@sef1414 said in Pfsense stopped detecting packet loss, failover not working:

@mcury Yeah, nothing different there.

This is a new issue that I didn't see before.
If you can, share more details.

@Dobby_ said in iphone vs android usb tethered wan failover instructions? (2.7.2-RELEASE FreeBSD 14.0-CURRENT):

Windows is used by companies to be sure the client and server
systems will be 100 % compatible and working together.

Apple is used @home, by creative working companies it starts at
programming, image and photo work, video editing, sound and
also DTP or web content work. All devices sync fine and you will
be even up to date on all devices.

I didn't realize we were having a Windows vs Apple vs *nix debate.

@atevet
What you are doing sounds good. Yes you should be cautious creating networking around packages which are planned to be deprecated.

The package pfBlockerNG > DNSBL > DNSBL Category has two lists - shallalist (Wrong, shallalist is no longer online) and UT1 which give quite extensive choices to block content without having to do a lot of investigation.
Also: pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL - allowing the adult devices to go around the above lists.

I removed the external monitoring address, so that the gateway comes up again. I created the monitoring address as a gateway on that interface too, just for pinging, it still doesn't come up on its own. Maybe I have to many gateways for pfSense?

Screenshot 2024-05-31 202447.png

PS: Maybe upstream gateway is not the right term, but I will not change the heading because it will make pictures disappear.

@sminded said in Using WAN port to access a LAN:

I want to access two separate LAN:s from a single point, so the idea was to use a netgate router with pfsense, configure two WAN ports, and connect the LAN:s to the WAN ports, and my laptop to the LAN port.
But I'm not able to access the LAN:s from my laptop, what am I missing?
Do I need to setup a static route on my laptop as well?

You need to explain this in better detail.
From the sound of it, the two LANs are in the same building and you're connecting them each to a WAN port on the same pfSense (with 2 WAN ports configured), then connecting your laptop to the LAN port of that same pfSense.
Is that what you're doing??

If so, just use 2 LAN ports instead.

@TravisH
The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab.

If you want give priority to floating rule over interface rules you have to check the Quick option.

@darkcorner
So my first solution of setting up a separate LAN segment at each office just for this device would be viable.

So finally, the device moves to the remote sites, but it is accessed from an app at the central office; do I finally have it right?

@pfsense-dc ,

Is the Round robin method built into the rule? Because I couldn’t find documentation related to it.

Thanks

@ErniePantuso Did you just post the same thing 3 times?

Maybe you should start over.
Say you have a 24 port switch, but you're only using 5 ports.
Then you need to add a new network which needs another 5 ports.
Do you go buy a new switch?
No, you use vlans. Vlans make one physical switch into 2 or more logical switches. A vlan creates a new broadcast domain so they are completely separate networks.
So you can take that 24 port switch and make it 2 - 6 port switches to handle both of the networks in the example. And still have 12 ports to spare.
Make Sense?

@ErniePantuso Can the switch do vlans? If so, just create a clan on the switch with just those 2 ports using it.

@Melim
pfSense does not support any virtualization within its software (VRF or MultiSys)
That said, what are you trying to achieve here?

Do you Internet links need to be placed in a VRF? That VRF shared with multiple other VRFs?
Can the endpoints use pfSense as the gateway?

You havent really outlined what the goal here is and why a VRF is required.
Where does VXLAN fit in this? A firewall typically wouldnt be involved in routing vxlan packets across the datacenter.
So depending on the technology, VRF and VXLAN go together. Where does a firewall fit in with Internet access i have no idea

@mgavrila said in IPSec & OSPF, ping YES, TCP No. OpenVPN & OSPF work as expected.:

@cmcquistion_ This is an expected behavior. Take a look here https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-state-policy

Thank you!

This is the clue that I needed.

I wasn't completely sure how to create the "Rules with Floating Policy Se" referenced on that link, so I instead I just changed my IPSec rule that was already in place for that interface (allow all) and changed the State Policy from Default to "Floating States"

Once I did that and did a Filter Reload, all my traffic is working as expected!

This is good to know. I have a lot of client firewalls that use IPSec and OSPF that are going to stop working when I upgrade their pfSense version unless I implement this change.

@Zotan said in Disable WAN port detection:

package system has detected an IP change or dynamic WAN reconnection - 192.168.90.129 -> 192.168.90.129 - Restarting packages.

system has detected an IP change ... as often as every 2 seconds.

And you don't like that ? That's an understatement.

But if some one is hammering on your head, don't try to remove your head.
Remove the hammer.

First, do the usual tests : hardware :
Check / change WAN cable.
Put a switch between the WAN port the the device at the other side.
Swap WAN and LAN interfaces. if its now the LAN, ditch the NIC.

Software side :
Reset pfSense to default - no, better, re install and do not import your config back in.
Problem solved ? Go have a talk with the admin, as he introduced the issue with one of his 'settings'/'config changes' ^^
More tests are possible, but I don't know how/what you use on your pfSense.

edit : and as I needed 25 minutes to type all this (I'm also supposed to actual 'work') I just see your second post.
You've talked to the admin 👍