Appreciate all if the info!! Will

@jessicaseuk Wished you had format as legacy with GPT, though.

@stephenw10 Yeah, I never saw an ARP query initiated by the ISP over several hours of capturing all ARP traffic on the WAN port.

@mrjoli021 are these IPv6 addresses? Maybe you just need a bigger screen? ;) I have 4 columns of widgets, the firewall widget is in the far right column, and not seeing this, even with 5 digit ports. [image: 1664032589371-widget.jpg] So you maybe have texted zoomed in your browser? If I make my browser window smaller, I take it this sort of what your seeing? [image: 1664033109158-browser.jpg]

Some of the older 'easy smart' switches failed to handle VLANs correctly. You could not remove ports from VLAN1 meaning broadcasts leaked between VLANs. I have one of those. I also have a newer, much more expensive, TP-Link switch and it works great, no complaints. I'm not aware of any particular issues with their current low end switches either.

Set the LAN interface to use a different subnet. 192.168.100.1/24 would work fine.

@onepiece said in Creating VLANs and subnets (and SSIDs) using pfSense: Do most modern APs allow multiple SSID transmissions using separate subnets simultaneously? Proper APs usually do, but using a router as an AP won't. Just read the specs to see what an AP can do. I have a Unifi AC-Lite AP, which supports multiple SSIDs and VLANs, as did a TP-Link AP I used before. BTW, some people here like the Unifi APs.

@Gertjan @stephenw10 Thanks for the pointer. Filer does seem to at least backup the file. It's Base64 encoded but it is in the backup file. I will try it and see what happens.

Sorry for the late reply. Didn't want to jump the gun. New drive did fix the issue. I appreciate all the help you guys provided!

As long as you manged to resist smashing something.

yeah, I found this thread yesterday on forum.level1techs.com and switched it off, as you said, only to see no difference. "PPP is weird if you’re used to LAN and ethernet addressing. There’s only a single IP on the other side, and peers are originally meant to be symmetrical and not really ask for IPs using DHCP - instead, they’d just announce what IPs they have using IPCP and expect the other side to ack. Then the whole ip address discovery thing was bolted on, so you as a peer can say, “I have 0.0.0.0”, and ISP can say “no you don’t, you have 2.64.x.x”. ISP peer can still say “I have 10.64.64.0” and you’d typically use that as a gateway. In your routing tables, you’d have a directly attached 10.64.64.0/32 route via ppp0 as well as a 0.0.0.0/0 (default gateway) route via 10.64.64.0/32 . [well something along those lines anyway … ppp itself is dying … but you might end up having /32 on ethernet interfaces these days instead] My PPP log says the same now. Thanks and best regards, Mike

@sticilface I only do NAT in OpenWRT for those pVPNs, between pfSense and OpenWRT it is routed.

If you have dhcpv6 enabled on WAN the dhcpv6 server on LAN will use the prefix it pulls. Those are coupled. But also should be independent of the v4 service.

@roboto All inbound traffic from the internet to pfsense is blocked by default. If your wifi client goes to say www.google.com the answer is allowed by the state. There is nothing to do with wan rules. Now if you create a new network, say these vlans or wifi network you would have to create rules on the vlans/networks interface to allow outbound traffic to the internet.

@stephenw10 I missed the part where his is inside a DTLS tunnel.. But I can almost promise you tplink is using napt.. Unless it has something setup for dtls for vpn passthru, which find unlikely.. What port is being used for the dtls tunnel? There really isn't a set standard port. But setting static port, sure not going to break anything worse than it is ;)

You can still reset it from the serial console if you need to: https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#forgotten-password-with-a-locked-console Steve

@troy-0 said in Renew cert' issues: however web browser says invalid certificate. Up to you to ask why And then you find the reason : [image: 1663854093256-a6eba7ab-f085-4b80-b1e6-f733c03b032a-image.png] So, why waiting ? Go for that Advanced button, at the bottom, at the right. It's a self signed certificate. Signed by you. Because you made it (with some tools present on pfSense). And your browser doesn't know who you are - or, to be more precise, you didn't make that huge cheque to be given to author who created your browser. Give them a couple of $ xxx xxx xxx.00 and your browser will recognize you, and your cert will be accepted. Or, do what we all do : Now you can probably "make an exception for this site". And keep this in mind : the next time you re generate your Web Configurator certifciate, this error will pop up again, as your browser doesn't recognize this new, unknown, self signed cert.

@creationguy said in pfSense Software is Moving Ahead Discussion: Will these mentioned updates be available in the next pfSense+ release? Never say never but that is certainly the intention.

@stephenw10 Thank you for all of your help. Its greatly appreciated.