@jknott yep, and I would have conveniently ignored it for years thinking it was normal. Oooops. Don’t be me :)

@bingo600 Yes, I have a config backup file. I still have access to the appliance. everything is working except dhcp. I'll reinstall the appliance. thank you

@vikd said in InterVLAN routing with DHCP on layer 3 switch: VLANs and interfaces in pfsense and not possible to hand out IPs via DHCP ? You can hand out IPs to network directly attached to pfsense, you can not hand out dhcp to a L2 network this is not directly connected to pfsense. If your routing these downstream of pfsense, then that is a different L2 network. All of your downstream networks would use pfsense to get to the internet, or could even use it for dns, etc. etc.. Or other networks hanging off of pfsense. But once you create downstream networks that router to other downstream networks at your L3 switch, this is not a directly attached network to pfsense and you wouldn't be able to hand out dhcp to those networks. If your switch can not do dhcp, then its a pretty crappy L3 switch.. But if it can not - then run something else on each of the L2 networks for dhcp. Or run something that allows you to create dhcp pools for non connected network - stand alone version of isc dhcpd can do this, etc. Then you would setup IP helper or dhcp relay on your switch to point to this dhcpd. But pfsense can not do dhcp for network that are not directly attached at the L2 level. If your wanting to route at your downstream and put pfsense in the same L2 as these networks, ie you created the vlan - then your going to run int asymmetrical routing problems unless you host route on all of your devices saying to get to some other network talk to yoru switch, but to get to internet talk to pfsense, etc.. The drawing I attached shows you how to properly do downstream networks, and also have a network or networks attached directly to pfsense..

Might be worth investigating that "...SSL certificate problem: certificate has expired", was that always the case prior to today?

@bmeeks @Infotactix Thank you both! Infotactix for the question and bmeeks for the response, that link you provided was spot on! I was about to loose my mind, thinking it was something I did. While this is a home setup and not crucial, it greatly adds convenience. I didn't notice it until I swapped out my cable modem and logged in to check my links and noticed that Dynamic DNS was returning 0.0.0.0 instead of my new IP. I tailed -f /var/log/system.log and saved and forced update and saw php-fpm[85765]: /services_dyndns_edit.php: phpDynDNS and a text output of an html file. Within this output, "That@M-^Ys an error.</ins><p>The server cannot process the request because it is malformed" followed by php-fpm[85765]: /services_dyndns_edit.php: phpDynDNS (): (Unknown Response). It took a bit of digging but I should have checked here first. But as my dad always said, "No matter how long you look for something, it's always in the last place you check."

@steveits Thanks for that, bit confusing how they capture the versions, I will rely on PFS to know whats most current version of the package. So would the Netgate site be the best place for the squidgard manual to configure the service?

It was broken in 2.5.2 as well, it was a 2.5.2 install that I had when I first opened this thread. I don't know what the best solution is. The file itself doesn't even have executable bit set. No I didn't list the full zfs exec set in the bug report. I am not sure why that path was chosen by the package maintainers, that's of course not the default chroot path used in a FreeBSD port installation (/var/named).

@gertjan said in Enabling DNS SSL/TLS Local Client: When you set up a TLS web server on port 443, why is (was) everybody still using port 80 ? Because clients do whatever they want ! Thank you Gertjan, I discovered that early this morning.

@viktor_g said in 2.6 / Dynamic DNS can not be saved or forced update - slow GUI leads to error 504: Please provide more info; Dynamic DNS provider and it's configuration Cloudflare, ZoneEdit, and GoDaddy are used. The dynamic DNS configuration of 2.6 is exactly the same as 2.5.2. tail -n 20 /var/log/system.log output after DDNS update attempt Feb 21 07:53:29 rt0 syslogd: kernel boot file is /boot/kernel/kernel Feb 21 07:55:09 rt0 check_reload_status[446]: Syncing firewall Feb 21 07:55:17 rt0 php-fpm[95131]: /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wancloudflare'rt0.dyn.*.*'0.cache: *.*.*.* Feb 21 07:55:17 rt0 php-fpm[95131]: /services_dyndns_edit.php: phpDynDNS (rt0.dyn): (Success) rt0.dyn updated to *.*.*.* logs look normal and the IP has been updated. However, the GUI showed 504 Gateway Time-out nginx

I stopped using the pre-defined Service Types, and decided to select "Custom" instead. I used the following settings to get things working for Google Domains Dynamic DNS Interface to monitor WAN Interface to send update from WAN HTTP ASI SSL/TLS Options Checked Username (from Google) Password (from Google) Update URL https://domains.google.com/nic/update?hostname=YourSub.YourDomain.com Result Match good %IP%|nochg %IP% My guess is that the Update URL was changed in the in the Pre-Defined service type. Using the "Custom" type should prevent that from happening in the future. This worked for me even without installing "Added System_Patches"

@briarpatch did you do a clean install of pfsense - and not touch anything for the dns setting..

@hemna Does your IPv6 address change? There's a setting to not release the IPv6 address which, with many ISPs, makes the address virtually static. My prefix actually survived replacing, at different times, the modem and the computer I run pfsense on.

@jimp Thank you for checking ! It may be my system with several interfaces with DHCP enabled running on not so powerful hardware.. Have a nice day :-)