@serbus I have a APC UPS and then a APC 7900 PDU connected between them. I do have NUT setup and appears to be working right now. However, next time I am home I am going to manually cut the power and test just to double check. So far so good, as it has now been over 3 hours without a reboot since I forced an automatic system check on reboot. However, I did make some other changes (disabled PIMD, etc.) that may affect the frequency of the reboot. I am fully backed up and hoping for the best, but prepared for the worst. I will reinstall from scratch and restore from backup once I am back on site. I also plan on enabling RAM disks now as well.

@qtwrk Since wired devices work, it's not a pfSense problem. IPv6 relies on multicasts for several functions. As I mentioned, RAs are used to provide address info. All a router does is send out the multicast with the appropriate info. About the only thing that could cause a problem would be bad info. However, that would affect all devices, not just WiFi.

In outbound NAT rules, i specified the Interface address as VIP address, [image: 1595865822151-a19f0df6-9812-48dc-bbeb-104711785854-image.png] Now it works! Solved!

Thanks. I am running fsck now through ssh 5 F.

My configuration is pretty basic. Just VLAN interfaces set as downstream so that pfsense acts as the IGMP Snooping querier for the switches. I don't actually require mcast routing. Anyways, I manually copied over the config file from a 2.4. 4-RELEASE-p3 box and started IGMP proxy from the CLI. Since then its been working fine and I can make changes from the GUI.

Yeah, you need NAT to reach anything from an internal non-routable IP as you found. Try running at the command line: pkg -d update What error does it report? Steve

Did you actually see a crash report? Normally indicated by an alert i the GUI after you reboot. If not what exactly happened? pfSense became unresponsive? Even at the console? Torrents typically cause problems because the open a lot of states. That can exhaust something on smaller pfSense boxes though just one torrent client is not normally anywhere near doing that. Check the monitoring graphs (Status > Monitoring), look at the state usage in the time leading up to the incident. Steve

I no issues with either of those. There will be some variation in your own switch. Just remember that you are removing pfSense as the filter between the VLANs. Any filtering you need there now has to be done using ACLs in the switch. That also means you now have two places to check for filtering rules when troubleshooting so be aware of that. Steve

FYI...Turned out that my 24-port switch was bad. New switch = No Problems!

You can set an expiry date for local users sure. https://docs.netgate.com/pfsense/en/latest/book/usermanager/user-management.html#adding-editing-users

@OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases: pfsense has so many great features that Mikrotik doesn't That's why I prefer pfSense at the edge. @OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases: Ntopng lets me see what traffic is going through my network For this you would need to disable NAT on the Mikrotik else all traffic would be coming from 192.168.1.100 @OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases: I dont have to go to each and every of my client to set the static lease, the way Mikrotik does. In Mikrotik, go to IP > DHCP Server > Lease ... if you click on the lease you'll see an interface tab like below ... notice one arrow points to "D" dynamic lease that you can "make static." [image: 1595691311473-screen-shot-2020-07-24-at-10.26.59-pm.png]

@feedyourtv Most probably a hardware issue. The fault will propagate sooner or later. Usually is due to faulty decoupling capacitors on the motherboard. To say that ashrock boards are problematic is as invalid as by saying that windows never blue screen. If it was a software issue, this board would be full of complaints, rest assured. Have fun, as long as it works out for you this way :)

@jim82 said in WAN looses connection randomly with 24-36 hours - tried everything: 14 days after and my connection is rock solid. Thanks for your help.

@netblues One other thing, that current IP changes daily when SLAAC and privacy addresses are used. I agree firewalls should be used, but there are some things in IPv6 that make it safer than IPv4. Also, IIRC, pfSense and just about every other firewall defaults to deny all, so unless the OP actually did something to leave it wide open, he should be OK.

Ive been running a clean install (i.e not an upgrade of 2.4.4p3) of 2.4.5p1 with a minimal restore of config (too many rules to recreate from total scratch) for a few days now and gradually things have worsened. The culprit is pfctl which can be seen consuming 100% of CPU in System Activity. I have pfBlocker installed but have it set to run cron once per day at 3am and it doesnt appear to cause the load. I did notice on day 1 of running a clean install that the increase in latency occurred at exactly the precise time /usr/bin/nice -n20 /etc/rc.update_urltables was scheduled to run. Rebooting seems to reset things to some degree but at this point I suspect I have to roll back to 2.4.4p3 as this latency is making video conferencing virtually impossible. [image: 1595548302670-overview.png] [image: 1595548313617-states.png] [image: 1595548322199-notraffic.png] [image: 1595548331939-memory.png] [image: 1595548338756-cpuload.png]

Hi, Please don' t bother it , I have managed to fixed it :) thing seems just simpler than I thought , no need to bridge anything , just plugin my router into the LAN port ,reset my router , that's it. Thanks again Best regards,

@klausneil said in PROXY NOT WORKING: I put the proxy data in the browser http traffic basically appears in the squid access table (in transparent mode) (if not, there is a configuration issue and the request does not reach Squid) https content becomes visible (table) only by inserting the Squid intermediate certificate into browsers (will appear in this form in the table - domain.xyz:443) or you can use WPAD and / or PAC solutions, yet

thanks @netblues and @JKnott for your feedback. I focused on the vm host (XCP-NG) network config and found resources for enabling vlan interfaces in xen..I can now see vlan capable interfaces when creating vlans in PFsense. Enable Vlan interfaces: http://think-brick.blogspot.com/2016/02/pfsense-on-xenserver-enable-vlan.html XCP Trunking: https://xcp-ng.org/docs/guides.html#vlan-trunking-in-a-vm now time to get this vlan routing setup..

Yeah you need to enable powerd to see the Speedstep freqs used. Though in reality modern CPUs don't save much by using P-states. The savings from C-states are much larger in my experience. It all helps though. Steve