takes a special sort of skill ;)

It's always the simple things. I had outbound NAT rules set to manual for no good reason. Flipped back to auto, and all is well. Thanks for the tip.

Sorry, I meant QUESTION, not connection. Too much networking going through my brain. I've got the reservation part down where it's outside my specified DHCP Server range. What I was trying to find out is the easiest way to find a device that tried to connect to the firewall and was rejected. If I set "new devices will be denied", I then have to figure out their Mac address and add that as a static IP. I figured out I could just look through the firewall logs and find the info, but at the time I didn't know if there was an easy way to see all rejected devices.

dnsmasq conf : cat /var/lib/libvirt/dnsmasq/default.conf [sudo] Mot de passe de dje : ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using: ##    virsh net-edit default or other application using the libvirt API. dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/var/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts