@stephenw10 I think you hit the nail on the head, I had recently made NAT changes on the Primary side as part of a setup for testing wireguard and went from automatic to hybrid and broke it by creating a NAT to the CARP address that synced to the Backup. Thanks for pointing me in the right direction.

@stephenw10 Never mind, i gave up the package freeradius and i'll use a freeradius server with my users stored in openldap. Thank for you help. mkal

@stephenw10 The above procedure did the job. It would have been just as quick to backup config, re-install and restore config. In a high availability environment with hot-swap drives, the procedure would be a great solution to avoid any downtime. Thanks for the info. Ted

Sorry I have not updated. I have not been able to get back to the firewall yet, but I am hoping to soon.

@rcoleman-netgate Duely-noted.

Ah, that will do it. I should have pressed that question when I asked it earlier. Lesson for today. Good result. Steve

Probably something in the crypto-routing that is generated by the allowed subnets. Also remember that Wireguard doesn't add any routing for you so you must add that manually if you need it. Though you're probably using policy routing here. Steve

If you assign the lagg interface and leave as type none you should be able to set the speed/duplex there and have the members inherit it. Using DACs can be a problem though as they often don't present any selectable speeds to use. Steve

@stephenw10 I will try that next. Thanks for the recommendation.

@192-168-1-0 Okay - thanks for that too. My HH 2K is currently plugged into the 2x analog trunks coming into the house (Bell bonds them within the HH 2K). From there, my only cabled device is a data switch that I have for pretty much everything that is cabled into the network. There is a secondary cable connection, which is coax as I said and that runs to the TV in the family room. For some reason, if the cabled/coax PVR loses power or stops working, then I lose all of the wirelessly connected PVRs. It seems the HH 2K is really dependent on the coax-connected PVR. The Bell support person told me one time it's what stores my recordings (from any in-home PVRs, wireless) and so when I play them back, it comes off of the coax-connected PVR. As I say, if I lose the coax-connected PVR, I have no TV at all - just internet at that point. With the websites I use for watching TV - I almost don't need the "tv service" from Bell anymore. I'm considering dropping it, but I will wait and see what options they offer me to get off of the analog trunks and onto fiber...

@NogBadTheBad @stephenw10 thanks guys!

Then I'm not really sure where you are getting the traffic data from currently. The logs don't record that. You need Netflow data to see session bytes remotely. Steve

You can reply here any time. There is no time limit on threads currently.

@stephenw10 Just as a side note: still seeing that phenomenom in current snapshots / dev versions of the package. Install seems fine I guess (no immediate DNS/dpinger problem) but after upgrading/reinstalling the package you'll get it again.

@castle You positively run both. I use pfSense as my edge router and Mikrotik (RB450x2) for my LAN, the best of both world and love it. The downside is it could be expensive having two devices plus the learning curve.

That seemed likely since it's specific to starlink but you would see something in the routing log. And it has to actually receive a new dhcp lease to get that and your issue looks to be during the timeout where it's failing to pull a lease. So you have no IPv6 configured on any interface? They are all set as 'none'?