@michmoor said in Assign a second IP to a LAN: Why keep the old IP as an Alias unless theres that one client that cant be moved to the new IP range for some reason. Agree - the only reason for the old IP address as a vip, is if there is going to be something on the network that you can not get to for a bit, and you need to run in a mode where the new and the old IP ranges have to run at same time.. But if you have a change window, and can move all the servers to the new IP range - there would be no need for a vip.. Unless you were trying to make the changes remote and needed to be able to get to devices from another network to change them. If your local or on the same network then no reason..

@adrien-1 Each modification of what? Do you have a large rule set? There is this patch available in the System Patches package: Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)

@stephenw10 Oh i understand now, ill take a look and let you know how it goes! thank you so much!

@stephenw10 Yeah 100%, which is why I thought it might have been a driver thing in FreeBSD. zero issues in linux and also using a netgear router with a 2.5g port. Though I think the netgear stuff might be linux based so that would explain it and no issues in windows either, but prior to this they weren't running in 2.5g

We've tried to catch most things and fix them already, but there may be some more rare/lingering issues that we haven't been able to replicate here. When in doubt, look at the open issues for packages and see if there are any recent ones for packages you are interested in.

I've read this message 3 or 4 times now, and I can't understand most of it. Probably english isn't your native language, but then ask someone to assist you in at least writing your issue down so others can actually decipher it. Or create a network diagram / overview and post it here. If it's about speed, run iPerf with -P4 for parrallel mode. A single thread will not reach 10Gbps on regular X64 hardware, as no offloading is present. A dedicated ASIC like in a switch or 'real' router, can do it during breakfast. But a general purpose X86/64 CPU can't, and will usually be limited between 2 and 3.5Gbps, 4Gbps if you have some good single thread performance. We run pfSense 2.6 CE on pretty beefy Xeon 6248R CPU's and another pair on Xeon 5118 CPU's. The 6248R does about 3.5-4 Gbps, the more common 5118 between 2.5 and 3.5. That is single connection though. If I do multiple connections I easiliy saturate bandwidth.

Hmm, this is exactly the sort of thing that might cause the VLAN config change to fail. I wonder if you're seeing interfaces use the non-primary IP... https://redmine.pfsense.org/issues/11545

@elrick75 said in PHP Errors on csrf-magic.php and diag_command.php files: (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php It looks like something was run in the Diag > Command Prompt page that didn't have a limited runtime and ended up exhausting the PHP memory limit. Only ever run things there that complete immediately. So never run something like ping 8.8.8.8 there because it will just run continually in the background . If you need to set a count limit so it returns after that like ping -c 3 8.8.8.8. Steve

@jknott valid point to bring up actually - one of the many things that makes ipv6 more than just a longer IP address ;) The hop limit of 255 and NDP is kind of like the TTL of 1 with multicast.. which keeps it local.

@courtalj Not really but also check for DNS-leakage.

@stephenw10 will remember that for the next time

@stephenw10 I'll try it. But now I cannot reproduce the issue . Thx

@nollipfsense They have tentative plans to add one, but nothing with a concrete release date yet.

Crypto hardware like that is not restricted by the CPU in the system it runs on. If the card can be installed I would expect it to run fine. It will work in pfSense as long as the QAT driver supports it. https://github.com/pfsense/FreeBSD-src/blob/devel-main/sys/dev/qat/include/common/adf_accel_devices.h#L12 OpenVPN can only be accelerated by it in DCO mode. Currently. Steve

@guardian There is option 3, you can set the VOIP server not to return anything if the credentials are incorrect. I recently reset my Snom VOIP phone and reconfigured it, it failed to work, it would appear that Safari was screwing up the password and I had to configure the password using Firefox.

I am running pfSense Plus 22.05 with i226-V NICs in passthrough from Proxmox. The trick is installing 22.05 as one needs to upgrade from CE 2.6 and then 22.01. I set it up with linux bridges in Proxmox, upgraded to 22.05, and then set it up with PCIe passthrough to support hardware offloading.

@stephenw10 does it means that the user of pfsense CE can avail TAC subscription (TAC Pro or TAC Enterprise) and just need to have the latest CE version? in order to support by netgate TAC, am I right?

@jarhead said in Can ping pfsense lan but not VM Computers: Most likely a problem with the vSwitch. Hi, Well done, it was a problem with my windows firewall. Thank you for your answer.