@rcoleman-netgate Duely-noted.

Ah, that will do it. I should have pressed that question when I asked it earlier. Lesson for today. Good result. Steve

Probably something in the crypto-routing that is generated by the allowed subnets. Also remember that Wireguard doesn't add any routing for you so you must add that manually if you need it. Though you're probably using policy routing here. Steve

If you assign the lagg interface and leave as type none you should be able to set the speed/duplex there and have the members inherit it. Using DACs can be a problem though as they often don't present any selectable speeds to use. Steve

@stephenw10 I will try that next. Thanks for the recommendation.

@192-168-1-0 Okay - thanks for that too. My HH 2K is currently plugged into the 2x analog trunks coming into the house (Bell bonds them within the HH 2K). From there, my only cabled device is a data switch that I have for pretty much everything that is cabled into the network. There is a secondary cable connection, which is coax as I said and that runs to the TV in the family room. For some reason, if the cabled/coax PVR loses power or stops working, then I lose all of the wirelessly connected PVRs. It seems the HH 2K is really dependent on the coax-connected PVR. The Bell support person told me one time it's what stores my recordings (from any in-home PVRs, wireless) and so when I play them back, it comes off of the coax-connected PVR. As I say, if I lose the coax-connected PVR, I have no TV at all - just internet at that point. With the websites I use for watching TV - I almost don't need the "tv service" from Bell anymore. I'm considering dropping it, but I will wait and see what options they offer me to get off of the analog trunks and onto fiber...

@NogBadTheBad @stephenw10 thanks guys!

Then I'm not really sure where you are getting the traffic data from currently. The logs don't record that. You need Netflow data to see session bytes remotely. Steve

You can reply here any time. There is no time limit on threads currently.

@stephenw10 Just as a side note: still seeing that phenomenom in current snapshots / dev versions of the package. Install seems fine I guess (no immediate DNS/dpinger problem) but after upgrading/reinstalling the package you'll get it again.

@castle You positively run both. I use pfSense as my edge router and Mikrotik (RB450x2) for my LAN, the best of both world and love it. The downside is it could be expensive having two devices plus the learning curve.

That seemed likely since it's specific to starlink but you would see something in the routing log. And it has to actually receive a new dhcp lease to get that and your issue looks to be during the timeout where it's failing to pull a lease. So you have no IPv6 configured on any interface? They are all set as 'none'?

Hmm I expect that to be entered in the extended query options if you need it: https://docs.netgate.com/pfsense/en/latest/usermanager/ldap.html?highlight=extended query

@sl3390 said in WEBCONFIGURATOR WRONG CERT, NO LOGIN POSSIBLE: Webconfigurator See tip number 4. edit : Before posting, I actually tried out the command myself. [22.05-RELEASE][admin@pfSense.xxxxx.net]/root: pfSsh.php playback generateguicert Generating a new self-signed SSL/TLS certificate for the GUI...Done. Restarting webConfigurator...Done. But I saw a : pfsense.xxxxxx.net has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. because I was 'stupid' enough to activate HSTS for the cert I use for the GUI access. So, Plan B: Console/ssh option 15, and restore a previous config. And then option 11 for good manners. That did it for me.

@periko Notifications will get dispatches over all available notification destinations. See /etc/notices.inc : ..... /* Notify via remote methods only - not via GUI. */ function notify_all_remote($msg) { notify_via_smtp($msg); notify_via_telegram($msg); notify_via_pushover($msg); notify_via_slack($msg);

Cool. Yeah you'd need a rule to pass traffic from 192.168.2.X to any on that interface. Not just v4 ICMP as shown in that screenshot. Steve