@stephenw10 Not remembering how I had OpenDNS set up. I am only running pfBlockerNG. I have both IP and DNS-BL set up. Also no RAM Disks set up. Was in a hurry to get back online for my job. So after a few hours I gave up trying to figure it out and just fell back. Probably just chalk it up as an unknown. You have answered my questions. Maybe another time I will try OpenDNS. But afterwards I will reboot to make sure it holds.

It can't access a certificate revocation list so it can't check if the server certs have been revoked. That's not a problem for the connection though. I doubt Nord publish a CRL, though I've never looked into it. Steve

@stephenw10 Some home routers provided by ISPs have a 'DMZ' option that can be used to connect a downstream pfSense firewall WAN interface. You can continue to use the home router's LAN for the connections in the home that you don't want protected by pfSense. E.g. guests that just want to use your home router's WiFi without you monitoring their traffic. Your real LAN, sits behind pfSense and is only connected to the pfSense LAN interface. It is not directly connected to the home router. The pfSense WAN interface is connected to the home router by Ethernet cable and the home router's DHCP should be configured to serve a static/reserved IP address to the pfSense WAN interface so it has the same 192.168.1.x IP address every time. When the reserved IP address has been configured as a DMZ in your home router, all incoming traffic to the home router will be presented to the DMZ IP address. I have seen this implemented differently on different devices. Some will bridge the DMZ port so that pfSense will show an external IP on the WAN interface. Some will just NAT the traffic so pfSense sees the 192.168.1.x address on the WAN interface.

Yeah, I would try that if you can. You might also try booting FreeBSD 12.2 (or 13) and see if it does the same. Or a 2.6 snapshot.

@tomz said in Problems with Netflix and Amazon. NOT using a VPN.: I agree. They gave me a new IP in a completely different pool, and now everything is working again! Last time, it worked until the next day. I'm not going to touch anything on the router over the weekend, and see if it stays up. Thank you for all your help. It really helped bolster my argument, and pointed me in the right direction to to negotiate with my ISP. I'll post back with what happens. Glad you got it sorted out. I would watch your firewall's WAN IP and see if it changes. If it does, and Netflix breaks again, you know the cause. Your ISP might want to investigate the original IP netblock you were assigned. Perhaps it is on a VPN list by mistake, and if they use it with some of their other customers, they might have the same issue.

This will probably do it: https://forum.netgate.com/topic/155698/how-can-i-get-this-udp-relay-package-for-casting-across-vlans Or you could try PIMD bur the UDP broadcast relay is more likely IMO. Requires some work to setup though as it's not a pfSense package. Steve

There isn't anything built in to do that. You could open a feature request: https://redmine.pfsense.org/ But I would suggest tuning the gateway parameters to not log that latency level if it's expected during normal operation. Steve

Found it - truncate -s 0 does the trick. FYI for anyone interested - here is what you can do to dump, save, clear the current and old logs: tail -100 /var/log/filter.log | cp /var/log/filter.log /var/log/oldfilterlogs/filter_date +"%Y%m%d_%H%M".log | truncate -s 0 /var/log/filter.log | find /var/log/oldfilterlogs/ -type f -mtime +30d -delete

Ah nice! Something probably changed in the route. Fireware update, router swapped etc. You could probably find where it was failing with enough tracetroute and pinging but finding someone to admit it's a problem and fix it is a different matter! Steve

Update: I have fixed the problem now, turns out I chose a bad speedtest server I am now getting 800-900mbps down by choosing a good speedtest server.

What version of pfSense software are they running? That option is a recent addition in pfSense CE 2.5.x or pfSense Plus 21.02.x and later.

@gertjan said in Stay at 2.4.5-p1 or go to 2.5.2?: ou should share the logs, all details of the setup, so some one can test them out one by one, or some one recognizes details of your problem, and he will share the already known answers. You might even find a unknown bug. I've currently out of standby devices, because I have to install them on new locations... and new ones have a hugh backlog... i will test with a spare device as soon as possible...

Known issue, fixed in 2.6: https://redmine.pfsense.org/issues/12107 Just check the 'Disable SMTP Notifications' box and it will save. Steve

@stephenw10 Some great options there, thanks

@gertjan And the Status > Monitoring : Quality / WAN_DHCP chart. Thanks for this tip. Works nicely. +1 The recent spike in packet loss and delay clearly shows a WAN outage.

Just add firewall rule with logging enabled for that IP. Put it above any other rules so traffic to that always hit it. Steve

Sounds like an ARP issue? Or an IP conflict maybe? Anything logged? How does it fail? is pfSense still sending traffic but without responses? Steve

I have 2 cisco sg300's, 28 and 10 ports.. Yeah such features are a bit above your entry level smart switch.. But more full featured switches can be had for reasonable prices.. The 28 port is pretty much my core switch in what is my office/computer room ;) while the 10 port sits in my av cabinet in the living room.

@gertjan Thank you VERY much for your assistance.

Could also be an IPv6 issue. It looks like the Nest Hub will use only v6 if it thinks it's available. If pfSense is handing out v6 addresses but doesn't actually have upstream v6 connectivity it would look like this. A pcap should show it doing that though. Steve