No problem I should have been clearer. Yes, the console is however you operate directly on the firewall. So either a serial console, if the hardware has one, or the 'vga console', using a keybiard and monitor dircetly.

It looks like the problem wound up being one of name resolution. Once I gave pfSense the DNS IP addresses that Comcast gave me, things started working. The weird thing was, it wasn't set on the main pfSense box either and it was working. Now, one thing that changed in the middle of all this was that the Comcast cable modem was replaced; there was a lightning strike nearby that apparently fried the one of four functionally identical Ethernet ports on the back of the modem (with cable plugged in, pfSense reported "down" for that jack but "up" for any of the others) and screwed it up in other ways so that even plugged into a working jack in the modem pfSense wasn't getting out. So I'm good for now (am continuing to run on the aux box) and have a process for moving configs from one box to the other. Now I need to build out the config more so that I've got externally-reachable boxes on one of the other quad NIC ports.

I am also using IPv6 over IPv4 here, so that makes sense.

I ended up moving back to 22.05 and restoring my backup from before that upgrade for now. This error was annoying, but what pushed me was a spent a day trying to get multiwan failover that was working before working in 23.05 and just couldn't get it to actually fail over like it should. worked instantly in 22.05 . maybe after a few more releases I'll give 23.x another shot, but for now I just need this to work as expected.

@SteveITS I did a clean install

@JKnott which is exactly what I was saying as well ;)

The correct fix for the OP problem is not to be running ntop on his wan - have no idea why anyone would want to do such a thing, it makes no sense to do that..

@mauro-tridici To be honest i set mine up to daily updates months before I started using Syslog-ng, because I thought hourly updates are unnessecary. Even on daily updates it’s rare there is changes to the lists that I use, so this is a fine compromise for me.

@bmeeks many thanks for your kind reply. sorry for my late answer.

Hmm, well that sounds like a local client issue.
Try a different client if you can.

@stephenw10 Figured this out - I hadn't selected "Request only an IPv6 prefix" and was being assigned a 2001:***/128 WAN IPv6. When I select this option, WAN now gets only an ipv6 link-local address and everything works.

@aborsic perhaps the core size is not changable through ulimit. You should be able to disable core dump generation altogether with sysctl

sysctl kern.coredump=0

@SHOTO
There is nothing that would prevent you from doing it, and it would very likely work.

You never mentioned your Inet bandwidth, or if you have multiple "local lan segments" or Vlans.
In a "Router on a Stick" solution , both Inet upstrean & downstream, and local inter lan/vlan traffic has to pass through the same IF (and IF bandwidth).

If you use your NUC/pfSense as the "only" router in your setup, aka. also serving/routing all the inside Vlans. There are some things to be aware of.

If you just use the NUC/pfSense as the "Internet gateway w. some additional VPN stuff", i'd say try it out. (Aka. still using the Netgear to serve the local lan/vlans)
If you just have a single lan on the inside, all your local traffic would be "switched" and never pass the NUC .. Go for it.

But
In a multi lan/vlan, all traffic has to pass the L3 device (pfSense), in order to traverse from one lan/vlan to another. Aka traffic would also have to pass the "single interface" twice (up & down).

The big hurdle here is the NUC IF bandwidth ...
If it's 10Gb go for it.
If it's 1GB ... It depends .....

/Bingo

At the command line run:

pkg-static add https://pkg.freebsd.org/FreeBSD:12:amd64/release_4/All/realtek-re-kmod-197.00.pkg

Then run:

echo 'if_re_load="YES"' >> /boot/loader.conf.local echo 'if_re_name="/boot/modules/if_re.ko"' >> /boot/loader.conf.local

Then reboot.

Check the boot logs to be sure the 1.97 driver version is loaded.

Steve

@DBLClick said in Assigning ipv6 address to WAN via VLAN:

are you saying, just assign a static address?

What specifically are you trying to do that requires a VLAN? If you're trying to reach your pfSense box, the address of any interface will do. Also, it helps if your ISP provides a consistent prefix, so that your prefixes don't change. Make sure you have Do not allow PD/Address release, on the WAN page, selected. And yes, enable track interface for anything that gets the prefix from your ISP.

Meant to add, I think the BE/snapshots can be done via the command line in pfSense CE. Pretty sure I saw a post from Netgate about that at one point.

@felipefonsecabh said in Make a Túnnel trought IPSSEC and OpenVPN using PFSense:

Router of External Access can ping DVC1

What source IP does it use for that?
To pass the IPSec tunnel it must be in he 192.168.15.0/24 subnet.
In which case it can only be the External Access router blocking traffic clients on it's LAN. Or potentially redirecting traffic past the IPSec tunnel?
What is that device?

Steve

@stephenw10

Thanks Steve.

It turns out it was a massive 27GB core dump which had filled the drive.

Andrea

@stephenw10 I can see the current NDI, but I don't know how to get the previous one.

I did not save it.

I have the previous Activation Token for the last NDI and the original Activation Token but never saved that NDI.

Is there a way to retrieve it?

Ok, so it's pulling a valid IP there.

Check the routes in Diag > Routes. Make sure it has a default route via the upstream router; probably: 192.168.0.1.

Thank you again for the help!

Hmm, if there's no option I'm amazed it doesn't use VLAN1. If I've understood correctly that could only pull a lease from LAN. Or should at least.