you have to add a rule in wan to allow... [image: 1712860779613-65762eb4-ba3f-4ff2-9d7a-5d305d84084a-image.png] ## External Network ext_ifname=igc0 ext_perform_stun=yes ext_stun_host=198.100.144.121 ext_stun_port=3478 ## Internal Network listening_ip=bridge0 ipv6_disable=yes allow 1024-65535 192.168.1.0/24 1024-65535 deny 0-65535 0.0.0.0/0 0-65535 bitrate_down=512000 bitrate_up=1024000 ## UPnP Settings anchor=miniupnpd enable_natpmp=yes enable_upnp=yes secure_mode=yes min_lifetime=120 max_lifetime=86400 system_uptime=yes notify_interval=60 clean_ruleset_interval=600 packet_log=yes uuid=fb241e30-9c00-11ee-xxxxxxxxxxx serial=CA0A9DD5 [image: 1712861019539-db87680c-23fb-4b12-b5c4-4d1bdbc68a67-image.png]

@panzerscope I had to go back to a previous configuration. I know I could have edited the config file, but I had a recent config and that fixed t he problem. I did have success in the past with a reinstall, but it doesn't always work.

ovpnc3 is a client interface. It would be named ovpns3 if it were a server. However the issue here is probably because one side is set as net30 topology and the other side is set as subnet. Both should be subnet in recent versions of OpenVPN really. Net30 is the older default.

@stephenw10 said in Pfsense + Upgrade Offered on CE Dashboard: If it's really a problem I can manually remove your NDI. But that doesn't scale! No that's fine thanks. As long as it's expected behaviour then it's good

@Dobby_ Hi again Everything was like you show - but with the risk of sounding like a broken recored if squid is being fased out what is the point? bookie56

@dhenzler said in pfSense HAproxy system adjustments need a shell command: tune.ssl.default-dh-param Does that exist without a value? Or with a value too low? What do you have set for it here? [image: 1712718079014-screenshot-from-2024-04-10-04-00-44.png] Steve

@stephenw10 I will attempt to find.

You don't have to run a controller at all, the AP can be configured from a phone app. But there are some features that do require a controller running so most users do.

@stephenw10 Just an update for you stephen. ATT offered to replace the att gateway (router). I didn't think it would help/hurt so i ended up replacing it. Ill be.... Its been stable for well over a week. Replacing ATTs equipment ended up solving the "issue". Why? I dunno. Why did a bad gateway ended up crashing my 6100? I dunno. Its fixed tho..... yay.

@stephenw10 thanks, I happened to come across that last night and it works good.. my only concern is when I updrade to a 6ghz band access point then I would need to move over to wpa3 and that does not support PPSK (as far as I know). I am just trying to see what method should I move forward with.

@teicors On AWS Plus is licensed per hour, above the VM cost. So right, if you don't like it you can terminate it.

@DominikHoffmann said in What is the meaning of this dpinger log entry?: What does this mean For future reference, see here. As @stephenw10 noted, the issue is that your immediate gateway (default route) is not reachable. A much more basic problem than what IP you decide to ping. As for choosing a target, I usually recommend performing a traceroute to 1.1.1.1 or 8.8.8.8, to help choose a target inside your ISP's infrastructure: traceroute -I 1.1.1.1 Look for an address that is a hop or two inside your ISPs infrastructure and has fairly consistent response times. YMMV.

@stephenw10: Thanks very much! Excellent point!

@stephenw10 THANK YOU VERY MUCH for helping me analyze this weird issue and what finally lead me to solution! Your support and input was amazing! Thank you!

Yes.

Nope, it only blocks connections coming into the WAN sourced from a private IP address: # block anything from private networks on interfaces with the option set block in log quick on $BT from 10.0.0.0/8 to any ridentifier 12006 label "Block private networks from BT block 10/8" block in log quick on $BT from 127.0.0.0/8 to any ridentifier 12007 label "Block private networks from BT block 127/8" block in log quick on $BT from 172.16.0.0/12 to any ridentifier 12008 label "Block private networks from BT block 172.16/12" block in log quick on $BT from 192.168.0.0/16 to any ridentifier 12009 label "Block private networks from BT block 192.168/16"

Thank you everyone, I figured it was safe to do so but wanted to ask before I committed, much appreciated! And yes @keyser I am not talking about removing ix0, just the assignment for it. @Jarhead I could go this route but I'd rather just remove it TBH.

@stephenw10 I'll get that submitted tonight. Thanks for talking through this with me.

For example using the Network tool in Firefox shows how long it took to open the page and which components took time: [image: 1712318757853-screenshot-from-2024-04-05-13-04-54.png] Other browsers have similar tools.