@viragomann said in CARP VIPs or Other: @mcury No, you need an interface IP and a CARP VIP in each VLAN. So the VLANs are defined on the lagg and you have to assign an interface and an IP to each on the primary and secondary. Then define the CARP VIP on each VLAN. Thanks for clarifying things for me viragomann

@stephenw10 This is not pfsense specific, just a general NLB query. NLB > Unix vm's

Yup it's in the recommended patches list in the new patches package update.

@LaUs3r Strange. I've created a "a;conf" with : !sshguard :msg, contains, ".*Exiting on signal.*" ~ ( No !, and I've added the ~ ) and restated the syslog daemon. No more [image: 1736423509794-a120a7e2-fd52-4575-a76d-9a05447f4ce2-image.png] for me.

If you send me your NDI in chat I can check it.

Indeed! Even in that situation the gateway should not actually be on the LAN interface, just in the LAN subnet.

Just add the following line to your DNS Resolver Custom options: local-zone: "duckduckgo.com" redirect [image: 1736366811328-7122c48a-ec9a-4c84-891f-223556326f35-image.png]

Mmm, nothing terribly exciting there.

@coffeecup25 switching the monitor off and on may help. Or connecting a keyboard to pfSense and then press a key (not the reboot or shutdown key ;)).

@Gblenn said in pfSense behind ISP modem (Double NAT) trouble: I kind of looks ok, although it's confusing to see that VID is listed as untagged for ports 1 - 10, which includes port 2. Perhaps it's a limitation of the UI, and I would have expected it to read 1, 3-10. Sicne you don't want any VID 1 traffic ending up on port 2... Are you sure you are actually seeing the devices picking up DHCP from pfsense or is it from the modem? I set port 2 to PVID 10 so the traffic from this port always falls into VLAN 10, I will try to disable this port for ID 1 however. Also I will do a pcap and report my results later.

We hope to have something sooner than that. But, as always, it depends how the development/testing goes.

When I did it I used a USB2 drive in the USB2 slot because when both drives are present it tries to boot from the USB3 slot first. You should be able to move it afterwards. It should at least recognise both drives in the boot messages if it is booting.

Yes you should be able to access it be just assigning the VLAN parent interface and setting it in the same subnet as the modem admin page. As long as that doesn't conflict with any existing subnet on the firewall.

@stephenw10 said in Awfully slow transfer speeds from remote NAS over ZeroTier: Yup good to know that about zerotier, I wouldn't have thought it was required. According to the documentation, it is not required for holepunching, but they do refer to challenges with symmetric NAT. https://docs.zerotier.com/corporate-firewalls/#:~:text=Default%20zerotier%2Done%20listening%20ports,ZeroTier%20hole%20punching%20to%20work)) @rheuer22 Perhaps try to set Static Port (Hybrid outbound rules), to see if that has a similar effect?

@patient0 said in /mnt folder question: @Gertjan a bit further up stephenw10 wrote: I'm pretty sure the efi partition is mounted there to test at upgrade for example. ... that's why. That's why I replied ... it wouldn't mount in /mnt but somewhere in /mnt/somewhere/ That is, that is what I hope. Because, if not .... dono, that feels pretty dirty to me. What if I have a USB drive mounted (also) with my config.xml ? Anyway, just thinking out loud here.

@SteveITS "sleep 60...." did it, thanks! Tested with a reboot and it did not sleep the reboot process either. Status > OpenVPN also shows the time (re)started correctly. Much appreciated and thanks to everyone for their help!

@dacuda said in Migrating 24.03 to New Hardware: I originally was on CE, and took advantage of the free upgrade to plus when it was previously available. I was on the very similar boat and if you on free-upgrade (CE -> Plus) then tac-support won't do it. I was told that free upgrade is tied to the H/W, hence cannot be transferred. -S

@JonathanLee I'm sure someone with longer and deeper understanding of pfSense will be able to answer that.

Hmm, odd. The routes should be added by the daemon when it connects as long as they are defined in tailscale as I understand it. But, yes, the tailscale interface is not expected to ever be assigned. It is not bypassed by the interfaces check at boot so will throw an error.