The simplest way to get back to a known working state with those sorts if errors is going to be a clean reinstall of 2.6 and config restore. If you cannot do that you can try a force re-install but that is not guaranteed. https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstall Steve

@departy As @Bob-Dig : [image: 1646643883767-5a3455e9-33b1-4940-9361-46c08720ffb0-image.png] says that dyndns is synced every day at 1AM1. The sync is also triggered at a WAN NIC network event, as this might imply a WAN IP change. If pfSense uses a RFC1918 IP on it's WAN, there must be an upstream router. These routers can renegotiate a new WAN IP without pfSense knowing about it. For pfSense, the RFC1918 didn't change : no WAN NIC event : the dyndns sub system isn't made aware of a possible change. As proposed : accelerate the checks. The dyndns script checks the domain DNS IP (it does a nslookup or dig) and compares the obtained IP with the IP stored in a local cache file. They must be the same. If so, the IP is shown on green in the widghet. If not, the IP is update on the DNS server side, and if all ok, then the local cache file is updated.

@steveits thanks for the tip re old releases. Lesson learned.

Probably both. The pfSense package should not create a pimd conf file that includes invalid interfaces. pimd should probably not kernel panic on a bad conf file. I expect it to simply fail to start. Steve

No, I've not noticed that. What CPU is that? The widget gets those values from the sysctls so I'd suggest you might just be missing the peak values that are caused by loading the dashboard. Try loading the CPU artificially and see if the steady state values match. When I'm doing that I use: [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [1] 6443 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [2] 6589 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [3] 6594 [22.01-RELEASE][admin@5100.stevew.lan]/root: yes > /dev/null & [4] 6923 That makes the 4 cores there run at 100%: last pid: 7719; load averages: 2.28, 0.69, 0.29 up 2+01:00:56 22:36:41 64 processes: 5 running, 59 sleeping CPU: 15.7% user, 0.0% nice, 84.3% system, 0.0% interrupt, 0.0% idle Mem: 20M Active, 152M Inact, 437M Wired, 3229M Free ARC: 175M Total, 42M MFU, 129M MRU, 172K Anon, 785K Header, 3756K Other 57M Compressed, 175M Uncompressed, 3.05:1 Ratio Swap: 1024M Total, 1024M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 6443 root 1 103 0 10M 2068K CPU1 1 0:49 100.06% yes 6594 root 1 103 0 10M 2068K CPU3 3 0:47 99.90% yes 6589 root 1 103 0 10M 2068K RUN 2 0:47 99.86% yes 6923 root 1 103 0 10M 2068K CPU0 0 0:46 99.83% yes 7719 root 1 20 0 13M 3572K CPU2 2 0:00 0.21% top 87020 root 1 20 0 14M 5068K nanslp 1 0:21 0.02% vnstatd On the 5100 the core temps are help pretty close: [22.01-RELEASE][admin@5100.stevew.lan]/root: sysctl -a | grep temperature hw.acpi.thermal.tz0.temperature: 0.1C dev.cpu.3.temperature: 46.0C dev.cpu.2.temperature: 46.0C dev.cpu.1.temperature: 46.0C dev.cpu.0.temperature: 47.0C Other CPUs may not be coupled as well to the heatsink, or internally each core. You can run killall yes to stop those. Steve

@thewaterbug I have a friend with a bare MBT-2220 running 2.6 on 500Mbit sym fiber and we're not seeing any missing speed -- but we haven't really pressed it too hard.

nevermind...I figured it out.

@hamsterray See here.

@stephenw10 said in Resolving a domain in firewall rule: Every 5mins by default. See: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases Steve I am fascinated with pfSense...so much to learn and what it can do.

You should open a ticket with us to work through it. You need to access the serial console to diagnose or repair that. https://www.netgate.com/tac-support-request Steve

@wheelhouse20 yes, I know there is a newer version, haven't updated yet.

You would have to access the subnet behind pfSense using port forwards. Or you could add a static route to the client PC for the 192.168.10.0/24 via 192.168.1.2. Steve

Well I wouldn't buy that particular one since it appears to include some sort of fast charge circuitry. I have no idea how that affect a USB data connection through it.

Yeah, the dependency is two fold. The default config has the WAN set as DHCPv6, the LAN set to track WAN for the IPv6 prefix and a DHCPv6 server enabled on LAN. To disable that first disable the DHCPb6 server on LAN. Then you can set the LAN interface DHCPv6 type to none. Then you can do the same on WAN. Steve

Right. If you were using the Filer package you would need to update it there instead to avoid it being overwritten. Steve

Yes, exactly . The traffic hitting the bogons rule is all going to be that same IGMP I imagine and that's not really at all useful to log. So just stop logging traffic on the bogons rule and you will have far more log space/time. Steve

I don’t know. I don’t have any other vpns setup. Anyway… Thanks for the support. @stephenw10: I owe you a beer!!! :-) Problem is solved. Kind regards

Also remember LAGG of 2x1G interfaces doesn't mean you will get 2G of bandwidth for one single connection. You will at MAX get one single 1G stream and if your application can use multiple streams you could get 2x1G.

@stephenw10 hi, thanks to your post you made me think to check an interface that I use for the Wifi Guests, and in fact I used them the same subnet, changed that one it is solved now everything works perfectly A thousand thanks

@stephenw10 Good call. I may have to upgrade my NICs to get the most out of all of this. I'm not sure they are up to snuff.