Yeah that looks like dhcpd is enabled. If you had picked /32 you wouldn't of been able to enable dhcpd. If your device can not get an IP, then its never getting to the internet.. Do you see dhcp requests from it in the dhcp log? If not then no dhcpd would never hand give it an IP. You sure your connected to the correct interface - and the cable and this device are good?

Something like the Limiters defined here: https://forum.netgate.com/post/807490 There are a number of posts in that thread detailing similar arrangements. Steve

@Vincent_28 said in How to block torrents: use wireshark. to see the port of torrents and syn. seeds of bitorrent That is a wack a mole game that will keep you busy to the end of time.. And as already stated - it can be ran over ports that you require to be open. 80/443.. The most effective method is application detection via your IPS - which again as the tech evolves signatures can change depending on the p2p product being used.. Which your IPS might not detect, analysis of traffic flow patterns can help in detection as well, etc.. But blocking of ports is not going to stop someone that knows what they are doing and how the protocol can be used. Good way to stop it is only allow your proxy outbound.. where clients have NO direct outbound connection capability... And block lists on your proxy to prevent connection to p2p networks even over the proxy, etc. Trying to control user access once you have given them even 1 port outbound is going to be a never ending battle ;)

@shawnlouis Post your problem in a new thread and provide relevant details like what you are trying to do, what happens, error messages, and your LAN rules & config.

First thing I would do is pretend it's broken, try and recover the device; get an image file from us, reflash the unit see the recovery process first hand. Once you have done that a few times, have at it...break it, add what you would like to use; when it's in the broken state fix it. This is how I learned many many many moons ago!

@johnpoz While executing the command I actually typed in “dig +trace to ns1.fmlh.edu” instead of “dig +trace ns1.fmlh.edu”

One thing you could try is booting a live Linux distro to see how it performs. This would tell you if the problem is hardware or software.

@kiokoman said in Issues with two external websites on same subnet: Both are working well from my side now with fastweb. ciao beppe grazie @kiokoman !

Thank you! I think that will work for me.

You should usually see two lines one with ALARM when one of the thresholds is breached, 20% packet loss there, and a second with CLEAR when the line quality returns to normal, probably the 5% line you see there. Steve

@provels said in PFSense on VM or dedicated T620?: @cheapie408 You could just hook up a LAN port of your Asus AC1750 to your LAN net to expand your WiFi. That's exactly what I don't want to do. I turned off the WiFi on the Asus so I can manage all my WiFi devices from the Unifi software. What's funny is after posting this message, the Asus stalled and I lost all internet connection. I had to power cycle the damn thing. This happened at least 3 times in the past 2 months and one of those time was when I was away. A higher power is trying to convince me of PFSense.

For sure. Thank you to everyone here. I appreciate the assistance. You have helped my sanity for the time being. pfSense is great and by far the best experience I've had with a router in any setting I've worked in, which isn't a whole lot. Still, I always recommend pfSense to anyone that has the ability to install and work with it.

I don't know how easy that would be. You could open a feature request for it though: https://redmine.pfsense.org Steve

@BailsBails @BailsBails said in Is there work being done on bringing openvpn up to v 2.5 on pfsense?: Hi Is there work being done on bringing openvpn up to v 2.5 on pfsense? I have a user on OSX using tunnelblick which has recently started mcdvoice receiving warnings and I'd just like to know if there is any work going on at present to bring the openvpn server up to 2.5.X Thanks Bails being a user on OSX i used to wonder the same because i was having same problem some time before when i was using it

Download any crash reports you see. You can also check in /var/crash for old reports. Ah, yes I'm running a different theme on the box I was checking on. The Filter icon does the same thing. If you want a time range you need to use regex to specify it. Steve

And still bad when putting the Verizon router back in line? Or testing directly with a single client? Steve

That would do it if it was on the LAN interface. However you do need to NAT the internal subnets to the WAN CARP VIP on the WAN interface. Without that when it fails over the states will no longer be valid and new states have to be created. https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html#setup-manual-outbound-nat Steve

If the ISP supports v6 is may have sent that ACK in repsonce to a config request. If your interface is not configured for v6 it would just have ignored it. Unless you are actually seeing a connections problem there I would ignore that. I looks like a harmless response. Steve