But also if you have set the webgui to run on a different port, say 43434, it will redirect to that. http://pfsenseip => https://pfsenseip:43434

True. I guess I should specify, when using the default values or DHCP. My test setup has more hosts than that and is served by a 3100. I never see any DNS issues.

Both those things should be a feature request in redmine if there is not something existing: https://redmine.pfsense.org/

I'm down to the one problem that IPV6 doesn't work. I can see the DHCP6 request sent over the WAN interface and the /60 PA returned. However, these neer get assigned to interfaces. Also, the router sends a seperate DHCP6 requst for the WAN interface (because the instructions do not selecet "Request only an IPv6 prefix"). ATT assigns an IP address that is completly different than the PA assigned and regardless it is not assigned to the WAN interface. We should be taking the first prefix ID (for example prefix ID 0) and using it for the WAN interface IPV6 address. Any further ideas. I suspect there is more configuration required for IPV6 that is not in the guide. IPV4 and everything else seems to work. Have WAN DHCP6 PCAP.

I don't recall the exact command but it was something like usbconfig -i ugen0.2 detach_kernel_driver

Yes, it needs improvement. There is currently no way to configure what triggers a notice though. There are open feature requests you can add a comment to. https://redmine.pfsense.org/ Steve

Opened bug report: https://redmine.pfsense.org/issues/15547 Appears to be mostly cosmetic though.

Ok so like it says there: To allow logins with RADIUS credentials, equivalent local users with the expected privileges must be created first. So the local user must exist.

From that many versions back I would just reinstall to 2.7.2 and restore the config. But what IP does it get? A private IP from the modem? You can set the dhcp client to reject leases from the modem server IP to prevent that. Cable modems will comonly hand out their own leases until the line syncs. Steve

I expect it to be in the Hyper-V setup. Though the NIC itself would probably need to be in promiscuous mode to pass tagged and untagged traffic. The Guest VM shouldn't see the VLAN tagging at all. Though you could probably set that up in a few different ways. I don't run Hyper-V so I can't help you with it directly.

You can see that data in /var/db/support.json. That should get updated every 24hrs.

@Ratfink Connecting two sites with Wireguard VPN is absolutely doable, and you don't even need fixed IP's for it to work. When you say you have 5 fixed IP's from your ISP, I'm kind of assuming you have your office at your house? Meaning they are both connected to the same fibre? Otherwise, if they are at very different locations, is it still the same ISP? In terms of getting the IP's on the respective pfsense machines, I assume you know how or have instructions from the ISP to do this. Might be MAC based if DHCP for example... Anyway, running pfsense on repurposed HW is very common and can be done "barebone" or virtualized. So you shouldn't have any problems getting to to work on your rack servers, hopefully. So step one is of course getting both machines up and running. And since they will be for different sites and connected via VPN you must make sure to use different LAN subnets on them. Like 192.168.1.0/24 on one and 192.168.2.0/24 on the other. Once you have them up and running you can follow a guide like one of these to set up wireguard. Even though you have fixed IP's it might be a good idea to get two domains, unless you already have that. https://www.youtube.com/watch?v=2oe7rTMFmqc https://www.youtube.com/watch?v=7_gLPyipFkk

Nice.

@keyser said in Poor 10gbps WAN throughput: @Gblenn Did you knwo you can do this: https://answers.microsoft.com/en-us/windows/forum/all/how-can-i-prevent-automatic-updating-a-specific/9967b1cf-dc6f-495d-82be-4ab3f3207ff1 Thanks for the tip but that is not the issue, and it didn't help. Every time after a shut down and start of the PC I cap out at 2-2.5 in speedtest (only download however). What is interesting however, is that I now tested with iperf and get the full 9.44 Gbit... so what is it that speedtest does differently, or fast.com for that matter?

@zaibi12345 said in configure unifi with pfsense: 1 unifi dream machine pro controller with 20 access points connected with it, In lab if more than 400 users get connect, it got crashed all connected users faced disconnectivity. 1200 users is actual limit as advised by unifi support team. actually we need to connect more than 2000 users at a time and 5 controllers is not a solution I use a self hosted controller https://help.ui.com/hc/en-us/articles/360012282453-Self-Hosting-a-UniFi-Network-Server Easily installed via this script https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776 Which I run on a Debian VM under Proxmox on a Mini PC also running pfsense as a VM. For your application, being more generous with the hardware would be sensible. https://lazyadmin.nl/home-network/unifi-controller/ and https://techspecs.ui.com/unifi/cloud-keys-gateways/cloud-key-enterprise

And that nmap error was triggered in that time period?

@stephenw10 Thanks so much for all your time and patience, but I finally admitted defeat and gave up. I canceled the Verizon service today and will be returning the gateway device shortly. I'd love to track down the gremlins and eventually switch away from my horrible DSL provider, but the trial I was on was about to expire, and I was out of time to screw with it for now. Maybe one day I'll try it again, possibly with T-Mobile home internet, which I think it also in my area. I've heard they will be making it easier to 'bridge' their gateway device soon, so that might be an option. I really do appreciate all your help, sorry we couldn't come up with a real solution!

You don't have to set .1 as the gateway. It still has to be the real gateway IP. The subnet simply has to contain both the host and gateway IPs. The next Installer version should be very soon.