As long as you don't assign any IPs on it you should never see any traffic there directly. Though as I say it's common to see that assigned with an IP in the modems subnet in order to access it. I use that. Just make sure the default gateway is set to the PPPoE WAN if you add another gateway. Steve

@aaronouthier said in More pfSense woes.: Some Netgear routers support it. Name one - link to this feature in the docs.. Same with that usb AC1900 card.. I don't see that mentioned about it, I would think such a feature would be crazy mentioned all over the place.. Dual band routers and cards is very common - joining the connection for a big fat connection is not.. The same SSID on both bands, again very common. But you don't actually connect to both of them at the same time and get additive speed.. This is not a thing.. Just because you have the same ssid on both your 2.4 and 5 doesn't mean the bandwidth is used and shared at the same time by a single client. The client will connect to which one is the better choice.. All of my ssids are common for both 2.4 and 5.. Client actually only using 1 of those.. You can use band steering to try and get a client to pick one vs the other. But again your not using both at the same time. edit: My controller is offline currently due to upgrade of my nas disks that is in progress. But I can show you the logs where say my wifes phone as she moves about the house moves from using 5ghz to 2.4.. Or moves from one AP to another.. The client is the one that makes a decision on what is the better choice, the 2.4 or the 5.. But if you have a way for a dual band router and dual band client to leverage both bands at the same time for a "fat" connection - your rich man, rich!! This is currently not a thing that is for sure..

No. Support contracts are not paid development so it would make no difference here. There are large number of moving parts currently and development time is at minimum. I didn't see much of a response previosuly. Let me retry.... Steve

@diggy Because of the nature of internet security, bug fixes, and repairs and exploits only a few version of pfSense Community Edition are available through https://pfsense.org/ You don't want to run a version of pfSense that has an exploit in it that was fixed years ago. Small packages are rarely updated in the same way you would find in an Ubuntu LTS build.

@stephenw10 It actually worked. I just had to change GW from 192.168.1.253 to the VIP 172.16.250.10. Thanks for your help...

@gertjan thanks! yeah seems this "spam" country thinks this is a good site to link farm.. To the question asked - No your not going to install pfsense on a cisco router ;) hehehe edit: We should prob just black hole that whole country.. I don't recall ever seeing anything but spam from that country, that country and their neighbor have a thriving spam economy.. But your not going to do it here, not on my watch ;) hehehe But will give them the benefit of the doubt.. Since at least it is in the appropriate section for such a nonsense sort of question..

Hi Steve Apologies, been a bit busy the last couple of days. Just wanted to say thanks for the suggestions, I'll have a look at the CPU usage when we are seeing packet drops next and if I find anything definitive I'll update the thread.

@zenmasta typically windows defender gets picky about non-subnet traffic and blocks it... but not usually traffic from the same subnet. So if you're routing traffic you could look into how to expand the "home" networks that Defender will allow through.

Ok so to be clear you have all three pfSense NICs connected to the same switch? And it's an unmanaged layer 2 switch? You should be able to make that work. Mostly. But you will need to be sure you have outbound NAT rules in place to avoid asymmetry.

Try this: Create a virtual IP in the same network as your modem, in this example I'll use 10.0.0.1 as an example: Where you read MVNETA1, use OPT1. [image: 1667220357172-21afc87d-3859-4254-8f4a-a133318fe22a-image.png] Create an Outbound NAT, in this example I'll assume your LAN is 192.168.0.0/24: [image: 1667220477215-679fd839-79df-4488-8a88-d9aeda5484e3-image.png]

@rcoleman-netgate said in NET::ERR_CERT_AUTHORITY_INVALID PFsense web gui error: via an IP because signed certificates rarely have the IP address in their SAN That is why you can just create you own CA, and then your cert and trust the cert. With that you can use any fqdn you want, and any rfc1918 address as san.. https://forum.netgate.com/post/831783 I have posted how to do this multiple times over the years, here is one from 2019 above. before the browsers started getting picky about how long the certs were valid, you could do it for long time ;) [image: 1667184789892-cert.jpg]

@aberickson I have APC and use apcupsd with it.

You need a rule on LAN to allow that. You may also need to NAT that traffic because the AP probably has no default route in order to reply.

Easy fix for now.. go to- /usr/local/share/pfSense/pkg/repos/pfSense-repo.abi change "FreeBSD:14:amd64" to "FreeBSD:12:amd64" save.

Yes this is almost certainly because the hypervisor is not actually using VLAN5 for the interface linked to that VM so you actually need to untag it at the switch to make the connection. Which is what you were unintentionally doing by setting VLAN 5 as the 'native VLAN' for that port. So, yes, set the hypervisor interface to VLAN5 on NIC0 there. Unset VLAN5 as native for the switch port. Additionally you can probably choose to pass the traffic tagged to the VM in the hypervisor but you'd need to actually set VLAN in the VM then which you usually wouldn't do. Steve

@gme How did turn out? 8 years later... I'm looking at how best to integrate with New Relic.

@stephenw10 you are absolutely correct. That is why I consider this a work around and not a solution.

You probably need to use sudo for that. pftop is accessing some pretty low level stuff, you can't access /dev/pf even with admin permissions. Steve

I would use the main pkg unless you need something from the dev package package specifically. So something that's in HAProxy 2.5 and not 2.2. Steve