You've lost me now  ;D

I was just wondering last night what the significance of the suffix- 24, 32 etc…

Can you ping the secondary's sync address from the primary?

Firewall rules on the secondary allow webgui traffic?

When you make changes on the primary are you getting alerts that the sync to the secondary had problems?

Anything in the System log?

Hope I'm not reviving too old a thread, but this has all the ingredients.

Same errors in Gateway log:
dpinger WAN_DHCP 67.87.80.1: sendto error: 65

General log: (starting round this time)
check_reload status updating dyndns WAN_DHCP

In the firewall log I noticed:
Block 192.168.100.1 port 67 (my modem) to port 68 192.168.100.20 (I assume this is the ISP DHCP server)

I rebooted pfsense and created a new firewall rule for the WAN interface to pass:
Source 192.168.100.1 IPv4 UDP
Destination 192.168.100.20 port 68

I just wanted to confirm if this is the correct remediation.

Edit: I spoke too soon
DHCP timed-out again and I got this in the firewall log
Oct 11 15:33:07 WAN Block ULA networks from WAN block fc00::/7 (12000) 192.168.100.1:67 192.168.100.20:68 UDP

Well, my rule was wrong (from port 68 to 68)
Changed to Source any IPv4 UDP 67, destination 192.168.100.20 68
Edit 2:
The firewall log got me looking at my WAN interface connection. I have Block Private networks checked. Perhaps this is why the WAN interface is blocking the modem from sending traffic.

@Grimson:

How old is that device? Remember there will 32-bit support will be dropped with pfSense 2.4 release.

It is an Astaro ASG220 from 2008 as far as I can see.
I tried with 64bit version but it came up with something like "CPU does not support long command mode" or so. 32bit went fine.

Ok, got it. Guess I cannot use these devices with upcoming 2.4. Damn.
They are so cool with their 8 Ethernet interfaces… :( :( :(

Dude well yeah cuz you dicked up your outbound nat ;)

Change your nat to hybrid and just add a nat above the automatic for your vpn interface.

If your going to do manual - you have to have nat for your wan interface and your networks.. You don't have anything there other than firewall 127.0.0.1..

Its easier to just let pfsense do automatic nat for its networks and just in hybrid mode add an outbound nat to be able to use your vpn interface.

Dude this has ZERO to do with pfsense.. You stated your connection is PPPoE right.. Did you contact your ISP about this when you change the device doing the pppoe connection..

If your cpu was maxing out or something.. Then ok you might say pfsense can't handle the speed, etc.

When you connect these cheap routers, your setting them up for pppoe - or your just doing dhcp on them?

@chpalmer:

Two of our people using the tg862 both had different issues.  Have you tried any other modems?

http://forums.xfinity.com/t5/Your-Home-Network/Arris-TG862G-CT-Bandwidth-ping-and-packet-loss-all-over-the/td-p/1894021

http://www.dslreports.com/forum/r29241569-Equip-That-tg862g-is-a-joke-of-a-modem

no i didn't.

And…it is fixed.
No clue how.
I just restarted the firewall. (I guess something i should have done first).  ::)

Thanks everybody for your time!

@BlueKobold  So just to clarify Im taking the LAN port of the EdgeRouter and plugging that into the WAN of pfSense?  Also when you say pfSense needs to have a static IP at the WAN interface, does that just mean setting it static in the EdgeRouter and entering that address on the WAN port of the server?  Sorry if I literally just asked what you stated.  I just want to make sure I'm on the right page.  Is there anything I need to configure in the EdgeRouter?

Thanks again for your help, its greatly appreciated.

@mtarbox:

No IPTV or set top boxes in my system.

Then I would be trying turning it out!

Edit the downloaded config and restore it to the unit?

Thank you for your tips!

I'll try to run the Apple TV on a separate LAN interface.

@mirkwoody:

True.

He said that even some off-the-shelf known brand routers would be kicked off.. because.. noise..

That's the first I've heard of that one.

Thanks JIM.

Sorry the installer was 2.3.4 from usb, I downloaded the 2.4 as you suggested and it installed fine thanks again for always giving great advice.

PDS

PFSENSE runs fantastic on these Kaby lake, and at Idle are really  low power did over 1 hour just on the UPS  (around 4W)

Even better. Now I have a bug report as well!

bug.txt