I know this topic is old but I experienced the same behavior...

Like you I'm also forced to use double nat as my primary WAN come from an openMPTCProuter which aggregates my WANs in front of pfSense and I also have failover to the same WANs (but in load balancing) in case of MPTCP failure so I'm also dependent on the checkIP service to update my DNS when the MPTCP gateway is the active one.

I update 4 DDNS with the same IP for this gateway and the 4 cached IPs continuously turn Red for some second, sometimes one at a time, sometimes 2 of them at the same time.

After found your post I changed the checkIP service from the default "http://checkip.dyndns.org" to the other one "https://ipinfo.io/ip" and the problem is gone.

So it's definitely a dyndns service problem, maybe that the frequency of the requests from the same IP to update 4 DNS causes the dyndns service to refuse to respond to each one.

Thanks for sharing your solution.

@bingo600 still not working. I even forwarded port 80 and 443 on OPT1 interface but still not working

Same issue here. WAN is on em1 - no other VLANs on that interface. The dashboard traffic widget:

Screen Shot 2022-05-09 at 11.51.21.png

Screen Shot 2022-05-09 at 11.51.26.png

Half the actual throughput. Settings same as yours.

The Traffic Graph graph shows this (/status_graph.php):

Screen Shot 2022-05-09 at 11.51.44.png

which is correct (I have a symmetrical line - upload was 897Mbps during this test)

@rcoleman-netgate Thanks for your quick response!
Indeed it works now! Thanks!

@jimp Thanks. I will dig deeper into Brave.

@nogbadthebad thanks for your reply. (I work with @emasi on the project.) We are aware that the scenario is not ideal and we have already taken the necessary precautions (change management) so we don't trigger the issue anymore.
The fact remains that this issue is easily triggered. We have tested many scenarios. The conflict handling when creating rules alone is pretty neat really. But as soon as we add separators to the scenarios not only the new changes are conflicting - but the actions delete existing firewall rules. And that's dangerous, worth to mention and worth to fix. (At least we think it is.)
So we are following the pfSense bug report guide and are documenting our observations here to discuss first. Maybe you folks can confirm this is an issue so we can report it to pfSense Redmine. (We have never done that, so sorry if our procedure seems a bit wonky:)

@worlddrknss Sounds like you can reproduce it so I suggest opening a report at http://redmine.pfsense.org/

Has no one successfully done this yet?

I'd like to tag the thread as [SOLVED], but I can't edit my initial post any more.

What should I do?

Same problem here. We have about 100 users deployed across 10 openVPN server instances on our core pfsense VM using tap/bridge mode. There are a number of reasons we prefer this arrangement over a routed tunnel when VPNing into a cooperate windows domain network.

I'm tempted to roll back to 2.5.2 because we can't see connected users on either the openVPN status page or the dashboard widget. Are there any plans to make these interfaces display connected users again with a future update (soon?)

@xanaro said in Full screen theme for 2.3:

full width really improves a lot of the pages as well, traffic graph, squid real time, etc...

Thats correct!

Ah .. System_Patches
Thanks a lot !

@johnpoz said in Rearranging interface order?:

Or you could change the names on them so the alphabetical ordering is how you want them to be ;)

I set the sorting to alphabetical and prefixed all of my interface names with numbers. Much easier than trying to use the actually alphabetical names.

I run everything in VM's so I got to a point where I ran a clone on the sister VM and got it working.

I have absolutely no clue to why the dropdown was empty....

the .conf file was as it should be and everything was running as it should and it was showing packages as it should.

Only thing was the system -> update.

To update this post, I apparently posted it again later on and received a answer found in this thread...
https://forum.netgate.com/topic/169870/dnsbl-reputation-404-error-solved/4?_=1647182583544