@stephenw10 Yes, I think this is exactly what happened here. After my last post I realized that the gateway I currently use to get to the Internet was not configured. I have a third link I use to get off net in my test environment. This config is for our data center environment and has IP address that do not exist here. So, I created a third DHCP interface to tie this into the actual LAN the boxes are currently on. I switch to using this interface as the gateway when I need them to be able to download PFBlockerNG updates, access Netgate Servers, etc. For some reason in my config I imported the GW was set to the normal GW which will work in my DC setup. Just doesn't work here. So, I had to manually switch to using the secondary gateway to download and install the missing packages.

I got impatient and went ahead and reinstalled the primary with 2.8.0 and restored the config there. This time I saw a message on first login that said it was re-installing the packages in the background. I switched to the opt1 interface gateway and all the packages were installed perfectly. Not sure why I had to much trouble with previous backup/restores but this works slick today.

So now I am running the HA pair both on fresh installs of 2.8.0 (not upgraded from 2.7.0). Will let this bake for today and see what we get. Will post any additional dumps I get here.

Thanks all for the help.

You have set up the new interface as an internal interface so there is no outbound NAT on it. The 5G router cannot reply to requests from the 192.168.8.X subnet because it has no route to it.

You need to setup that interface as a WAN by adding 192.168.1.2 as a gateway on the interface config.

That will then add automatic outbound NAT rules for traffic from the LAN subnet to 192.168.1.X.

Ok, thanks for the suggestions. It's a Netgate 3100 and running in production. I will try to update this weekend. (The old firewall rules do appear to be in operation - whew!)

@stephenw10 My connection dropped tonight. ISP logged it as a "Planned PPP restart". I uploaded a log to the link here. Maybe it's helpful?

It was only my CityFibre connection which did not reconnect. FTTC reconnected OK. Both use PPPoE and both are with A&A.

Rebooting the appliance brought it back up.

I would try disabling DNSSec. When running in forwarding mode that can cause problems if one of the servers you're forwarding to doesn't correctly support it.

Hmm, you should be able to check that. When you add a server there it should be added to /etc/resolv.conf.

If it has a gateway set for it you should see a static route added for the server IP via that gateway in the routing table (Diag > Routes).

No. Changing the drive will not change the NDI so when you reinstall you should be offered Plus if it's currently eligible.

Yes both nodes would have to have the same WG config.

@ebcdic What software/hardware are you using to publish? If you haven't looked at WeeWX, you might give it a try as it would certainly address the issue. Just a thought.

@dennypage @maximushugus

Note that I have posted a compiled version of PIMD in a separate thread a week ago (folder development).

@stephenw10 This was definitely not a button push on ours either. Both units are in locked cabinets in a colo. Any access to the facility is logged.

@SteveITS As for it going to standby or hibernating, the person who went on site the LEDs were normal. Nothing indicating a state change or issue.

It will be removed at some point. There is no hard date set at this point.

I expect it to remain until it either fails to build or is replaced.

@sigulete You solved my problem, thank you !

@JonathanLee Would be nice if squid 7 came to pfsense, if squid is discontinued from pfsense then i guess a docker container running squid could be an option.

@jhg

Read also Alternate Remote Backup Techniques.

@NetRunner8050 said in PHP Fatal error: Allowed memory size of 536870912 bytes exhausted:

my reputation isn’t high enough yet

Solved that.

@SteveITS Thanks, as I think you clarified a simple mistake I made.

After you said "add/configure" the interfaces I realized I made a miscalculation of how simple it is to refresh these. The NAT/FW/DHCP tables only utilize WAN and LAN assignments and those assignments are programmed to the physical hardware. WAN currently being re0 would be igb0, LAN from re1 to igb1. So this would only take about 5 minutes. Silly of me.

Thank you sir, the obvious eluded me.