https://forum.pfsense.org/index.php?topic=142311.0

That is cuau0 not cuaU0 which is why he was seeing that on cuau0.

ls -l /dev/cu*

connect the USB console.

ls -l /dev/cu*

The connected console will be the new devices.

I tried what you wrote and did not succeed

So did most manually
I reinstalled the packages
I left the addresses in the new range
The most annoying part is to add all addresses to a fixed address

There is an access point
Which does not appear in a list of addresses
But it can be accessed

In the old system it did appear on the list

For some reason clamd ClamAV Antivirus Does not work
i did```
freshclam

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: /var/log/clamav/freshclam.log is locked by another process

I run a Sure GPS serial module with an extrernal GPS antenna, runs smooth for about 4 years now on my pfSense box.

We had the same problem with our smaller pfsense (2nics) firewall (on the same server).

So we tried with virtio instead of e1000 and now everything looks running fine.

Has nothing todo with pfsense though :).

Just wanted to update this thread instead of someone has this problem too.

@dennypage:

@Heimire:

Just did it and noticed I got a 29ms response time on one of the pings.
First time I see that.

Ran it again and this time I see a 234ms ping.

…

--- 64.9.133.17 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.188/23.642/234.569/70.309 ms

Well, that would certainly explain things. This could arise from a few things, but the most likely guess is the target device handles ICMP as a very low priority. You can confirm this by using a monitor address that is a little further out into the world.

As a general rule you want to use a monitor address that is physically on the other side of your WAN link. Some people use public addresses such as Google's DNS servers. For my monitoring, I use one of my ISPs regional concentrators.

You can use the mtr package to help you choose a suitable target. Run mtr with a target of 8.8.8.8 and look at the hops along the way.

I think you hit it on the head.
This is still being setup and we have no live traffic there yet.
We are moving in there and just seen weird things we did not expect.

I will find some points to monitor outside the data center.

Thank you so much for your input.
Very helpful and I also realize I jumped to conclusion.
Should have done more than 3 ping when tested but they came back perfect every time.
I think when i did the testing earlier when i set the ping to 10 and ran it several times, I saw high numbers in probably 60-70% of the time.
Should have dug a bit deeper before posting.

H.

And VLAN 1 probably gets broadcast on all ports with no way to turn it off.

https://forum.pfsense.org/index.php?topic=123324.msg680947#msg680947

Others have seen similar behavior from things like TP-Link APs. I think the issue there was IPv6 RAs and such received on the AP's untagged interface were sent to all SSIDs regardless of VLAN.

They are junk. $30 for an 8-port D-Link DGS-1100-08 would have been better money spent.

I'm a fan of good, cheap gear. TP-Link often misses the good part.

WOW! the beauty of open source. Thanks jimp

Why the hesitation there?

He's probably a Comcast or Verizon customer.

Help from Nazar78, I got it working.  It ended up being the PATH in crontab.  Ran "echo $PATH" on a terminal and added whatever was missing on the PATH in crontab. And worked

Thanks,

Found the issue. It was fq_codel.

https://forum.pfsense.org/index.php?topic=126637.msg765566;topicseen#msg765566

I am still trying to find a good solution to secure my software updates(pfsense and packages) and "Cron like" events(Snort, pfBlocker rule/list updates).

I get how a temporary change might be practical for software updates but for "Cron like" events it likely won't work.

Any suggested best practices or thoughts?

Happy New year and thanks again for pfSense and the package work!!!

@johnpoz:

"So what does it mean that the TP-Link has issues?"

Ports can not be removed from vlan 1.. Any broadcast traffic on vlan 1 will be seen on ALL Ports not just vlan 1 ports.. So if you have broadcast traffic on vlan 1, all your other vlan will see this traffic..

I have the same issue on a TP-Link access point.  As a result, IPv6 router advertisements are appearing on the wrong SSID, causing devices to get an address on the wrong prefix.  While other TP-Link switches may be OK, I think it's better to just stay away from any company that does things that are so incompetent.

https://doc.pfsense.org/index.php/Can_I_use_pfSense%27s_WAN_PPTP_feature_to_connect_to_a_remote_PPTP_VPN

@jimp - that did it - many thanks.

Also, is there anyway to have that ipv6-master switch not log traffic?

1-3 Yes
4 - Yes, all on the same tier will load balance connections
5-6 Yes
7 That's up to you, that may make the balancing a bit lopsided if you have certain heavy use clients but it's the best way to ensure multiple connections flow consistently.