Aha, nice!

Yup IPSec in policy mode can grab traffic and make it disappear like that.

@stephenw10 said in pfSense 2.7 crash when adding vnic:

Yes I would definitely add it with the VM shutdown. If the PCI location changes, which it can, after the driver has attached that could cause issues like this.

Also watch out if adding more NICs takes you to 5 or more. ESXi will reorder the NICs above 4.

Yep, this worked fine thank you.
My interfaces were slightly renumbered so had to reassign correctly, but otherwise I look to be up and running :)

Cheers
Eds

@stephenw10 Thanks a bunch for the tips! I fixed it.

aff7692f-5ac3-4379-afe9-3fb52769b07d-image.png

Yes. And it should just import directly and boot without issue since the 6100 has all interfaces the 4100 does.

Steve

Discussion of this is here: https://forum.netgate.com/topic/189472/high-avail-secondary-node-ips-how-to-find-it

Yes, if the IP address exists on the firewall it should allow it. So that includes virtual IPs.

I agree, internal ticket opened.

@stephenw10 Problem solved. ABB wasn't properly terminating the previous connection. As soon as they unblocked the ports and kick me through their internal tools the connection was established again.

@Jsetive said in DHCP not pooling in interface with VLAN:

connect the port in access with VLAN 200 and i still facing that issue.

Well again - the port connected to pfsense port that is tagging that vlan would have to be setup as trunk (cisco term) where vlans are tagged, and the native vlan is not tagged..

Just connecting a port in access (not tagged) to that port where your tagging 200 wouldn't work - just like connecting your computer that doesn't understand the tag or use the tag wouldn't

@michmoor

Solved!!
There was another P2 active.
So i think i know what happened. Whent he IPsec tunnel was first set up, it was in tunnel mode. Switched over to VTI but the other p2 was still there. Somehow there was a conflict. After deleting the old p2, things are looking good.

Leaving this here for future me or anyone else

What bandwidth does it need to pass? Do you plan to run any packages or VPNs?

Yes, that is possible. I would say there is always some risk that Windows decides to use those NICs before hyper-v sets them us to pass through. But there are many people doing exactly that.
Probably better to ask about it in the Virualisation sub.

Steve

Any of those VPNs could work for that. I would probably use IPSec for a fixed site to site tunnel like that though.

Hmm, two panics shown there in different processes and different backtraces.

I would run some memory tests to be sure it's not just bad RAM.

Steve

Yes pfBlocker puts it's rules at the top by default. You need to change the rule handling to allow custom rules above it.

Or you can use a pass rule for the dyndns name in pfBlocker so it gets added at the top anyway.

Is pfSense resolving the host correctly?

@stephenw10 I get it completely. Legacy code. Technical debt. Limited resources. If we have all the time in the world then all the things can be done 😀

I would guess it's because you are policy routing traffic from LAN clients to a specific gateway. So that works even when the firewall has no default route.

@Gertjan

I can handle the interface shuffling via console. I am hoping not to have to reconfigure everything for all the interfaces again. I'll know for sure once I have an available round tuit so I can get it done.