Pilot error. I didn't save my changes. Missed the save button which was not at the bottom of the page but in the middle. I can connect. I created a lease object and set its ip to an existing lease but open says "can't open object: invalid argument". Must be something really simple but I'm not seeing it. Playback: # omshell > key-algorithm HMAC-SHA256 > key omapi_key xxxxxxx... > connect obj: <null> > new lease obj: lease > set ip-address=172.16.0.20 obj: lease ip-address = ac:10:00:14 > open can't open object: invalid argument obj: lease ip-address = ac:10:00:14 > What am I doing wrong? Thanks

@cabledude There shouldn't be any sort of tie between the two. The patch is supposed to disable the smart card service. Maybe it got stopped once you "touched" the services?

@dono said in WAN disconnected shortly after DHCP renewed -- check_reload_status: I was not able to test this because the "Reject from" option is missing when using "Configuration Override". When you use [image: 1640680507574-8e7747c3-ea00-493b-87c6-71f23ac7ab8a-image.png] : you inform pfSense had you have created your own dhcp-client config file. The path to this file was indicated using "Configuration File Override".0 You can add a line ( see dhcp-client documentation, but you already have the doc as you are using the "Configuration Override" option) how to block "10.199.175.209". Example : When I add "1.2.3.4" like this : [image: 1640680913666-ba6fcda6-c5ea-438c-be8d-15fa7e27f504-image.png] I get a /var/etc/dhclient_wan.conf that shows : interface "em0" { supersede interface-mtu 0; # DHCP Protocol Timing Values # DHCP Protocol Options reject 1.2.3.4; script "/usr/local/sbin/pfSense-dhclient-script"; } So, adding reject 10.199.175.209; will do.

@pulsartiger said in Arpwatch email notifications not including hostname or vendor: I dont recall how I did this. Then recall. Go to Services > DHCP Server> LAN and go to the bottom of the page. Look under "DHCP Static Mappings for this Interface (total: xx)" The "Hostname' column will be the host name. I have some Static DHCP mappings listed that are actually devices NOT using DHCP, they have a static IP setup. Arpwatch doesn't mind. It will list all 'live' MAC with IP devices.

@viktor_g Oh, thats it? Well... thats simple. I will give it a go! As soon as the box rebooted, I saw the IP update on no-ip. Sweet, thanks!

@gertjan I'll do that. Thanks

@jinat You are executing nslookup where ? On pfSense ? On a device connected to a LAN of pfSense ? If this is the case, what is the DNS used by this device ? Is (the IP of) it pfSense ? @jinat said in nslookup is not working from upstream DNS forwarding server: Could you please, help me with what possible configuration should I make sure to make it working? There is no configuration on your side needed. pfSense, out of the box, works. Your devices, as soon as you take them out of the box (== they are / were new) can connect to your network, and have Internet access. If you really have to transmit all your DNS requests from pfSense and underlying LAN networks, to some DNS server of your choice (you want to forward) : see Netgate video's or manual about how to do so. This is (should be) completely transparent for the network clients, and pfSense itself. C:\Users\Gauche>nslookup www.google.com Serveur : pfsense.my-local-network.local Address: 192.168.1.1 Réponse ne faisant pas autorité : Nom : www.google.com Addresses: 2a00:1450:4006:80a::2004 216.58.198.68

Confirmed this worked for me as well. On 2 installs of pfSense CE with latest stable 2.5.2.

@myman said in Unbound: fatal error: Could not read config file: /unbound.conf: unbound-checkconf returns unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf Runing " unbound-checkconf" will check the default /usr/local/etc/unbound/unbound.conf, a file that exists, but it is just a demo file. The real "unbound.conf", the one unbound for pfSense is using, is here/var/unbound/ Your unbound is restating every couple of minutes. If these restarts happen to often, then the start code can overlap with another startup. Then one of then can fail and you see the error shown. Disabling "DHCP registration" is one of the first things to try.

@patch So it is planned that pfsense will become the gateway for the VPS to proxmox. In the proxmox, in the VPS settings, I initially prescribed dns from pfsense. Thanks for help!

@jagradang That is not the problem. It is one of the tests that I have done, because in the pfsense server itself it resolves the dns of the domain to the IP I want to point to. @Gertjan I call default dns which is found by default on ubuntu 20.04 servers. On the pfsense server, it does correctly resolve domain A> IP granted (not IP by default). I try to explain my problem again .. I have a pfsense server that acts as a vpn with openvpn. I add servers and clients with a static IP so that I can add firewall rules to my liking. I try to explain my problem again .. I have a pfsense server that acts as a vpn with openvpn. I add servers and clients with a static IP so that I can add firewall rules to my liking. Everything connects well and they see each other through the protocols that I want (ssh, https, etc), the problem is when I want a client to access a specific domain that I have (domain1.site.com) and the client needs change the "hosts" file to be able to route it correctly to the internal IP that I have forced in pfsense. Is there a way in the .ovpn file? Or some other of forcing the client to access that domain through a forced IP, instead of the one pointed to by the domain? The operation is typical of the "hosts" file and it would solve all the problems, but I don't want my clients to have to go through this. Any ideas? I'm sorry if I don't express myself well .. Greetings to all

This : @miquim said in DNS Resolver resolving only ipv6 results: PS C:\Users\Rodrigo> nslookup smtp.office365.com is what you send to pfSense, the resolver. Several logs, under the menu "Status" and 'pfBlockerNG' are available so you can see what unbound did with the request. We, here on the forum, can't see these logs. You can ;) Btw : @miquim said in DNS Resolver resolving only ipv6 results: My pfsense with PFBlockerNG and DNS Resolver are resolving only ipv6 for a nslookup for smtp.office365.com you wrote the answer. The most plausible situation is : remove (deactivate) pfBlockerNG and IPv4 resolving will work again. What are your pfBlockerNG-devel 3.1.0 settings ?

@gertjan @johnpoz Thank you both for your advice, things are running a lot more smoothly now

@gertjan said in How to remove old IP entry of host: Look here Services > DNS Resolver > General Settings at the bottom of the page. Check also Services > DHCP Server > (any LAN) at the bottom of the page : "DHCP Static Mappings for this Interface" Thanks for the hint with the DCHP server. I totally forgot about it. I looked in both and found that there is a static DHCP lease in the DCHP server list. But it is shown no where else in the DCHP server and so I couldn't delete it. Then I remembered that this old IP is the an IP of the range of an old now disabled interface. Luckily I only disabled the interface and not deleted it. So I enabled it which created a tab in the DCHP Server menu with this interface and the static mapping of the old IP. I removed it, disabled the interface again and now I am happy! Solved!

@gusto said in Public DNS for specific IP address: @gusto said in Public DNS for specific IP address: @viragomann Thank you very much I canceled this option and now it works. I hope this does not endanger safety. Enable SSL / TLS Service appears to have been enabled by default [image: 1639374695569-tls.png] What is written here does not apply! I have 2 applications installed on my smartphone to use openvpn. OpenVPN free client (old) OpenVPN Clinet (new) Regardless of whether "Enable SSL / TLS Service" is enabled, it does not work for OpenVPN free client (old). Regardless of whether "Enable SSL / TLS Service" is enabled, it does work for OpenVPN client (new). This also does not apply! When I tested it, the web pages were displayed offline on my smartphone. "Enable SSL / TLS Service" must be disabled. I always have to use the OpenVPN client (new). OpenVPN free client (old) does not work.

What is your WAP device? Check your WAP configs and make sure there isn’t a setting enabled to prevent devices from accessing and being accessed by the LAN or from/to private IP space. On my Unifi WAPs this setting is called “Device Isolation”. Peter