It's still open, you should just be able to add a comment to it. I added one.

@michmoor @stephenw10 This has been resolved. Thanks for the guidance.

Are you running pfBlocker? Snort/Suricata? Anything show as blocked? Steve

@magikmark it shouldn't as those have to all originate from OUTSIDE your network, not inside.

@stephenw10 said in Supported CPU C-States: Mmm, @mvikman's CPU must be very lightly used. Anything I've ever tried that on looks more like your output there, mostly in C1. LOL yeah, it's just my home router and it's got a i5-6500, just haven't had time to dabble with pfblocker and such things yet @mrsunfire No, that was the only line I added. Though I have PowerD set to Adaptive instead of HiAdaptive because HiAdaptive doesn't seem let CPU to throttle speed lower MHz...

@rcoleman-netgate said in LAN port hangs when using Web UI: @nathanzumwalt MESH is evil. Agreed... even the new network topology didn't keep the eero devices from interfering with pfSense eventually (just took a little longer for the same symptoms to appear). I replaced the eero mesh with some Netgear wifi access points and the network has been stable ever since.

@nimrod said in Is it possible for one to "slip through"?: @stephenw10 Wouldnt this option prevented this issue ? [image: 1668875890441-5f219169-7aca-464b-a7b3-ac7b58515f4e-image-resized.png] Just to add my 2 cents worth, I just ran into a situation where the states were not being cleared because an IP appeared to remain after the force command. I ended up manually clearing the states to fix the issue. I would say, if all else fails, manually clear the states as was suggested earlier, I think.

@johnpoz thank you both for the reply

It's dangerous (or at least confusing) to talk about VLAN 0 or 1 as an actual VLAN because you almost never want that. Switches use 1 as the 'native' VLAN meaning they use that for untagged traffic internally in the switch. You should never see traffic tagged VLAN1 outside the switch.l Seeing it usually means something is configured incorrectly and unexpected results may occur! https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1 In ESXi VLAN 4095 means pass all VLANs. So allow tagged traffic on any VLAN to pass the switch much like most unmanaged switches would. If you do have some tagging happening somewhere the addition switch on that one client that works could be stripping it. Especially if it's VLAN1. That seems unlikely though. Hard to imagine that could have been set by a power outage. Or that it would have worked before that. Steve

Yeah, I would definitely use access point mode. And LACP lagg there should not do anything much until you exceed the single links speed at 941Mbps. Assuming Gigabit. Even with wifi6 it's hard to reach that over wifi. Also it only helps with multiple connections sharing that. A single connection is still limited to one link. Steve

@stephenw10 I will look at my CARP problem and then I will look if the syslog is solved. Thanks a lot for your time

In a situation like this it's very easy to end up with asymmetric routing and that can cause all sorts of issues. How is the pfSense WAN connected? Does it share the same WAN as the other router? Can we see a diagram? Steve

@derelict Thanks for your help. I was using an Alias but NOT the IP Alias which is what was needed here. Thank you for your help here.

Double NAT is not ideal but it shouldn't really affect throughput. Especially if it's PPPoE upstream which pfSense would likely be slower at terminating. The interrupt loading from the NIC is normal at maximum throughput, that's where to loading appears. There is more on the WAN NIC because of the NAT. Yes, to run bandwidthd and traffic shaping on a 1G link will require a faster CPU unfortunately. Steve

@rico Great thanks! That seems to work

@dobby_ Hi Dobby, i reinstalled pfsense and removed the squid package and so far for the last 1 week looks good.

Looks likely to be bad memory to me. Especially if you haven't made any changes recently that might have triggered it. Is there any reason you're running an old version? Steve

What values did you add? Something that references that non-existent init? pfSense doesn't use the FreeBSD init system. As mentioned you should use /boot/loader.conf.local for any custom loader variables. Custom sysctls should be added in the GUI in Sys > Adv > System Tunables. If you need to re-install, and don't have a config backup, the installer can attempt to recover your existing config before wiping the drive. https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#recover-config-xml-from-existing-installation Steve

Yeah, never open the webgui up for public access via http. If you have to access it remotely you should only ever use https and you should restrict the source IPs that can connect in the firewall rules. Using a VPN to access it s a much better solution. If, for whatever reason, you have unknown scripts running on the firewall then you need to reinstall clean and examine your config before restoring it. You might also pull the full system logs from it first and review those. Steve