My immediate goal in regards to addressing is to make it long enough so that I can purchase a class C IPv4 netblock on the open market. Nothing would make me happier than the death of IPv4 but until then I am forced to support it.

Hi to all,

I'm facing to the same problem, WAN connexion is droped after 10min, and up after 10 other...
I try to add route or modify "Use non-local gateway" in WAN gateway advanced, but it doesn't fix the problem.

f8db588f-7b67-4e9e-b040-f2425f22c50b-image.png

How can i fix WAN connexion ?

Best Regards.

There is a package called filer, it would allow you to store the contents of a file in the xml, so the file will be created for you after say an update to pfsense.

Just to not leave everyone hanging on this, here is the outcome:

Got the new router. Restored from backup the configuration file. Switched the interfaces as the SG-5100 is slightly different then the 4860. Plugged everything in and everything seemed to work. That is till 9 am the next work day. Same problem different router, however when it switched to the backup WAN it seemed to connect for a minute or less then it too failed. Rebooted the 5100 and we were back in business on the the main WAN. The backup WAN was connected also. That is until 9 am the next day. Same thing.

Some time that day the backup WAN stopped working. Could not get it to work. However the next day at 9 am the main wan did not fail with the cell modem off. Same thing the next day. Without the cell modem no 9 am anomaly.

However no back up wan. Over the course of several days I continued to trouble shoot the cell modem. Multiple settings changes, factory resets, every suggestion I could find on the net about this specific modem. However the modem would work just fine plugged directly into a laptop. It worked in router mode as well as bridge mode always on the laptop. I could set it up on the laptop, leave it powered up and quickly plug it into the 5100 and there would be an ethernet connection but would never get an IP. The 5100 would not communicate with the modem no mater what I did.

One night at home I thought what if the router had a hardware port problem? Not normal for a new device but possible. Also unusual that it would be the same port that I happened to have the modem connected. So the next morning I logged into the pfsense gui and switched WAN_CELL interface from ix0 to ix2 and plugged the cell modem into ix2. Power up the cell modem and when it finished booting it connected and I had my backup wan again.

Netgate support said I should hook up a laptop to ix0, do some changes to the pfsense settings and see if that port can connect to the laptop. Guess what - it would not connect. To triple check I did the same changes to ix1 and plugged the laptop in and it immediately connected.

On top of that with a working port and cell modem the 9am anomaly has not occurred again.

So I now have an RMA to send the brand new 5100 back. And our repaired 4860 is on it's way back to us.

P.S. During this adventure I discovered an anomaly with some settings when you switch interfaces. In System, Routing Gateways, Edit, WAN_CELL, Advanced the Probe Interval and the Alert Intervals switch back to the default values. I would think that they should stay as set to the gateway name.

Anyway we are back up for now. I will let you know if anything changes.

I don't believe that you can dynamically control which interfaces unbound uses for external lookups. Its config allows you to choose which interfaces to use, but no way to change it on the fly.

Hello,

pfSense its firewall- and routing-behavior in regard to multicast and broadcast is still not clear to me. Especially not as soon as it is "above link-local scope".

And .... that is where I have problems. I cannot make my media-server (Twonky) visible across subnets or making a SMB3 share visible in another subnet (note that the share is not visible but accessible).

I do have some doubts if it is possible to get those things working with actual software.

However, I did a lot of research and would like to share some links with you,

I did a lot of research and would like to share some links with you,

Zero-configuration networking
https://en.wikipedia.org/wiki/Zero-configuration_networking#DNS-SD

Using pimd
https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s

NetBIOS over TCP/IP
https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP

IP-V6 multicast
http://what-when-how.com/ipv6-advanced-protocols-implementation/ipv6-multicast-address-to-layer-2-multicast-address-mapping/

IPv6 - Addressing Modes etc.
https://www.tutorialspoint.com/ipv6/ipv6_addressing_modes.htm

IPv6 - Special Addresses
https://www.tutorialspoint.com/ipv6/ipv6_special_addresses.htm

By the way my media server is using IGMP V3 (the actual standard) and I think IGMP-proxy is not (yet?) supporting that.

Sincerely,

Louis

that did the job....thanks

did just that, and it works fine.

@Derelict said in how to assign 2 IP from one subnet for 2 WAN interfaces:

Ask them for another subnet on your second WAN

Switched to dot1q mode and setup as shown below. got internet connectivity on all clients. On the unifi side of the trunk, all the vlans are tagged ( 99 for management and 1001 - 1005). And yet, the connection seems to be bouncing around the different vlans as before. See the screenshot where the mac address of the SG-3100 is shown on the home network? In a few seconds it will rotate to another of the vlans. Not sure why this is happening ... I am hoping folks here who have setup the same trunk with a unifi switch can explain this or help solve it.

Screenshot 2019-07-07 21.45.58.png

Screenshot 2019-07-07 21.46.15.png

Screenshot 2019-07-07 21.47.19.png

Screenshot 2019-07-07 21.48.33.png

@johnpoz The only load is a Nest security camera uploading at 1.5Mbits/sec. And I have nearly the same same set up at another location on Comcast with no latency problems.

I have swapped out the modem (twice) in order to get its report of signal levels closer to what the ISP technician reads on her meter. She has visited twice, verified my cable and checked connections at the pole.

The network engineer would like to think the problem is in my router.

How would I know if pfsense is disconnecting?

@timboau-0

Did you ever figure this out? I am having a very similar issue (PFsense is picking up a non-static IP via PPPoE with the modem in bridge / pass-through mode). I have been given no gateway either.

By adding a static IP did you change PF's WAN to static and then entered your static ISP IP? Or a virtual IP?

@clarifix

It turns out this worked because the old firewall is on an ESXI with 2 virtual ethernet interfaces assigned to the same physical card.
So... this turns out to be an ESXI trick and not a firewall trick.
However, since this is done in software, I am still wondering if it can be done on pfSense.

@JeGr Thank you sir I'll also try this out

A workaround could be to put a small/cheap router between one of your WANs and pfSense, aka double NAT.
As long as pfSense sees only unique Subnets you are fine.

-Rico

Hi,
I found the mistake, it was a miss configured tunnel, i had LAN net as source, changed it to 10.30.0.0/16 and now its working.

Thanks for spendig time.

Cheers

Wolfgang

You're welcome :)