you said it ;)  I wouldn't go freaking near that domain even if you did manage to resolve it to something.. Clearly they do not have clue one..  Why would you hide your name behind a privacy domain if your such a big company?  Make's zero sense - be like google.com being behind a privacy domain, or microsoft, yahoo, etc.

thx, for your quick reply, I will try out your suggestion and see if it actually works.

Hi JimPhreak,

I have a very similar problem: I switched the VLans from my OPT Port to the LAN Port and DHCP stopped broadcasting. Do you remember how you fixed that problem?

To specify what I did:

I have 4 Ports that were working just fine before I made the changes.

Before:
sk0 (WAN): Default Wan Port
sk1 (Opt1): Used for my first Backup WAN.
sk2 (Opt2): Connecting to my managed switch to connect my APs that have 3 VLans (Appx (10), Mobiles (20), Guests(99)).
sk3 (Lan): Backdoor for recovery.

After:
sk0 (WAN): -no changes-
sk1 (Opt1): -no changes-
sk2 (Opt2): Now a WAN Port for my Backup UMTS.
sk3 (LAN): Now Lan + the 3 VLans.

After I made the changes the Backup UMTS works, and every Client that hat an IP before also worked. Users that had not connected in a while or renewed their lease could not get an IP from the DHCP.

What I tested:

DHCPd Server is running and was restarted (aswell as the whole box). Deactivated the LAN Interface so only the 3 VLans would be on the sk3 Port. Plugged in a cable from a PC directly in LAN and a Port of the Switch that worked before.

Any ideas what else to test? Here is my Interfaces config with a few comments:

<interfaces><wan><enable><if>sk0</if> <blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path><spoofmac></spoofmac></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></enable></wan> <lan><if>sk3</if> <alias-address>192.168.178.197</alias-address> <alias-subnet>32</alias-subnet> <spoofmac><enable><ipaddr>10.0.1.254</ipaddr> <subnet>24</subnet></enable></spoofmac></lan> <opt1><if>sk3_vlan20</if> <enable><spoofmac><ipaddr>10.0.20.254</ipaddr> <subnet>24</subnet></spoofmac></enable></opt1> <opt2><if>sk3_vlan99</if> <enable><ipaddr>10.0.99.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt2> <opt3><if>ovpnc1</if> <spoofmac><enable><blockpriv><blockbogons><alias-address><alias-subnet>32</alias-subnet></alias-address></blockbogons></blockpriv></enable></spoofmac></opt3> <opt4><if>sk3_vlan10</if> <enable><ipaddr>10.0.10.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt4> <opt5><if>sk2</if> <enable><spoofmac><blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></spoofmac></enable></opt5> <opt6><if>sk1</if> <enable><alias-address>10.0.30.58</alias-address> <alias-subnet>24</alias-subnet> <spoofmac><ipaddr>dhcp</ipaddr> <dhcphostname><dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></dhcphostname></spoofmac></enable></opt6></interfaces>

DHCP Config

<dhcpd><opt1><range><from>10.0.20.1</from> <to>10.0.20.253</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt1> <opt2><range><from>10.0.99.1</from> <to>10.0.99.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt2> <opt4><range><from>10.0.10.20</from> <to>10.0.10.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt4> <lan><range><from>10.0.1.10</from> <to>10.0.1.250</to></range> <failover_peerip><defaultleasetime><maxleasetime><netmask></netmask> <gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime> <enable></enable></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></maxleasetime></defaultleasetime></failover_peerip></lan></dhcpd>

Could be as simple as this : most 'real' NAS have "apps". My Synology disk-station has one : it's swallowing the "syslog" records from my pfSense just fine.

Definitely not in the attic. Put it in the utility room or on a shelf in the closet if you must.

Install pfSense. Set a port as WAN and one as LAN on the pfSense box.

Connect your switch to pfSense LAN port.

Then connect your RT-66N to the switch so it is an extension of the same LAN. You will plug your cable into a LAN port on the RT-66N and turn off the DHCP server on the RT-66N. The pfSense box will be the only DHCP server for your install issuing an ip to all clients connected via cable to the switch or via WIFI through the RT-66N. See:

https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

Plug the NAS into the switch with all your other clients.

To set up PIA VPN see:

https://www.privateinternetaccess.com/pages/client-support/pfsense

That should get in the ballpark.

Thank you so much!

what are you firewall rules, are you using proxy?  Does www.bbc.com resolve?

Both the primary WG and my secondary WG got totally screwed up and wont even boot in an orderly fashion.

Luckily I took a backup before venturing into testin.

As a workaround, I installed pfSense on proxmox, hooked up my VLANs and now this technically works. Technically, not optimally - because now I'm firewalling in the host-environment where my crownjewels are, instead of firewalling before  even touching this hardware. But for now, I'm in business again.

Thanks this help a lot

Well, not the replies I wanted to get :), but thank you for the information and very quick responses. I guess I will have to try to make pfsense work on my hardware and after failing, decide what to do then.

"Netflix and YouTube are two that are blocking IPv6 from HE."

There are also blocking a shitton of vpn providers netblocks as well.  And blocking non regional IPs from accessing their regional content.  What that has to do with the price of tea in china I don't have a clue.  ie no idea where you trying to go with such a statement..

They see HE as just another way of circumvention of geographical restrictions - which is why they block them.  If HE would promise to only allow geographic same ipv5 to create a tunnel to their different pops in those regions.. They would remove the band I am sure.  But currently there is nothing stopping someone from say the EU or Asiapac regions from creating their tunnels to the HE pops in the US, etc.

Thank you.

I really do not see the point of lagg on a cable modem.. If your over 1gig then the local side should be 10ge, or the up coming 802.3bz (2.5 and 5ge)

Lagg would just be kind of pointless..  Its not 1+1=2, its 1 and 1 for a total of 2 combined across all sessions.  No single client would ever go above 1 gig.  And there is no real promise that even 2 clients would load share.. You need lots of clients talking to lots of different devices to spread the load across the lagged connections.

With a cable "modem" and not a router even - means for example your pfense is going to be behind it.  So now you have a different layer 2 between the router and the clients so really only mac being seen is the pfsense mac - so when would you leverage the lagg?

Hey guys,

Myself I found the answer for the problem.

Squid need to be given access to use Google api.

In Squid proxy filter,

Add new category for adding some of the domain name, those domain names mighty be blocked in the  group categories.

For example the category under social chat , web.whatsapp.com mighty be blocked.

So we need to manually specify to open the website.

Add the following domain ( copy paste below all sites )

drive.google.com googledrive.com plus.google.com hangouts.google.com web.whatsapp.com accounts.google.com docs.google.com sheets.google.com slides.google.com talk.google.com gg.google.com script.google.com ssl.google-analytics.com video.google.com s.ytimg.com apis.google.com googleapis.com

Just wanted to add I have similar setup for my guest network , the only difference is pfsense is my wan edge device… I have 2 networks on lan , one hosting my home network wifi and lives in meraki world the other is for guest and is in ubiquity world.. I also have usg since I want to test out the low to no functioning usg for a beautiful all in web Interface... do let me know if  u have further questions as I have spend enough time on topology and setup and will try and answer ur questions if any

pfsense is a great edge device and makes for a great piece of a layered network design

opendns secure internet gateway service prosumer version (20.00) annually

isp modem

pfsense with snort annual paid subscription(29.99)  same definitions as cisco firepower

modern honey net targets on isolated vlan << great for seeing who is probing your network

wifi pineapple to keep wardrivers at bay

splunk log aggregator free for up to 500M of logs daily

antivirus/antimalware

internal home network on cisco layer 3 switches

for less then a nickel a day you have a pretty solid security system that can rival most corporate institutes or better them!