@Cool_Corona I already tried this option creating the file, but the problem was the same, now I used the system -> Advanced option. I will see if will work. When finish the tests I will give a feedback for you. Best Regards

@GregTheHun said in Unable to enable DHCP server for OPT1 interface: my interfaces to have Static IPv4 addresses You can even disable / remove the IPv4 address on your interface. For "DHCPv6 Server & RA" to work, you should have a valid IPv6 set up. If your question was remotely related to the subject of this thread, you have set a /128. Which leave zero space for a pool, so DHCP (V6) isn't possible. You didn't do that ?? Did you ? @GregTheHun said in Unable to enable DHCP server for OPT1 interface: I know for a fact that my OPT interfaces have DHCPv6 as the address method Show the details ?! : [image: 1601538848108-7d5ef558-6e83-4f06-be78-dfc2277f7545-image.png]

Hi Checked the IP list, there are some duplicated IP addresses in AWS IP list. Pfsense do not import the duplicated IP addresses. Thanks!

In 2.4.5p1 you can leave the max tables value at the default, which is now 400000. 120seconds with no traffic is something significant. I would expect to see something logged. Or at least something in the monitoring graphs, maybe for CPU usage. Try a packet capture on WAN when that's happening. Is anything leaving? Anything coming back? Steve

Yeah I think if you're really seeing 600Mbps download there with peaks at 800 that loss is just the hardware limits. Steve

@Gertjan I already have everything in place Intel(R) Atom(TM) CPU E3845 @ 1.91GHz 8GB RAM and 4 Intel NICS [image: 1601488204900-rack.jpg] I know how to set this box up, done that quite a few times to get the desired results; I then followed the guide I posted because of "Things as "security" are as good as the knowledge of the admin", and my knowledge in Network is limited, so I thought to follow a top-post I found on Reddit. As I can't troubleshoot due to limited knowledge, I'll follow your guide and learn along the way. After installing 1400m of CAT6a, 5 new PoE APs, IoT, security and several servers I badly want this network to behave the way I want. Let's see where this journey is leading cheers

@nash27 said in Health Checks for PfSense: route53 healthchecks Don't those check from multiple locations? If your blocking access to where those checks are coming from - then yes they would fail. I would assume that if your opening 443 on pfsense to the internet for managment, you would have that locked down to specific IPs - atleast that is what any sane person would do ;)

I'd have to guess it's because you are locking the account rather than disabling or removing it. AD it probably returning that in some additional string that only applies to Windows and not general LDAP auth. Try running a pcap and see what it's sending if you can. If any of it in unencrypted. I doubt you are the first to hit this. Steve

inode ... => file system issue .... => repair file system. And probably your UPS is overloaded or the battery isn't what it used to be.

@Yo5hi said in NTP not syncing with clients: I just wish that my devices don't have to wait 60-80 secs on boot to sync. So, it boots, asks the time ones - got it, and sets it's own clock, and wants be sure and checks up a second time. It pauses the entire system while waiting for that ?? No RTC, bad NTP implementation ... hummm.

@AKEGEC said in Unable to access any network that uses the same ISP as I do: Well we have a different opinion about that and that’s ok. All of it ?

Start a continuous ping from a client on VLAN 40. Run packet captures on each interface to see where the pings are going and what's coming back. It's almost certainly a conflict of some sort with symptoms like that though. Steve

Urgh, well that sucks. But as I understand it the OP here is still using the ISPs modem so it shouldn't apply. Steve

@meem said in diagnose stuttering performance: I can see that I get 30-40 dns HUPS per hour - looking at the settings, I hadn't changed the default lease time for my new VLANS so i've made that change now. It was at the default (2hours)... made it 8 hours now. Looking at my Splunk logs I can see that i've been getting 30-40 HUPS per hour every hour (including throughout the night) That could do it. Hopefully, changing that to 8 hours is enough. I've seen rogue DHCP clients ask for an address every hour regardless of the default setting in pfSense. If changing that is not enough, see if unchecking DHCP registration helps just as test. You then have to decide if your need to lookup hosts by names outweighs having stable DNS, or you can try to track down any remaining rogue DHCP clients on the network not following the 8 hour lease time.

Indeed, when the resolution value for the same period is deepened, the values obtained in the report are different. Below the last 30 days with 01 hour resolution on the same network. [image: 1601384960619-monitoring-traffic-1h.png]

Just trying to add as much potentially useful info here: Here's two traceroutes in both directions. Run on workstation: traceroute to VM traceroute to 192.168.100.184 (192.168.100.184), 30 hops max, 60 byte packets 1 192.168.10.1 (192.168.10.1) 1.207 ms 1.173 ms 1.158 ms 2 server.localdomain (192.168.10.101) 1.196 ms 1.199 ms 1.198 ms 3 192.168.100.184 (192.168.100.184) 1.459 ms 1.473 ms 1.461 ms Run on VM: traceroute to workstation traceroute to 192.168.10.100 (192.168.10.100), 30 hops max, 60 byte packets 1 192.168.100.1 (192.168.100.1) 0.154 ms 0.130 ms 0.117 ms 2 workstation.localdomain (192.168.10.100) 1.105 ms 1.097 ms 1.085 ms

No, not really. Nothing like that exists in pfSense. Steve