Sorry for the late reply. Didn't want to jump the gun. New drive did fix the issue. I appreciate all the help you guys provided!

As long as you manged to resist smashing something.

yeah, I found this thread yesterday on forum.level1techs.com and switched it off, as you said, only to see no difference. "PPP is weird if you’re used to LAN and ethernet addressing. There’s only a single IP on the other side, and peers are originally meant to be symmetrical and not really ask for IPs using DHCP - instead, they’d just announce what IPs they have using IPCP and expect the other side to ack. Then the whole ip address discovery thing was bolted on, so you as a peer can say, “I have 0.0.0.0”, and ISP can say “no you don’t, you have 2.64.x.x”. ISP peer can still say “I have 10.64.64.0” and you’d typically use that as a gateway. In your routing tables, you’d have a directly attached 10.64.64.0/32 route via ppp0 as well as a 0.0.0.0/0 (default gateway) route via 10.64.64.0/32 . [well something along those lines anyway … ppp itself is dying … but you might end up having /32 on ethernet interfaces these days instead] My PPP log says the same now. Thanks and best regards, Mike

@sticilface I only do NAT in OpenWRT for those pVPNs, between pfSense and OpenWRT it is routed.

If you have dhcpv6 enabled on WAN the dhcpv6 server on LAN will use the prefix it pulls. Those are coupled. But also should be independent of the v4 service.

@roboto All inbound traffic from the internet to pfsense is blocked by default. If your wifi client goes to say www.google.com the answer is allowed by the state. There is nothing to do with wan rules. Now if you create a new network, say these vlans or wifi network you would have to create rules on the vlans/networks interface to allow outbound traffic to the internet.

@stephenw10 I missed the part where his is inside a DTLS tunnel.. But I can almost promise you tplink is using napt.. Unless it has something setup for dtls for vpn passthru, which find unlikely.. What port is being used for the dtls tunnel? There really isn't a set standard port. But setting static port, sure not going to break anything worse than it is ;)

You can still reset it from the serial console if you need to: https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#forgotten-password-with-a-locked-console Steve

@troy-0 said in Renew cert' issues: however web browser says invalid certificate. Up to you to ask why And then you find the reason : [image: 1663854093256-a6eba7ab-f085-4b80-b1e6-f733c03b032a-image.png] So, why waiting ? Go for that Advanced button, at the bottom, at the right. It's a self signed certificate. Signed by you. Because you made it (with some tools present on pfSense). And your browser doesn't know who you are - or, to be more precise, you didn't make that huge cheque to be given to author who created your browser. Give them a couple of $ xxx xxx xxx.00 and your browser will recognize you, and your cert will be accepted. Or, do what we all do : Now you can probably "make an exception for this site". And keep this in mind : the next time you re generate your Web Configurator certifciate, this error will pop up again, as your browser doesn't recognize this new, unknown, self signed cert.

@creationguy said in pfSense Software is Moving Ahead Discussion: Will these mentioned updates be available in the next pfSense+ release? Never say never but that is certainly the intention.

@stephenw10 Thank you for all of your help. Its greatly appreciated.

UPnP should not be enabled by default. What are you seeing that on? What's the history? If you can use port forwards I would do that. Only use UPnP when you have no other option IMO. Steve

@regilayt filezilla ftp server is free. Clearly your packets being sent to the box, most likely a firewall issue. Since you can see traffic being sent to this .131 IP You running any other security software on the box. Firewalls quite often will allow local network, and block remote networks, etc. So your using pure nat, so guess what the source is when you come from local network and hit your wan IP.. [image: 1663690247733-purenat.jpg] Firewall most likely would allow that since the source is local.. I hit my wan IP from my 192.168.9.100 box, with a port forward set to send that to my 192.168.9.10 box.. See the sniff on my lan interface sees the traffic to my wan IP, and then look how it sends it on to the 192.168.9.10, the source is my .100 address. I have nothing listening on my 9.10 on port 50022, just wanted to show you what happens with a pure nat, to why that would be working, but might not work from a remote IP since quite possible a firewall is blocking it. Here is the thing your seeing the traffic sent to the .131, its not a pfsense problem if you do not get a response..

That's not required in 22.05 and you should be able to see the pcscd process using the RAM if you hit that issue. But in versions before 22.01/2.6 you should certainly check that. Or upgrade! Steve

you wrote that when you connect a PC instead a Mikrotik, its working. So i think your Mikrotik Config is wrong. Du you have a DHCP Client running in Mikrotik on that Interface which is connectet to pfSense? If YES, is the DHCP Client configured to add a Default Route?!

Maybe this post could help? I used the last suggestion to increase the screen size of my connection in Hyper-V. Add in /boot/loader.conf.local Maybe try juggling the X,Y numbers to fit? Post

I was able to resolve this issue while researching some of the error codes above. I cannot specifically comment on the exact solution.

Nice result!

@stephenw10 will do thanks