@SteveITS I have had ZFS since it was available for that reason, and I always reformat the SSD so pfsense install does ZFS from scratch. Yes, I have a very large UPS for many years, small car battery size. The problem is it lasts for a couple of hours since it handles the modem, router, HP 24 port switch, Mac Mini phone system, etc., whereas our power failures average 3 to 8 hours. Sometimes multiple days, one time almost a week! 2.6 always recovered until the modem change, strange but true. Trying to login to pfsense 2.6 only returned the dreaded "502 Bad Gateway Nginx error". Had to power off/on. Waiting to see what happens to 2.7.2. I'm thinking possible ethernet driver issue with a different chip in the S34 than the S33, which may be fixed in 2.7.2. The next power failure will be the test.

My plan is after Pfsense 2.8 is released I will buy a new box for it with 2.5G ethernet to the modem which hopefully will be fine.

Thanks for the comments.

@SteveITS

60% of the time it works every time.

@Bob-Dig said in Easy solution for logging my daily changing WAN-address:

True, but any gateway event will also trigger emails, as far as I remember and with 10 VPN clients this becomes very annoying, I can tell you.

I get it.
Still, the Dyndns setp will only send a mail IF the WAN IP actually did change.
If the "do something with the WAN interface" is called many time, it doesn't matter : only if the IP changed, you get a mail.
If it changes x times a day, you will get x mails a day, true.

@ogijaoh I had a similar problem. This hapened after forcefuly changing my AD FSMO roles from a dead PDC to a secondary DC.

I could login using Diagnostics>Authentication, but not on the actual login, page it would always say "Wrong Username or Password".

After a lot of digging and AI usage, I also found no help.

After fiddling with the settings, one day I tried the System>User Manager>Settings>Auth Refresh Time. So I inserted 30 seconds to the cache time, clicked save and test, got green messages everywhere. Went back to login screen and logged successfuly. Aparently an error related to cache was my problem, I hope it is your problem aswell. Good Luck!

If you're policy routing traffic via the VPN then traffic meant for other local subnets would be forced that way unless you have bypass rules to allow it to be locally routed.

But that doesn't apply to traffic in the same subnet, that doesn't go through pfSense at all. So I would confirm that they really are in the same subnet. Make sure the mask is set correctly on all devices.

@stephenw10 said in Syslog filtering by tag?:

Probably needs to be in /var/etc/syslog.d/pfSense.conf

But that would be overwritten. You'd need to patch the file creating that.

Well thanks, that's it!
The correct directory is:
/var/etc/syslog.d/

Putting my own file myping.conf in this directory (keeping original pfSense.conf) and restarting syslogd -> now it works!

Yes, it's probably safer to refuse duplicate gateways than to try and allow for dhcp to static transitions when it's relatively easy to work past. If annoying!

Hanlon's Razor applies here. 😉

It was probably just a mistake somewhere. Or perhaps some client thought they could just add more IPs to use and it wouldn't matter. If they didn't use them all the time that might explain it.

Anyway let us know if you still see any issues now that can't happen.

You can certainly remove that OpenVPN oubound NAT rule. It's NATing to the WAN address on the OpenVPN interface which is always wrong!

The two localhost addresses (127/8 and 1/128) are not always needed. pfSense itself will usually use the WAN address directly.

It looks like you have switched OBN to manual mode? Better to use hybrid for most situations.

How exactly are you testing here? From what IP to what remote IP?

It could be the remote device blocking traffic itself. Some OSes (windows) will block traffic from a different subnet by default.

Wireguard produces almost no logs which makes troubleshooting....interesting! So there are no WG specific logs. You can only see the interfaces connection in the system logs or check the states for passing traffic etc.

Nope the config doesn't reference the boot disk(s) or install type. It shouldn't care.

You can try booting with a default config then restoring the config in the gui. That might give you more useful errors.

The error it's showing there is actually secondary. It's trying to open the file to queue a notice about the bad config and failing during boot. But that's not actually related to the import error.

Then open a TAC ticket: https://www.netgate.com/tac-support-request

It sounds like that unit has a faulty LED or controller. Though, as I say, it's very unlikely it's anything other than cosmetic.

It could be Kea via some affected process but not directly.

If dhclient shows failing to pull a new lease at release time then that's certainly a problem.

@RickyBaker well you prob had duplicate IP on your nas.. Or your offending device was stepping on one of the nas IPs. But if your unless your dns or pfsense is running on your unraid box.. That should have zero to do with normal internet access.

Do a simple dns query for something.. I like to use dig but nslookup works too.. nslookup is better if you set debug

Normally clients just ask pfsense IP for dns, and then unbound on dns resolves it - are you doing anything different than out of the box default in your unbound settings?

Do you have it set to register dhcp - if you have lots of dhcp traffic this can cause restarts.. If it is doing that every few minutes or seconds than yeah your going to have horrible dns..

For reference: https://redmine.pfsense.org/issues/16103

@viragomann that was exactly what was needed, thank you.

@greedj Thank You!

Primary I mean running pfSense only on bare metal servers w/ 2 CPUs. No any reason to run virtualization because of highloading, even more: better to make HA cluster of pfSense (with two(2) independent online-interactive UPS - each to one of server’s power supply, and more than 2 uplinks to power provider).