@bhollingsworth said in WAN not getting IP address on reboot: I'm not sure what to think now. Any thoughts? Does it still fail when the data tap isn't connected? If so, that would tend to indicate a hardware problem, which it masked by it. And I do not use IPv6 so I can't comment on that. Well, why not give it a try? You'll have to move to it some time.

@cool_corona yes 3xWAN 1xLAN include failover tested and working on 2.5.2 brNP

I have not seen anything like that for FreeBSD/pfSense but it's not complex, it could probably be ported easily enough. You might be able to do it with a mirror port on a bridge and some filtering. Or maybe just using netcat in a script. Steve

My understanding from the breeze over I did of that article linked to - is you could send it to different servers based on name - but you need to use the proxycommand from your ssh client.. Which seems like more work then just using a different local domain or IP ;) and not bouncing off the proxy. That could come in handy if all your clients that wanted to talk to different ssh servers were outside your network vs doing a reflection connection from the local netework.

Is there nothing more shown? I expect to see more in the connection attempt. At least something indicating if the server side is refusing the auth attempt or just timing out or responding at all. It's not uncommon to see several connection attempts required like that though. Especially if it was just disconnected. Steve

@sgseidel said in Unable to ping Ubuntu software repository: maintainer for Suricata so thanks for alerting me. and also the Snort package don't take it as intrusive (I know grandchildren are important too): the 1 year I described as a deep learning, but don't let that put you off... you say you're retired (IT spec.), so you might have more time to learn this great tool

@gertjan That did it! I had issues entering text via the console at first, but I moved the USB cable to another port on my PC and it worked fine. Ran this three times and then rebooted. IT'S ALIVE! Filesystem check: fsck -y / Reboot: /sbin/reboot Thanks again!

@thatguy said in Internet routing stability problems: I'm thinking it has something to do with your ISP. I have almost the exact same problem with a Carrier Grade NAT ISP in my area. Any client I manage that has a pfSense appliance and using the same ISP has the issue as well. It has been suggested before, and when it was, the term voodoo-engineering sprang to mind. Only briefly, until I realized people on this forum are experts, not banging rocks together. So this morning my connection dropped again. I was in an on-line meeting, so I noticed immediately. And I was unable to quickly fix it with the usual release/renew-cycle. So I came up with a second work-around, which seems to work. There is one solution and one workaround. Solution: Call your ISP and request a static IP. You will most likely have to pay more for it monthly. That is a possibility, but my ISP requires me to upgrade my consumer plan to a business plan for that. Not only does that double the costs, it also comes with business terms and conditions that don't need to adhere to all kinds of consumer protections. Next year our village will have a glass fiber network, and I'll kick the cable modem anyway. So I'm not going to commit to a whole year for a new plan. Hopefully the fiber provider will do better. Though I do think this is something we need to understand. What is it exactly what they do to throw off the best router in the world? Are they violating the protocol? And how can pfSense be hardened against that? It seems to be hardened against nearly anything else... Workaround: Make a script to periodically ping the Gateway. Once it fails the script will automatically disable and then re-enable your pfSense WAN. Here is the post on how to create that script. However, I run it every minute instead of every five minutes through Cron. Well, I am a Linux software developer, so this is something I could do, but I'm a bit lazy, so I came up with something else. Something we did 20+ yeas ago, when cable modems and ISPs didn't have their stuff in order: I have taken the DHCP dynamically allocated IP v4 address, mask and gateway, and I have configured it as a static IP configuration in pfSense. That'll teach them! I know they don't like that, and it can cause IP conflicts down the line, but I've had the same IP address for years, so I'm sure I can ride it out until our fiber connection is here. And since they seem to violate the protocol, I'm feeling free to do so too ;-). Anyway; Static configuration brought back my connection immediately, while many release/renew-cycles a moment before did not. So there must be something DHCP at play. I will report back here if the problem persists, but I have good hope, since it cured the problem so quickly.

I would first try copying it from FreeBSD 12.2. A lot of modules will load like that.

SG-2100 (2 days out of box) on latest - 21.05-RELEASE (arm64) VPN OpenVPN Clients Pencil Edit User Authentication Settings Area/block Load the empty password box - just tested it - with the box below unchecked (default) - Do not retry connection when authentication fails That was not it. the box being checked - it was the empty password box. Have a screenshot picture but getting that into this underpowered forum tool is not worth the effort. 1 min exact boot to the OpenVPN fowl up - then about 2:30 to the finished console screen due mainly to what appears to the be GeoIP files being reloaded and placed?

@leemajors said in cant log into webgui: how do i set up console access nothing serious happened https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html miniUSB cable to PC or MAC, etc -Putty or MobaXterm or what you like https://www.putty.org/ https://mobaxterm.mobatek.net/ [image: 1627229868642-969e7547-6ec8-4268-9a9a-2058ce5c18dd-image.png]

@kiekar Well, you need to get some more skills, before we continue... Obviously, you are using Wireshark, which is fine, but you did not capture any VoIP stuff. There's actually a menu for all of that. This is basically a filter for the packets you captured plus something that shows you an outline of a call. Just play with this. Once you have monitored a bad call convert the packets to text and edit your IPs etc, such that nobody can figure out who you are.

@jimp I wasn't asking for help because I didn't collect logs or take screenshots of the errors. I work in support so I know how the game goes especially with no logs; I was just pointing out that weird thinks have been happening in the last few releases that did not happen before like this PHP error that made my filter rules with aliases disappear and so that I could not edit any filter rules at all. Not sure how or why a factory would resolve the issue; regarding DHCP, Unifi is to blame here as they had several DHCP issues when the DHCP server used was non UDM..I'd hold off from upgrading any AP's until at-least the next release comes out. Now that I've signed up for the forums I'll be sure to collect screenshots ands logs to document any issues I experience..sorry I didnt think to do so this time.

@stefanl Same here. Went smoothly.

@jknott The traffic goes through the IPSec tunnel because the networks are defined in IPSec phase 2.

@stephenw10 Answer, hopefully in order... Version is 2.5.2 on the Azure VM and 21.05-RELEASE (amd64) on the 5100s OVPN is site-to-site, pre-shared key, UDP on IPV4 only, Layer 3. On the remote server there is a point-to-site server (for use as a remote internet gateway). It's for travel use but nobody's travelling so there are no connections. Latency is 27-32 ms, WAN Azure to WAN local; 100-130 ms to the other sites from WAN local. I only have one local device so I haven't tried to replicate here. I could spin up a Hyper-V guest but not now, I am currently working on alternative method, most likely a Linux server on the local LAN, running OpenVPN as a server and NAT port forward Linux server. We are up interactively but backups through the tunnels are an issue. Not an expert regarding state tables so I wouldn't know what to look for. I can try clearing the state tables after the trouble begins to see if that reset avoids a reboot to restore WAN performance. Would that provide useful information? We're not running IPSEC now. We were, but IPSEC failed after a recent upgrade. We switched to OpenVPN. I have read that the IPSEC issue has been resolved but haven't switched back. One more observation. We do have a point-to-site server running locally. There is one user, a Synology raid device that phones home and stays connected 24x7. It is used as an off-site backup device accepting snapshot replication and file share backups. It's been running without issues. It seems to be the site-to-site tunnels that are tripping us up, on the client-side.