https://docs.netgate.com/pfsense/en/latest/highavailability/index.html has info on setting up automatic failover. However, states only transfer if the network cards are the same in both (igb0, etc.). In a CARP configuration router1 has a LAN IP (.2), router2 has a different LAN IP (.3), and they share a CARP LAN IP (.1). So the web GUI on the backup router would be accessed on its LAN IP. The not-automated way would be to keep the backup PC off, and upon failure or the primary, disconnect it, turn on the backup and restore the configuration. If you are plugged in to a newly installed backup router and can't get to the web GUI (using HTTPS?) then something's off...either try restarting the web processes from the console menu or just restart it. LAN can access the router on the LAN IP by default.

@jpozzoli said in SG-1100 random crash/reboots: @bmeeks They want me to collect the logs during a power failure/reboot. The problem is this is a random occurrence. I don't have a problem plugging the "serial" cable into something and letting it collect, but I don't know what should do the collection. If I did putty, I don't think the connection would survive the power loss on the SG-1100. Any suggestions? (I've also asked support the same thing, but would like to get non-Netgate options as well). The log on putty will capture everything. The terminal session does not close out if/when the device restarts.

@rod-it I've tried with finding a way to get the phone connection to work with pfSense but have had limited results. EasyTether has a FreeBSD driver that dc's constantly and does not reconnect and I have no idea on how to enable the laptop's built in wifi adapter. One of the comparisons of router/firewall software was that FreeBSD derived distros have horrible wifi support. At the moment I'm thinking of just setting the laptop up with a linux distro that I know how to configure and just do everything manually without a nice web interface (main reason I wanted to use pfSense). I don't have any experience with working with OSs that use FreeBSD and that seems to be where I am hitting the most road blocks.

@provels Thank you for the tip. All except the last two lines were added by the installer, so I guess I'll leave those as is, the last two I moved to loader.conf.local. I rebooted and everything seems to boot fine :)

@csfshore SOLVED! SOLVED!SOLVED! It was the NIC on the NUC! (I don't have disposition of the original downstream SG-1100) but it worked as easily as suggested with replacement NUC. THANK YOU to all

@longliveipv4 , This because pfsense allows IPv6 6in4 packets connections. You could try to add two floating firewall rules to Block IPv6 Any to Any. A rule for incoming -interface Wan and a rule for outgoing - interfaces all others lan,opt1. .. Then go to Services to disable DHCPv6 Server & RA (Router Advertisements) and DHCPv6 Relay. After that disable Allow IPv6 in System>Advanced>Networking. Also Change all IPv6 in interfaces IPv6 configuration select to None.

huh? Why/How would unbound be using the webgui cert? Just because its listed there in a "possible" cert you could use if you enabled dot in unbound to use for people that query it - doesn't mean its actually used.. [image: 1615632571032-dot.png] You sure wouldn't want it using your default selfsigned webgui cert..

You should made a tutorial how to hardening pfsense here or on Youtube. One thing, just remember your pfsense can be compromised without you knowing it (no logs). Especially attack on cloud with ssh. For example, service syslogd stop adduser -D Username. johndoe. login group: wheel pkg install sudo vi /usr/local/etc/sudoers root ALL=(ALL) ALL johndoe ALL=(ALL) ALL Voila!

@akegec said in **WAN (PPPoE) reset after change of "Periodic reset schedule"???**: @lf1985 , usually periodic wan reset doesn't trigger a whole reset, it seems that your ISP puts you on different internet profile after fluctuating happens on your line. ISP already assigned you with a fix IP address. Btw have you tried factory reset your modem? What the Threadstarter want to know is why, when changing in the pppoe GUI ONLY the hour and minute for the "Periodic Reset", the whole WAN pppoe interface has to be resetted. my 2 cents, fireodo

@yeleek , strange things are happen when you are not active. Next time, make sure your DHCP and DNS resolver services run before going to sleep ;)

Huh?

@mkernalcon said in How to powerfail-proof an appliance?: I'm really surprised this isn't a more requested feature, especially for the sub-$200 appliances. These are great little kits to send home with unskilled people, except for this. Track back the past of pfSense. People wanted more, the market was there. See what m0n0wall - is was close to romable : like a "linksys" router with RAM and a "disk" (file system) as a ramdrive. But it ran on a PC like device, had a real trusted OS without the 32 Mbytes space limit. These days, huge packages (extensions) exist. But it comes with a price : its not that device anymore that you can treat as a light bulb (pull the plug). pfSense doesn't look like a full fledged PC, but is like one. Its even more : you double it. (HA) and you fed it with UPS's. It should be handled like a 'server' (with the 3M scotched on it : do not shut me down'). I understand that a SG1100 doesn't match this description, but that's Netgate's fault : they managed to scram a "big" thing in the size of a packet of cigarettes. Nice, but wrong. pfSense should be taken care of as a device that looks like this. Even the guy with the metal head would understand that.

@bmeeks Kudos and although dozens have experienced this that you took the time explaining it.

@gertjan CPU：CPU(s) 2 x Intel(R) Celeron(R) CPU 3865U @ 1.80GHz system：Proxmox Virtual Environment 6.2-4

@bob-dig Ok, I'll try

@jimp Also it's suspicious to see the same errors on WG interface Mar 11 08:55:40 kernel igb1: link state changed to UP Mar 11 08:55:36 kernel igb1: link state changed to DOWN Mar 10 18:07:35 kernel wg0: promiscuous mode disabled Mar 10 18:07:35 kernel wg0: promiscuous mode enabled Mar 10 18:06:42 kernel wg0: link state changed to UP Mar 10 18:06:42 kernel wg0: sc=0xfffff80007764c00 Mar 10 18:06:42 kernel wg0: link state changed to DOWN Mar 10 18:06:42 kernel wg0: link state changed to UP

@andyrh Actually it was still zoom. But in Firefox, you have a separate option to Zoom Text Only. Once I enabled that it worked as expected. This was starting to make my eye twitch a bit.

@tommyverburgh add TXT record to unbound When you find your own question top ranked - first link - on Google (grats !), this means that you should consider that your question is wrong. Next best : reddit, stackoverflow and friends will tell you that unbound is a resolver, not an authoritative name server, as that is the one that handles stuff like zones, the pace where you put TXT records. And then, a couple of cm further below, you find the guy who actually read the manual, and found it . Its a question of a cut and paste, using the right config commands and a mixture of quotes : server: local-data: '_aaplcache._tcp 259200 IN TXT "prs=xx.xx.xx.xx"' I couldn't really test this, but unbound accepts the syntax. [image: 1615451488500-f226ab85-1816-4104-852f-1a0cfd9a6f47-image.png]