@JKnott No, that's my old setup. I've replaced it with a single-NIC Intel NUC using vlans. Finish reading the post :D (There's an image in the spoiler)

Start here: https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

@JKnott Yes wired devices are fine also, unaffected. The only things affected are wireless devices and only a couple. Im leaning towards the access point, I'm going to swap it out and see what happens.

@rrebel Found the problem had to add an extra NAT RULE[image: 1585536497317-capture5.png]

Well ping and rdp are different protocols - the host firewall could allow rdp and not allow ping (icmp). Or if a firewall rule with pfsense, you could be allowing just tcp or tcp/udp while ping icmp..

Hello, I changed my network and have now just one NIC :-) Thank you all!

That's me. If I can mess something up, I will. I do know not to set a gateway on the LAN,. I couldn't figure out out it was set that way. I didn't know about the other place it could be set, I was trying to find it in interfaces with no luck. At least I will definitely remember that for future installs. Again, thanks very much for your help. I do appreciate it! BTW, I foot still hurts :-)

Hi Thank you @kiokoman. Works great [2.4.4-RELEASE] /root: speedtest Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cox - Wichita (Wichita, KS) [1.04 km]: 48.268 ms Testing download speed........................................................ Download: 23.99 Mbit/s Testing upload speed......................................................... Upload: 21.58 Mbit/s Regards

Not talking about what you figured out - I am talking a huge difference in a setup when your HA vs when its a single box, etc.. Did you validate pfsense is seeing the dhcp discover? Troubleshooting dhcp is 30 seconds worth of troubleshooting here... The dhcp service is running or its not running, it sees the discover or it doesn't does it send a offer... @Gertjan list is pretty spot on to be honest ;) hehehe

Thanks for the tip, Just opened a Ticket.

Found the problem: the WAN interface kept restarting if 'Speed and Duplex' was set to 'autoselect'. Changed to 'Default', and the problem is resolved.

@luisenrique said in squid + ad auth lookuot ad account: Due to some unknown reason the account used to authenticate squid users in AD is blocked after several unsuccessful attempts to authenticate the account is blocked by AD policies, I have rectified the key in both systems and the same thing happens , I am sure that It is squid, because I change to another account and the same thing happens to me or I establish an account that does not exist and stops, so the users are being able to authenticate themselves to navigate. as aditional information i see in logs basic_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' i set the password inboth system but it continues see error

Figured it out. I created an IP alias that contained the Student IPs I wanted to connect to, and a Port Alias with the different ports that NS uses, then created a NAT rule with those aliases and now things are working perfectly in the Tutor console from the Admin side. Feeling kind of silly that this didn't occur to me earlier lol. The Tech console still presents some weird behavior but I think that's due to the console's settings, so I'll take a look at that.

@ilbicio Well done! I have total clients connected now! Weeehooo!! Thank you very much. P.S. I hope one day I will learn how to collect OpenVPNusers connection history in Zabbixю

It will be difficult to recommend hardware given your budget, which doesn't include shipping unless you have eBay or Amazon in Africa. That was an important detail missing from the original post and I agree, it's going to be extremely difficult to make any recommendations based on your budget and consider shipping.

2 weeks ago i installed a "Dual SSID" UBI AP AC Pro. I installed the Unifi Controller on a VM DEB10 server , and configured it for the two "Tagged Vlans" Then i connected to a switch port (not directly to pfSense) , but the recipe is the same. You need to keep in mind that the "Controller & AP" talks untagged , so whetever Vlan you make untagged on the port , has to be able to talk to the UBI Controller AP Switch port AP Native : Controller Lan communication Vlan , untagged. SSID-1 : Tagged SSID-2 : Tagged /Bingo

i hope it's okay to reopen this problem, but with the newest pfsense release, 2.4.5, this stopped working. I noticed there is now a GUI Option for $config['system']['no_apipa_block'] but disabling and enabling it won't make it work again. At first the Traffic was blocked in the FW but after adding a rule to allow every traffic from LAN, the log looks better but still strange: [image: 1585301915147-bf4ccb2d-96e8-4179-abf5-4e94d0088165-image.png] It's only sending TCP-SYN?