@viragomann Sorry the pictures above where outdated, heres my updated frontend information [image: 1671662389854-screenshot_99-resized.png] [image: 1671662389441-screenshot_98-resized.png]

@michmoor said in Captive Portal bypass issue: talking to the netgate team Euh .... the solution was already on the forum. 13747 went from Not a bug, to Duplicate, to Bug again to get solved. I guess it's a question of finding the right words when writing feedback. The official patch, as always, is much nicer : why adding a line if removing something does the job And be careful : https://redmine.pfsense.org/issues/13784 was added on the fly : A MAC can (23.01) be blocked the soft way, the user will see the message that his MAC is blocked. You can chose bewteen an error message, or a MAC block portal page to be uploaded. See here for info and example how to implement that. Or : new, see 13784 : totally rejected : the MAC becomes part of the pf rules that block any interaction with the captive portal interface. I guess the user would be able to get a DHCP lease sorted out, and that's it, nothing more.

@scorpoin said in Increase wap memroy: increase swap memory Re install pfSense. That's the moment you can choose partitions sizes.

Hmm, it seems like something must have changed that is now consistently triggering it. That might be something external.

@jmickens It seems I was using a container name and not a user group. Once I changed to a valid security group, it started working.

It seems to have been a DNS issue. The default settings were set to DNS Resolver after factory reset and first setup, which was probably the culprit. I turned it off and turned on the DNS forwarder instead, and now the internet works better than ever! @stephenw10 @Derelict Thanks for your help~ I still don't exactly understand how that was an issue, but it works now. Have a nice day :)

@lewis no problem - glad you got it sorted..

Yes, the firewall rules in pfSense should allow you ping between all the subnets. Or send any IPv4 traffic. The clients in those subnets have to accept traffic from other subnets though.

How is that traffic shaping queue defined? What settings have you used? It could be so restrictive that traffic put into it is failing. Try removing the queue from that rule and retest. Steve

The ISP is handing the gateway as a private IP and that's common for a PPPoE link and not normally an issue. I have that here. But, yeah, using a 192.168.x.x address is far more likely to conflict. However, exactly as I also see, that gateway does not respond to ping. You should set the monitor IP to something further upstream like 8.8.8.8 so you get real monitoring data for the link. Steve

@steveits hi thanks for the reply. I tried what you suggested but unfortunately nothing

@jimp your description fits my case exactly. Thank you very much, this solved my issue. Have a great day, Mauro

@rcoleman-netgate said in Is APU1c good for latest versions of pfSense?: @joea IIRC this is what I did on mine last year. . . . Thanks. Just one more step required.

@stephenw10 Thank you, I was not aware of the « Use non-local gateway » option but setting the gateway using the cli instead of the web interface seems to automatically detect wether it’s local or not and now it working as expected. Thank you all for your time of the explanations.

Yep, you would think. Except errors maybe. But worth checking, we've seen weird things like that before.

Yeah, it returns 'pfSense' there intentionally. Anything else would be uncontrolled if it's not hardware we know about.

You can read through the thread where this was initially diagnosed here: https://forum.netgate.com/topic/173923/strange-error-there-were-error-s-loading-the-rules-pfctl-pfctl_rules I doubt anything can be learned at this point since the reported errors from there will always be 'device busy'. As shown there we need to see the truss output leading up to the point where is gets stuck which is the first time pfctl is run for this that were hitting it consistently. Steve

Not really unfortunately. None that I'm aware of at least.

You would probably want to use the DNS blacklist feature in pfBlocker to filter requests made against the resolver in pfSense. By default pfSense will pass it's own interface IP to use for DNS via DHCP to clients. You can also force clients to use that rather than something hardcoded: https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html You would then add clients you want to be unfiltered as static dhcp leases and set a different DNS server for them to use. Steve