So it loaded correctly once the clients renewed their leases and pulled the expected IPs? Steve

@jimp quick response! ok, started while wan was down would explain. but 192.168.xx.1 can be a perfectly good default gateway ip whether there is a wan or not so kind of curious behavior. now that I have populated the default default I won't be bothered by it again but it cost me in down time after ISP was restored. it makes the advertised behavior on that page no longer a certainty, maybe add 'might' or 'should' there?

@johnpoz Thanks!. Looks like setting up the bridge in docker is better suited for my needs. I don't know where exactly docker traffic go i terms of IP and Port. Will also explore macvlan. Thanks again!

And logins to other more remote sites will be encrypted with https or similar.

That's probably good enough but more data never hurts! You can upload files to me here: https://nc.netgate.com/nextcloud/s/kfzcg536kMRgtGd Steve

Yes, it almist certainly didn't upgrade fully for some reason. If you're on 22.09 now though the only way go back is to reinstall. Unless you were already running ZFS and can use Boot Envs. Steve

It was a device, simulating network card. Once I installed it as network card (just added it's interface), everything worked

Thanks a lot!!!! After rebooting the errors disappear and seems to be working perfectly. Thank you for your fast and awesome attention to this problem. Have a great day.

So what is 172.28.254.237? Should it respond to ping? It it's some internal switch or router but just doesn't respond to ping I would just disable gateway monitoring for it. Steve

Thanks so much to everyone who replied. This is very useful

@rcoleman-netgate I was leaning that way and i plan on grabbing a new drive tomorrow to test it out. I didn't think about the drive going to sleep though! I'll take a look into it as well and see if I can find out. Thanks!

Yeah, what you see there is expected at the gui command prompt. You can't enter anything there that is interactive. If you absolutely had to run the upgrade from there you would use: pfSense-upgrade -y But you should never do that because you get zero feedback while it's running. You'll have no idea what it's doing or if it completed! Run it from the real command line or use the upgrade screen in the gui. Steve

Not in any officially supported way, no. SMB, definitely not. Certs stored in pfSense in the certificate manager are stored in the config file and cannot just be swapped in and out externally. Steve

Nice. If you have LAN set to track WAN with a prefix value set you should also now see a valid public /64 applied to it.

@stephenw10 Indeed. All settings are the same. @jimp said in pfsense 22.01 crashing and rebooting: What VM hardware version are you running on those VMs? Usually weird/unexplained instability and panics like that are from running a VM hardware version (or ESX version) not fully compatible with the version of FreeBSD used on the guest. I no longer use ESX here (moved everything to Proxmox VE) so I can't speak to how things work on recent versions of ESX or specific VM hardware versions, but generally speaking it's safest to upgrade them to the most recent available VM hardware version. Sometimes with a much newer base/ESX it might not be a bad idea to keep it on an older version but that situation is more rare. ESXi 7.0 Issue has resolved by now. Messed with hw offloading and stuff. Not sure what brought the fix but the firewalls are now stable again. Installed latest updates as well.

Here's the command we use in TAC to determine the largest folders in /var: Go to Diagnostics->Command Prompt and copy/pasta the following command: du -a /var | sort -n -r | head -n 10

I really like the output of pfctl -sr from either the console or debug, run command from the web interface. It shows me the all the rules, in the order they are added/evaluated, and all the different rules (floating, interface, interfacegroups, etc) are in one list. I find it easier to manually parse or walk but you need to be familiar with raw pf rules/configs. That's my preference, others with more experience in the GUI or the XML config may find a different way better.

@jimp I appreciate the feedback but I had already done those kinds of searches with 'du' etc. There were some logs but not a lot and on this particular machine, there are no extra packages installed. I have quite a few on my other 3100s (pfBlockerNG, Snort, OpenVPN Client Import) and had no problems with upgrading directly. The good news is that it seems to be much easier to install a new version from a flashdrive these days -- it used to be a really painful process. Now I can just create a USB stick with an image (balenaEtcher), boot the device and do 'run recovery' and then restore from a backup configuration file.

No directly, no. If you run ping there be sure to specify a count. Any commands run there must have a limited time or output set. Steve

@stephenw10 said in PFSense VLan: Some switches set that for you when you set a port untagged on a particular VLAN. While true - from the entry level smart switches I have played with from netgear, dlink and tplink this not the case.. More fully managed switch do set the pvid for you. I would validate the pvid is set.. Example - I plugged in netgear gs108eV3 I had on the shelf testing something for another thread. I put port 6 untagged into vlan 9 - it did not change the pvid. [image: 1657111056755-vlan9.jpg] Now when I tried to remove vlan 1 I did get a warning.. [image: 1657111098646-warning.jpg] Which is good... But that it let me put port 6 untagged both in vlan 1 and vlan 6 in the the first place is bad.. So yeah validate the ports you put untagged in vlan X, that the pvid has also been set to X and that there is only 1 untagged vlan on the port..