@stephenw10 said in PF sense crashed after upstream ISP upgrade . Fixed but , working strangely .: 127.0.0.1 It was a DNS issue , the PF sense had been inheriting DNS from the upstream ISP ( Virgin ) . There is something wrong since the upgrade with DNS , working with PF sense . I re-entered DNS addresses 8.8.8.8 & 1.1.1.1 I changed the DNS settings , to and unchecked " DNS to be overwritten by DHCP WAN" I then set DNS Resolution Behavior tp 'Use local DNS , and ignore remote DNS " Seems to be working again now

@viragomann You can see the DNS request just below the one going out the VPN pipe to the 1.1.1.1. It was originated on a machine in the internal net that has the 10.100.2.14 IP right now. Everything is set to query the .1 address in the subnet and then as far as my understanding goes the resolver takes care of it after that. Why it is saying the INT VPN interface is beyond me unless the traffic is getting passed there first but I wouldn't think so. The only reason I was doing it that was was to add more obscurity of the traffic on the server side. Getting connections to from a 443 that doesn't match the location of the DNS requests.

You might need to check 'allow IP Options' on the pass rule there: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html?highlight=multicast#ip-options Steve

@jpaquin said in SG-3100 doesn't route traffic after WAN lost/regained: no clients past the firewall can get out to the internet No DNS or they can't ping? I've seen a few posts recently about Unbound not working (though the one I can think of was "after boot").

I believe I got it. Turns out, the FritzBox (at least in regards to virtual ip/mac) is crap. What you see is not what you get. I crossreferenced what I saw on the FritzBox with my local computer. [image: 1622053434216-fritznet-arp-table.png] On my local computer it seems to work as expected. Furthermore I disabled the exposed host functionality and went for a simple port forward. [image: 1622053716161-fritzbox-port-forward.png] With this, initiating a vpn connection from the offsite works without any problems. I'll mark this as solved. Thanks! //edit: Ok seems I'm unable to edit my first post. Anyway for me this works now. Have great day!

@christophermay These other routers (presumably consumer routers) might have had NAT reflection enabled by default (without the ability to disable it), but that has other drawbacks. DNS override is the more reliable solution for that in the end.

Thanks you all for the insight. The XML file and modifications worked great.

@nguser6947 You can also create some LAN firewall rules to prevent access to WebGUI by anyone except your workstation.

Downtime at my house is not a thing. It has been booted after this started and has only been up 23 days... embarrassingly short time... I just now got around to asking if there is a way to stop it. Thank you for the suggestions.

Yes. What about to a different public IP? If you are hitting something odd in the route you may not hit that to a different target.

@akegec said in Packages not updating: I remember how it used to be, no contracts and lawyers, we just used a hand shake to make a deal without any problems. EXACTLY! I have mentioned this here before

Just how 'live' do you need it to be? You could tail the filter log at the command line if you really want to see it as it happens. You might try using the ntop-ng package. Or one of the other monitoring packages: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html Steve

@cool_corona I did a small test with opnsense and multi-wan with port forwarding for openvpn did not work there. From what I read on their forums it is kinda a hit-and-miss depending on which build they use. Same goes for untangle. It could be me off course with my limited knowledge. But for now in the land of the blind one eye is king :(

@wgstarks Thx I’m good, was confused by n/a for off-line leases

I also noticed some of my clients experienced the same from AS30312 Netgate and AS27325 zColo. About Covid, it'll not end until mid or end 2023. My condolence for your lost.

@Artes Thanks a lot for your input. Actually your comment was right on the spot. Location B has a requirement of 1400 MTU. After changing to TCP instead of UDP, everything is working. Great help, thanks a lot both you and @JKnott for the comments! Have a nice weekend ahead! Cheers!

@gertjan Yes, I have not mentioned virtualization but that is the idea, VirtualBox runs ok with pfSense, just beware and use the NICs as Bridged and ensure they are not putting any traffic in the Host (no IP, etc) You can VBox as a service (with Linux) or AlwaysUp in Windows with a watchdog can keep the VM running if it crashes, there are many options. Immutable/Non-Persistent disks helps too.