Glad you were able to get it sorted.

@stephenw10 made too many changes in the last 48h ;) now direct and reverse proxy nginx works, just complains about ltm vips

OK so the APU was also on the WAN side of the HA pair? You should still have the monitoring graph data (RRD) from the time that would show a spike in firewall states.

@johnpoz Both ns1 and ns2 i built are running on VMs, Cluster on Site and the second one a VPS at Hetzner, I have been testing as i have a bunch of Domains that were using my name server and domains using DigitalOcean but who knows what the problem is, i think it could be more down to Geolocation as the IPs of DigitalOceans shows America, I'm in the UK but it would be interesting to see what was causing the problem though. Regards

@stephenw10 said in Nginx and HNAP1: It's harmless in pfSense but it's caused by that local client trying to access a page at the pfSense IP address that doesn't exists in pfSense. So most likely that client was previously connecting to that service at the pfSense IP when it was some other host. It could be something on that client trying to actually use HNAP. It could be the client scanning local hosts. It could be malware on that client looking for local exploitable services. Check that client device. I see. I will try to investigate the client. Good to know that it´s harmless. Thank you, Jonna

@chris-doldolia Ell it says it timed out parsing an XML file. How big is your config file? By chance are you viewing the dashboard when this happens? There are multiple threads about 100% CPU when viewing the dashboard in 24.11.

I agree it should have better documentation. Open a feature request/ bug report here: https://redmine.pfsense.org/

If you can still see available packages then it's still valid and would be valid for any Plus version.

Yup, you won't reach that through an 1100.

@stephenw10 Everything working fine now. OpenVPN suddenly started working as well. All good. Thanks for everyone's help. As an aside, I'm totally bummed that Netgate is moving to a subscription based service. I understand no company makes money giving stuff away for free. However, that's not how it was presented to us when Netgate encouraged us to move to PfSense + Home/Lab, only to then take it way from us. I really like pfSense, but for $129 a year it seems a little overpriced for home use.. I know I can downgrade to CE, but how long will that be free, or even in existence? I'll stay on pfSense + until I no longer can, but I will likely move to another product e.g. OpenSense when the time comes. I even have the pfSense swag all over my computer and comms closet in my home. Oh well, such is life in the world of business.

@stephenw10 said in Native VLAN on sg6100?: Including due to things I have done! Who never ?

Well I'd be checking it works still when behind something else because it doesn't look like anything special should be required in pfSense.

Could you use ::1 for the IPv6 server 1 network? Or what about setting up a ULA fc::/7 for ntp for networks that have dynamic IPv6 and use track interface. Would this work?

Ah, nice. Probably tagged in the modem already then.

@stephenw10 I understand. Thanks for the info. Then syslog. That was my second thought.

Mmm, if it's account based are they using a local AD server or similar?

@gritdesigned7930 said in Gui DHCP ISC KEA DNS Resolver all crashed 24.11 reinstall didn't work: kea-dhcp6.dhcpsrv.0x9ac02a12000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic You have a "Kea DHCP server for IPv6" configured, but the interface is down. The Kea DHCP server IPv4 log lines are the normal startup log lines. My Kea, both IPv4 and IPv6 are up and running on several interfaces. I see only INFO messages, when leases get renewed etc. And "Write include: /var/unbound/leases/leases4.conf" ... And "Add record: "iphone-xii-gertjan.bhf.tld. 28800 IN A 192.168.1.35" Etc.

So like: /usr/local/bin/php -f /usr/local/sbin/pfSsh.php playback svc restart unbound

Well I would start by just enabling the igmp proxy and see if that accomplishes what you need with the default options. https://docs.netgate.com/pfsense/en/latest/services/igmp-proxy.html There are some custom options you can use via a custom conf file if required: https://man.freebsd.org/cgi/man.cgi?query=igmpproxy.conf But igmpproxy is best avoided if at all possible IMO. What are you actually trying to do?

@netboy Really not a problem.