It wasn't that it's unstable in 2.6 it's that the drivers stopped building in our build infrastructure for some reason and the errors were preventing snapshots being built. Since the only thing we've ever sold that has Realtek NICs (apu1) runs just fine with the default driver the easiest thing was to remove it at that point. I can ask about adding it back. Steve

@indiegamesfan said in Can't reach access point on other interface/subnet to configure it.: and block the web interface on the guest network I doubt that would be possible with most AP devices, but probably the best chance is to use an outbound NAT rule as mentioned and on the AP allow access only from that IP (the IP of that NAT rule).

Yeah, the chances of a NIC failing so that it's not seen on the PCI bus is extremely low. It's far more likely to fail on the other side. If hardware failures like that are a concern you should be using an HA pair. Steve

@johnpoz Thanks, yeah I was aware I can see it real time, I was looking for logging. Firewall rules with logging enabled works too but IMO the service itself should do it.

ok so i solved the problem... idk why I didn't do this earlier but I checked the arp table of the computers that were not working and the mac didn't match my router. turns out that my brother's switch killed itself and decided to give itself statically the same IP as the router, arp poisoning the network so the computers could only access devices in the same subnet. idk why this affected only Windows devices

@bob-dig Found it and it expired 120 days ago. I have renewed and it will expire on Dec 3, 2027. tnx

@stephenw10 Thank you, I will check the snmp protocol ;)

More information needed. This fails after the install? Can we see a screenshot? Which pfSense version? Which ESXi version? How is the VM configured Steve

@dimskraft where are you creating this file - I use public key to auth to my pfsense, I only have that enabled, you can not ssh with password. You put the Authorized SSH Keys for a user, in the user manager.. [image: 1654958761603-key.jpg]

Ah, that sounds like it's missing some lines and the linksys can detect that and fall back to 100M, which only needs two pairs. If that is the case then setting 100M fixed at both em0 and the Cisco switch should also link. If that does work then you are losing some connections somewhere. If not the cable then it could be in the port perhaps? Steve

I have a new, clean install of 2.6.0 CE that is doing the same thing as the OP described. I'm running this box in a VMWare environment. Initial install went normal, with no issues. The issue started when I went into System->Advanced and tried to tell the webConfigurator to use HTTPS. I'm using the default self-signed certificate. The WebGUI redirect box is unchecked (default) and the Anti-lockout is enabled (default). As soon as I click the Save button it breaks the webConfigurator. Every browser gives the message "This browser must support cookies". I have also tried multiple browsers from multiple machines with different OS's. The only way to regain access is to use the console and re-enter the LAN static IP. During that process it asks if the webConfigurator should be reset, choose Y and it resets back to HTTP access only and access is regained. Has anyone found why this is happening?

@johnpoz said in Allow access without NAT IP?: @lewis just create an alias and put in the fqdn.. Then use that alias as your source. I just noticed I do have an FQDN alias, for the voip provider. That's great, that will work. Thanks so much. I just love pfsense. I recommend it to anyone I come across that talks about needing a firewall. It's amazing.

The swap slice is also used for crash reports, but that would be a lot of crash reports! It show like that if the RAM has ever been exhausted. Check the monitoring graphs for hiostorical RAM usage. Steve

@bearhntr said in pfSense with CloudFlare (and WireGuard - soon) - setup AD DS: @bmeeks I think I may have it all working. pfSense has the DOMAIN overrides in place for the ipv4 and v6 addresses. There are no DNS severs in pfSense GENERAL setup area. There are no FORWARDERS in AD DNS. All root hints (v4 and v6) are populated and resolve. Some of my devices are picking up IPv6 addresses on reboot. Still not getting things added to DNS for DHCP reservations...but I am gonna watch it and see how it goes as they start expiring. NSLookup is now showing IPv6 address for DNS/DC - but not the IPv4 (on the AD DS server). [image: 1654797340555-e1fa74f3-1c6b-40c7-a5e0-1b265833a2aa-image.png] AGAIN - Much appreciate for the help. I will update as I learn more. Glad it is working better. Windows prefers IPv6 when available, so no surprise about how the IP addresses are showing up. As for DNS registration of local hosts, that is highly dependent on the dhcp client app on the local host. Things like Windows and most Linux desktops will either by default supply a desired hostname when requesting a DHCP address, or they can be configured to do so. Some Linux operating systems don't do that by default, but can easily be configured to supply a desired hostname with the DHCP request. IoT devices are a toss up, though. Some may, but I suspect most won't, supply a desired hostname when requesting an address via DHCP. For those devices, you either need to do static IP assignments via MAC reservations in DHCP and manually provide static DNS names, or just forgo that feature for some devices. IPv6 can also be a hinderance here because devices can and will have multiple IPv6 addresses by default (privacy extensions, for example). All of those may not get DNS registration. That's one of my beefs with IPv6 -- it seems referring to devices by a hostname was not fully thought through when it comes to all the multiple IPv6 addresses a client might have.

In the BandwidthD settings there are two checkboxes that as I recall default to unchecked: Output to CDF Log data to CDF files log*.cdf Recover CDF Read back the CDF files on startup. Checking those saves data across a router restart but not a pfSense upgrade, I'm guessing because the package is reinstalled (?). So uninstall/reinstall should do the trick.

If you disable the debugger like that my understanding is that you will get no backtrace or crashreport of any kind so solving issues becomes far more difficult. Watchdogd is used so it does have some software watchdog capability. Steve

@stephenw10 Yeah will just re-new the certs on a fresh install, seem if that helps with some of the problems I am facing.

@stephenw10 It looked like it had some sort of corruption of it's hard drive and it was not able to boot, while connected through the serial and rebooting the system we were able to see this issue. Contacting with Netgate support we were able to restore pfSense so this ticket can now be closed. Thanks.

Sorry , I was busy these days I will do it Thank you Steve

It sounds like one of two things: An MTU issue. Check everything is using 1500, at least internally. An IPv6 problem. pfSense will try to use IPv6 by default and if it has any IPv6 connectivity it will hand out v6 IPs to clients. Most clients will then try to use that by default in preference to v4 and if there isn't actually full connectivity the browsing experince goes to crap as they have to timeout before trying v4. Disable DHCPv6/RA in pfSense if you're not using it. Also see: https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html Steve