@johnpoz thank you both for the reply

It's dangerous (or at least confusing) to talk about VLAN 0 or 1 as an actual VLAN because you almost never want that. Switches use 1 as the 'native' VLAN meaning they use that for untagged traffic internally in the switch. You should never see traffic tagged VLAN1 outside the switch.l Seeing it usually means something is configured incorrectly and unexpected results may occur! https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1 In ESXi VLAN 4095 means pass all VLANs. So allow tagged traffic on any VLAN to pass the switch much like most unmanaged switches would. If you do have some tagging happening somewhere the addition switch on that one client that works could be stripping it. Especially if it's VLAN1. That seems unlikely though. Hard to imagine that could have been set by a power outage. Or that it would have worked before that. Steve

Yeah, I would definitely use access point mode. And LACP lagg there should not do anything much until you exceed the single links speed at 941Mbps. Assuming Gigabit. Even with wifi6 it's hard to reach that over wifi. Also it only helps with multiple connections sharing that. A single connection is still limited to one link. Steve

@stephenw10 I will look at my CARP problem and then I will look if the syslog is solved. Thanks a lot for your time

In a situation like this it's very easy to end up with asymmetric routing and that can cause all sorts of issues. How is the pfSense WAN connected? Does it share the same WAN as the other router? Can we see a diagram? Steve

@derelict Thanks for your help. I was using an Alias but NOT the IP Alias which is what was needed here. Thank you for your help here.

Double NAT is not ideal but it shouldn't really affect throughput. Especially if it's PPPoE upstream which pfSense would likely be slower at terminating. The interrupt loading from the NIC is normal at maximum throughput, that's where to loading appears. There is more on the WAN NIC because of the NAT. Yes, to run bandwidthd and traffic shaping on a 1G link will require a faster CPU unfortunately. Steve

@rico Great thanks! That seems to work

@dobby_ Hi Dobby, i reinstalled pfsense and removed the squid package and so far for the last 1 week looks good.

Looks likely to be bad memory to me. Especially if you haven't made any changes recently that might have triggered it. Is there any reason you're running an old version? Steve

What values did you add? Something that references that non-existent init? pfSense doesn't use the FreeBSD init system. As mentioned you should use /boot/loader.conf.local for any custom loader variables. Custom sysctls should be added in the GUI in Sys > Adv > System Tunables. If you need to re-install, and don't have a config backup, the installer can attempt to recover your existing config before wiping the drive. https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#recover-config-xml-from-existing-installation Steve

Yeah, never open the webgui up for public access via http. If you have to access it remotely you should only ever use https and you should restrict the source IPs that can connect in the firewall rules. Using a VPN to access it s a much better solution. If, for whatever reason, you have unknown scripts running on the firewall then you need to reinstall clean and examine your config before restoring it. You might also pull the full system logs from it first and review those. Steve

@rcoleman-netgate gotcha. Gonna hang out with this machine for now but will chose one with intel NICs whenever I need to replace it. Thanks a lot!

@netboy You’re welcome. Glad you got everything working.

Ah, well there you go. x86 FTW!

I would not expect it to. And it's almost impossible to recommend doing something like that from a security stand point. Except maybe purely as a test. Steve

Backup the config files from each node and compare the interfaces section. This sort of issue is almost always because the interfaces are not identically defined. They must be configured in the same order with the same internal names. Steve

I assume those are rules created by the webgui? And the reply-to values are the gateways? The destinations are the WAN IPs? Steve

Do it one step at a time. If you try to move from several subnets on one layer2 directly to radius assigned VLANs you are almost certainly going to hit multiple issues! I would first try to create VLANs and make sure they work with your switches/APs. That should definitely work and is not that hard to setup with Unifi gear. Then, once that's working with some test subnet, try moving your current subnets to that to separate then and see what breaks. Steve