@stephenw10

This is the only thing i see prior

Oct 11 20:16:00 nyc-fw1-inet sshguard[69504]: Exiting on signal. Oct 11 20:16:00 nyc-fw1-inet sshguard[77474]: Now monitoring attacks. Oct 11 20:35:30 nyc-fw1-inet check_reload_status[666]: Linkup starting $e6000sw0port3 Oct 11 20:35:30 nyc-fw1-inet kernel: e6000sw0port3: link state changed to DOWN Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp) Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: DEVD Ethernet detached event for wan Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down

I do see that the LAN side had a Hotplug event as well. Looking at the timestamps the LAN side event happened more or less at the same time as the WAN side.
To me this indicates either

As part of any link-status event, pfSense restarts the internal switch ports There was some weird failure on both LAN and WAN side which i honestly don't see happening. Other cause not yet known. ][admin@nyc-fw1-inet.moore.lan]/var/log: cat system.log | grep "Hotplug" Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp) Oct 11 20:35:38 nyc-fw1-inet php-fpm[55571]: /rc.linkup: Hotplug event detected for LAN(lan) dynamic IP address (4: 192.168.70.254, 6: track6) Oct 11 20:35:39 nyc-fw1-inet php-fpm[17116]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp) Oct 11 20:35:54 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for LAN(lan) dynamic IP address (4: 192.168.70.254, 6: track6)

@frodet You don’t need to reinstall to revert the configuration, it’s on the Diagnostics menu somewhere.

Re: not save, there’s a path through interface reassignment where if you don’t click Save before you click Apply it doesn’t save…not sure if that applies here.

@Diggy then it’s out of beta apparently…!

https://docs.netgate.com/pfsense/en/latest/install/netinstaller.html

Yes you can certainly separate the ports by VLANs on the 2100. So you can have all traffic from the TP-Link on one interface and all other traffic on a different interface. You just can't separate wired and wireless traffic from the TP-Link or wireless traffic on different SSIDs unless it specifically supports that.

It probably is a value from the CPU cores. But that depends on having the cpu temp available. Try adding the thermal sensors widget and it will show you.

You can enable an appropriate CPU core sensor driver in Sys > Adv > MIsc.

Steve

Could simply be a firewall rule blocking it.

Check the states. Check the firewall log.

@jmaynard

Back in the day I was the MIS for a lawfirm in Dallas. When we moved facilities I did all the wiring for an Arcnet token ring. Boy that does take me back.

Phizix

@Gertjan

I from time to time, also love to game, and there, buffbloat fixing is important, congrats to you, to have fiber connection!! Me only on cable internet 1000 MBit (LOL, Vodafone promise is a lie, only keeps that speed in deep night, as cable internet is a shared connection, in evenings, often bad bufferbloat values and speeds below 1000 MBit) and my uplload as always in Germany, is sadly asynchron, limited to only 50 MBit upload sadly. But its all OK, I as a private person/user, can live with that. Enjoy your Fiber connection!! Hope one day, we will also be able to benefit Fiber Quality connections. SQM is just, fantastic on OpenWRT, best for fixing bufferbloat with SQM and piece_of_cake setup.

I do my Bufferbloat testing here -> https://speed.cloudflare.com/

Shows detailed info on nearly all parameters

@rcknrll said in Connecting HomeKit Enabled Router to pfsense?:

I suppose extra round of network address translation could lead to unwelcome issues. @Gblenn thanks for the advice, i will try to employ your recommendation this weekend.

Well, the one major thing is that with Linksys connected on the WAN port, pfsense has nothing to do with any of the connections on the LAN side of the Linksys router. So DHCP for example needs to be handled by Linksys, not pfsense in that case. It would work, as long as you make sure the subnets are different as in 192.168.1.1/24 on pfsense and 192.168.DIFFERENT.1/24 on Linksys. But you are then just putting a whole separate network on a VLAN. And you can not communicate from pfsense LAN to Linksys LAN without some effort on your part, like opening ports etc. It would be like coming in from the internet...

I'm sure there may be instructions out there for your Linksys model on what things to do to truly make it into an AP. Perhaps it is VLAN aware as well and then you could extend your VLAN onto the wifi network. So if you wanted you could have a Guest network on VLAN 20 and the rest on the default subnet under pfsense for example.

@stephenw10
Nice. Thank you.
I will test with the system patche.

@stephenw10 Yes we plan to reboot it

@ClayJones said in Using PFSense and a transparent firewall to create a pure IPv6 network:

ust as a follow up. The firewall idea is working well. It is remarkable how fully fleshed out IPv6 really is. Only a handful of apps or websites don't work.

Exactly. I fail to understand why some are so reluctant to move to it. With some, I suspect it's deliberate ignorance. I've had it on my home network for over 14 years and it just works!

BTW, I remember the days when it was necessary to use a tunnel to get it. I did that for almost 6 years, before my ISP provided native IPv6.

I figured it out!

The DNS resolver with pfSense on VBox is just broken; I switched it over to the DNS forwarder, and it worked as it should have.

@marcosm

https://redmine.pfsense.org/issues/15769

Thanks Marcos.

You mean using two separate public IPs for outbound NAT from two internal subnnets?

Yes, that should be fine if so. You'd have to switch outbound NAT to manual or hybrid mode and add a rule to do it for at least one of those subnets.

Steve

SOLVED:

a very basic issue, non-related to pfsense etc

The Lastpass-Chrome-extension always substituted my username into the field for the bind-user in the auth-server-config. And that could not work.

Now with tests on the shell I figured that out and replaced it with a correct bind-user. Things work now!

sry for the noise

@stephenw10 Yeah, a combined widget with a automatic reboot timer, a rollback timer and such could be REALLY cool.

@stephenw10 Ok, will try today this too. Thanks.

Indeed, I would have expected it to be. I would have tried stopping then starting (not restarting) IPSec if you can. It's possible it still had some part of that config present.

@smokinjo said in Updating pfsense before using as firewall?:

Can I just connect it to the local network and log in? Pfsense will be behind the firewall, but updating things should work fine.

Yes, as long as there is no subnet conflict between the WAN and default LAN (192.168.1.1/24). If your existijg LAN is already using that you would need to set a different LAN subnet in pfSense first.