TAC subscriptions are valid from purchase so I would expect that to have expired.
If you send me the NDI in chat I can check it.

Steve

LOL, this smarty pants tried upgrading the pool, too, with equivalent results. My user (me) was very angry with the sysadmin (me)!

The OpenVPN logs can be seen in the gui in Status > System Logs > OpenVPN.

If you want full content logging you will need to use Squid in full intercept mode:
Youtube Video

Did you have other certs or CAs already defined and/or in use?

Then I would post in the main pfatt thread, someone else there has probably hit this: https://forum.netgate.com/topic/99190/att-uverse-rg-bypass-0-2-btc/537

Can you ping anything other than the two configured DNS server IPs? 8.8.4.4 for example. Setting those adds static routes for them in pfSense which could potentially be wrong.

Can pfSense itself connect out? Install packages? Or ping out from Diag > Ping?

What you have configured looks OK. Do you actually see the auto outbound NAT rule created for 10.10.1.0/24?

What's the WAN actually connected to? Is it actually losing link like that?
Not that the WAN flapping should cause php to get hung up like you're seeing.

What's in the main system logs when that happens?

I don't believe it can be added to the included packaged version. And I don't think it's possible to pull in the pro version from their repos to 23.05. The build versions would not be matched.

Hmm, that php error looks like this: https://redmine.pfsense.org/issues/13562

But that should have been fixed. You might want to add your result there.

What's actually broken here? You are just seeing that error?

Something is trying to connect to somewhere that has no route. So usually that's because the firewall lost it's default route (otherwise it would have a route). It could also be some local gateway that has stopped responding that it needs for a route.

OVH is notorious for weird addressing/subnetting schemes so you might have something odd like a gateway outside the local subnet.

Steve

@ozanbabatas My problem is solved. Now I can connect VPN to the modem through a remote server and access it. Thanks

If you do that I recommend unchecking Backup SSH keys when you backup the config so you don't end up with the same keys on all hosts. That also affects the auto-config-backup key which you would want to be unique.

Steve

@RubeGMachine Even browsers are doing the same...thought you would gather that intuitively.

Which DynDNS provider are you using?

Have you applied the recommended system patches? Those are in 2.7 already, try that if you can.

If you have more than one gateway defined, like a VPN gateway or an internal LAN gateway, you should definitely set WAN_PPPoE as default rather than automatic. Otherwise it may default to one of the others and that's almost always invalid.

for reasons I cannot explain. This router just starting working again yesterday. I can now screen and use the commands I have tried. I have no explanation why.

@sgw did you check Monitoring in pFsense on XG7100? Check Quality and then check delay std. dev - did it changed(increase) when you go from 22.05 to 23 version? Main is much worst then on 22.05.

@natharas said in Cant see switch in DCHP or ARP table:

I have cameras on the switch that are using a different VLAN and all are working.

which has nothing to do with the switch getting its management IP which would be on vlan 1.

Unless you changed it to be a different vlan?

changedit.jpg

@scottlindner said in need to reboot when modem reboots:

Yes, those are both set to All network interfaces.

Not a fan of that - especially for outgoing.. The local interface is really the only interface you need to use for outgoing, any traffic out the wan would be natted to your wan IP, or vpn IP, etc.

The only time you would need to select another interface - if you were doing say forwarding to some lan side dns.

You could make a case for only selecting the interface for listen as well - do you really need unbound to listen even on wan? You serving up dns off your wan interface?

While its a good "default" setting because you have no idea what someones setup might need. The admin of the box should correct those settings to be best suited for their needs. All is rarely that.

edit: these are my settings, it listens on the interface I might serve up dns on. And only uses localhost as its outbound interface.

settings.jpg