@stephenw10 Thank you very much !!

If the ISP router is terminating the PPPoE session then none of that applies. It only applies if that is bridging the PPPoE traffic to pfSense. If PPPoE is terminated on pfSense then: https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics PPPoE adds an 8 byte overhead so to carry the standard 1500B MTU the frames on the parent NIC must be 1508B. Those are referred to as mini-jumbo or baby-jumbo frames (RFC4638).

@stephenw10 Okay!

You shouldn't need to add a second connection. You won't be able to if you have a local subnet including 192.168.100.1 on any other interface. You may need to add an IP Alias VIP to the WAN of, say, 192.168.100.2/24 so that the firewall has an IP when the WAN is down. You might also need an outbound NAT rule for traffic from internal interfaces to the modem specifically. Steve

@stephenw10 I ran MTR for ~24 hours, 1 second intervals, behind pfSense to the Verizon address pfSense is monitoring. There was very little packet loss. The pfSense monitoring has improved also. So, I'm going to assume it was some change on Verizon's side and it has been resolved.

@stephenw10 thank you! I went ahead and put a new device in service for now. Going to try formatting and reinstalling the original one and let it sit and run to see if it does it again. If it does then it will get a new drive and put in place as the backup.

@stephenw10 said in Sorting of Firewall Alias settings: You wanted the port in numerical order? The description in alphabetical order? ...alphabetically by number? (which I see occasionally and annoys my mild OCD) @CreationGuy The brute force way would be to edit the config file and restore... I would think it's just in config file order.

Oke i tested it with a backuped VM of my OpenLDAP server and the memberOf overlay module is not needed it stil works without that module 🥳

So traffic from pfSense is being routed over OpenVPN on the host machine? I'm not sure WireGuard would be able to connect over OpenVPN to the same provider. I could imagine routing issues.

@virusbcn that will lead to asymmetrical traffic flow. And the return traffic to the other pfsense would have no state.. Even if you created a transit between the pfsenses. Use 1 pfsense, create 2 different lan side networks that your pfsenses have a transit network to talk to each other to get to each others networks. Do source natting of the traffic, use host routes on your devices. There are many ways to skin this cat.. Pick one of the ways. The easiest solution is just to do a source nat, an outbound nat on the pfsense doing the vpn so that clients you talk to on this shared lan think the traffic is just coming from that pfsense lan IP.

Hello! You could try qemu-img qemu-img convert -O qcow2 in.iso out.qcow2 John

You don't mention a switch configured to separate the VLAN. That's what I'd expect to find.

You're awesome @stephenw10. I was able to add a rule above my other rule to pass all to my LAN subnet first, and now it seems its all working as expected. The learning curve for pfsense is steep (or just understanding firewalls, NAT's gateways, rules, etc in general). Appreciate you holding my hand and helping me out!

@zkhcohen, thanks for the pointer. I was having this same issue and came across this post from Google. The issue you linked to I think describes the problem pretty well. If it keeps getting removed we might need to add a cron job to keep adding it back for now as others did for https://redmine.pfsense.org/issues/14374.

@stephenw10 Thanks! This solved my problems!

@stephenw10 makes sense, will look into all this. appreciate your help!

@akashphx said in Router Recommendations: I'm looking for 2 router recommendations. One for my home and several for my business. You might consider one of those mini PCs that are popular these days. I've been using the one described in my sig for about 3 years.

@Gertjan I run the following command via the console /etc/rc.php-fpm_restart

Yup that^. Just be sure that your outbound NAT rule is highly targeted so it only ever matches traffic trying to reach the modem.