You have to assign the OpenVPN client as a new interface so pfSense sees it as a WAN. It will then create a dynamic gateway for it you can use in a policy routing rule.

Thanks for following up. Good result!

Unlikely. The traffic handling for CP clients is identical in Plus.

PHP Errors: [08-Sep-2025 00:01:03 America/New_York] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/bin/kea2unbound on line 344 If you are using Kea, with DNS registration enabled, and pfBlocker with DNS-BL be sure to use Python mode to avoid the PHP memory limit. You can also increase the PHP max mem value in Sys > Adv > Misc. But that shouldn't be required if you're using Python mode.

Oh yes there certainly are many users running VMs as edge on all hypervisors. I just wouldn't myself.

@hescominsoon said in 25.7.1 package issue: 25.07.1-RELEASE on both and yesw i access both in private mode which auto clears when i close the tab. Minor nitpick…Private/incognito tabs all share the same session so cookies/cache would clear when closing the window/all private tabs.

@marcg I finally got the PD on the pfSense and I'm working through the reservations I had set to the tunnel so they get an reserved address within the PD. I had wanted to keep the tunnel from he.net but I never could get that working. If the BGW320 ever gets a different prefix I'll have to change any AAAA records at he.net's free DNS services. Won't be too difficult and I could script it through their API if it starts to happen often enough. I've had the same prefix for about a week now. Same IPv4 since I put the SG4200 online. I don't expect any changes but since I'm on the gulf coast it's somewhat likely that I could lose power and/or network for multiple days if a hurricane rolls through town. That could cause a change in the leases.

And 192.168.100.1 is part of the DOCSIS specification. That's because all cable modems run with this IP address.

@SteveITS Thanks very much, i knew i must have missed something. Clean Firewall logs now.

@stephenw10 I agree @ramup thanks for keeping everyone in the loop

Try 2.8.1 first if you can. You are probably hitting this preventing the SWAP being enabled: https://redmine.pfsense.org/issues/16232 Unfortunately that fix didn't make it into 2.8.1 but you can apply that patch there. Or manually make the one character change! That should give you the expected 16G of swap which will be enough for any core file.

Hmm, curious it should have worked in 2.7.2. What modem is that exactly? I have hit that before and handled it by feeding the init string to mpd5 that allows it: &F&C1&D2E0S0=0${temp} Try that.

It's a one line patch so should be safe enough to add manually if anyone wants to try it: diff --git a/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc b/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc index 247cc3c4e1f4baf6325c22ab778d64c3bdf8afc2..e4c2f2b9e72d96a573c7ebb3ce52c01c278265ab 100644 --- a/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc +++ b/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc @@ -239,7 +239,7 @@ if ((false !== $message) && ((false === strpos($message, ': Cron ')) || $message = preg_replace('/^To: .*$/m', '', $message); $message = preg_replace('/^Subject: .*$/m', '', $message); $message = preg_replace("/^(\n){4}/", '', $message); - $send_subject = config_get_path('system/hostname') . config_get_path('system/domain') . " - Arpwatch Notification : {$subject[1]}"; + $send_subject = config_get_path('system/hostname') . "." . config_get_path('system/domain') . " - Arpwatch Notification : {$subject[1]}"; send_smtp_message($message, $send_subject); if (function_exists('notify_via_telegram')) { https://redmine.pfsense.org/issues/16410

@stephenw10 I did not know about that. Thanks - implemented and it's working!

@keyser Fantastic, thank you! Yeah, I ended up getting to the JSON settings before I saw your reply, and I had DEBUG instead of just INFO and the logs were going crazy! I think, with as active as my network is, and as chatty as the DHCP devices are, I'm going to ignore the web GUI, and just tail the logs over SSH. That way I can grep and sed to my heart's content. I also set-up log rotation using the built-in method, so that's good. Every once in a while I have these bursts of pfSense learning.

Yup, that's fixed in current versions.

@tman222 I've got T-Mobile Home Internet (THMI) set up as my backup to Starlink in a pfSense failover gateway group. It is kept alive by a ping to 8.8.8.8 and my gateway always has the ipv4 address of 192.168.12.1. The pfSense interface gets .12 address, right now, .12.145. For science, I turned on ipv6 dhcp to get the one and only ipv6 address from the TMHI gateway and it did get an ipv6 address it couldn't really do much with, kept alive by pinging the ipv6 of 8.8.8.8. Until it didn't work. One day the ipv6 address and interface was just dead and the ipv6 address wouldn't come back with some usual efforts. Since it was just an experiment, I shut the ipv6 off. Since TMHI won't give a prefix, it's really not much use that I can tell to have the router interface have an ipv6 address with nothing else downstream. So it just uses ipv4. Note, I have shut off all the wifi on the box and just use it through the ethernet port. I used a great IOS app called HINT Control to shut off the wifi on the TMHI gateway. I have my own wifi, so I don't need it polluting the em spectrum with more. Since we live in the sticks, both our Starlink and TMHI use CGNAT of a sort but I don't have any problems with double-NAT with either. It just works.

@stephenw10 Thank you for providing these commands, and confirmation more logging is coming as well. The ISP is still investigating, I did setup an auto recovery mechanism which involved rebooting pfSense after 3 failed responses from the gateway in a 3 minute period, but now with the down up commands this will be a quicker and cleaner process, and since cycling the ppp is far less of an interruption than rebooting, I can do it without waiting 3 minutes as well. https://forum.netgate.com/post/1223518