Bump.. No comments about Jimp’s suggested solution Is unavailable when you use the the more modern and secure IKEv2 EAP based solution?

ok thank you, will delete rule

Yeah HAproxy would be the way to do it, and you can do ssl offloading so all the certs are managed in HAproxy, and sure use acme to do the certs, etc.

In the end, the choppy video calls were also caused by EMI over a 40 meter long shielded CAT6 cable for the WAN connection. It went right behind a mini fridge, so I guess that worsened the EMI. I had to set up a fiber link between two switches and send the WAN connection over a separate VLAN on the fiber trunk.

I can't imagine that being a specific issue. Basic config. If you are able to disable the service as a test though I would do that. Otherwise I would be comparing other crashes with that to see if they are all the same. Steve

In terms of the packet loss - probably not. Unless one of those links has gone bad and you only see packet loss in connections that happen to use it. A 4 way lagg (LACP I assume?) is probably a waste there, I would go down to 2 way. That would allow you to unplug one link at a time to see if either is bad. You should also be able to see errors on the interfaces that make up the lagg. One will be a lot higher if it's a bad port/cable. Steve

@Ziomalski said in pfSense sends packet as 0.0.0.0: I noticed the P2 negotiates 0.0.0.0/0 for local/remote. That is normal for VTI and not related to this isssue.

Ok the first thing I would do there is switch to VirtIO NICs in KVM unless you are doing so9me sort of hardware pass-through. That will mean re-assigning the interfaces in pfSense when it boots back up as they will appear as vtnetX. I would also try setting the CPU type as host which I have seen improve things there. You almost certainly don't need anywhere near 32GB RAM. Steve

Mode 6 is the correct to work with your pfsense setting. Restart both devices to be shure, it will work. Is there a Firmware upgrade for the Switch? Is any type of LAG/LACP Bugfixing in the release notes?

Just wanted to drop in and let everyone know that the clock was definitely the issue. pfSense has been rock solid ever since the clock issue was resolved. Thanks again! Philip

@ajaypatel26 said in Cannot access NAS, SMB and Printer web page: do [anybody] guys follow RTFM rule (LOL) Noop. Probably not. I typed "pfsense bridge LAN interfaces" use Google (you could try another one) and the first link was ... the manual. Normal. Pfsense talks a lot about ... pfSense. Like : no need to consult ... BMW if you have a question about ...a Ford ;)

@BlankSpace said in WAN fails to keep DHCP address on cable modem reboot: only have igb0 through igb3, that's all I need? As @stephenw10 says too "prtsc" shows in my example one I350-T4 and one I350-F4 are configured so it shows 0 to 7.

Check this recent post : https://forum.netgate.com/topic/156110/dns-resolver-fails-but-forwarding-resolves/2?_=1600669615330 www.nic.in took me some 45 seconds to show a page. Looks like the web server is under heavy load ... go figure why ;)

Mmm, yup sounds like a hardware issue then. Always suspect RAM first. Try removing or disabling whatever you can. Steve

@stephenw10 said in IP Aliases questions!: Steve Thank you for your response. https://redmine.pfsense.org/issues/10918

You have to block whichever DHCP server is handing you that private lease. It only blocks dhcp it won't stop you accessing the modem. Steve

Thank you all, problem solved. Was onboard network card. Now i moved my wan to 4xnic and all is perfect. I did also a fresh install because i was not able to delete the pppoe witch had link with my onboard nic.

@MacUsers said in How to pass VLNAs from two seperate interfaces to main Switch?: in my case but will be able to explain why it's a bad idea in general Performance for one - there is no way your going to be able to bridge in software as fast as you can with doing it on in hardware on a switch. 2nd just complexity of configuration. Users can barely understand firewall rules on an interface, let alone on a bridge.. Are you doing the rules on the interface, or the bridge, etc. 3nd would be misuse of a router port.. A discrete interface is way more valuable as actual interface to do routing with, than to try and use it a sub optimal switch port. When switch ports are cheap!!! There are cases when bridge on your firewall makes sense - but to be honest it is almost always would be the last choice if can do it cheaper, simpler and easier config.