Anyone still hitting this who can test there is a patch now available here:
https://redmine.pfsense.org/issues/13671#note-4
We need feedback there to confirm it.

Steve

There's a patch on the ticket now available if anyone can test it. If we get some positive feedback there we can commit it for 23.01.
https://redmine.pfsense.org/issues/13671#note-4

Steve

If you add a dyndns entry to it you will be notified when that changes. For a failover group that will show when it fails over.

I just found an old email about this thread and had forgotten about it because once you read an email, it's no longer highlighted. I felt I should come back to close it.

The problem was unrelated to pfsense completely. What it was is that I had a test SIP system on another network using the same ITSP. When it would register with the ITSP, it would break registrations from the second SIP server, the one I was actually using now.

Once I shut down the original, everything started working again.

Sorry it took so long to come back and explain this and thank you for helping me.

@gabacho4

Thank you for explaining, I too wondered about those settings.

It's still open, you should just be able to add a comment to it. I added one.

@michmoor @stephenw10 This has been resolved. Thanks for the guidance.

Are you running pfBlocker? Snort/Suricata?

Anything show as blocked?

Steve

@magikmark it shouldn't as those have to all originate from OUTSIDE your network, not inside.

@stephenw10 said in Supported CPU C-States:

Mmm, @mvikman's CPU must be very lightly used. Anything I've ever tried that on looks more like your output there, mostly in C1.

LOL yeah, it's just my home router and it's got a i5-6500, just haven't had time to dabble with pfblocker and such things yet 😆

@mrsunfire No, that was the only line I added.

Though I have PowerD set to Adaptive instead of HiAdaptive because HiAdaptive doesn't seem let CPU to throttle speed lower MHz...

@rcoleman-netgate said in LAN port hangs when using Web UI:

@nathanzumwalt MESH is evil.

Agreed... even the new network topology didn't keep the eero devices from interfering with pfSense eventually (just took a little longer for the same symptoms to appear). I replaced the eero mesh with some Netgear wifi access points and the network has been stable ever since.

@nimrod said in Is it possible for one to "slip through"?:

@stephenw10

Wouldnt this option prevented this issue ?

5f219169-7aca-464b-a7b3-ac7b58515f4e-image.png

Just to add my 2 cents worth, I just ran into a situation where the states were not being cleared because an IP appeared to remain after the force command. I ended up manually clearing the states to fix the issue.

I would say, if all else fails, manually clear the states as was suggested earlier, I think.

@johnpoz thank you both for the reply

It's dangerous (or at least confusing) to talk about VLAN 0 or 1 as an actual VLAN because you almost never want that. Switches use 1 as the 'native' VLAN meaning they use that for untagged traffic internally in the switch. You should never see traffic tagged VLAN1 outside the switch.l Seeing it usually means something is configured incorrectly and unexpected results may occur!
https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1

In ESXi VLAN 4095 means pass all VLANs. So allow tagged traffic on any VLAN to pass the switch much like most unmanaged switches would.

If you do have some tagging happening somewhere the addition switch on that one client that works could be stripping it. Especially if it's VLAN1.
That seems unlikely though. Hard to imagine that could have been set by a power outage. Or that it would have worked before that.

Steve

Yeah, I would definitely use access point mode.

And LACP lagg there should not do anything much until you exceed the single links speed at 941Mbps. Assuming Gigabit. Even with wifi6 it's hard to reach that over wifi. Also it only helps with multiple connections sharing that. A single connection is still limited to one link.

Steve

@stephenw10 I will look at my CARP problem and then I will look if the syslog is solved.

Thanks a lot for your time

In a situation like this it's very easy to end up with asymmetric routing and that can cause all sorts of issues.

How is the pfSense WAN connected? Does it share the same WAN as the other router?

Can we see a diagram?

Steve

@derelict Thanks for your help. I was using an Alias but NOT the IP Alias which is what was needed here. Thank you for your help here.

Double NAT is not ideal but it shouldn't really affect throughput. Especially if it's PPPoE upstream which pfSense would likely be slower at terminating.

The interrupt loading from the NIC is normal at maximum throughput, that's where to loading appears. There is more on the WAN NIC because of the NAT.

Yes, to run bandwidthd and traffic shaping on a 1G link will require a faster CPU unfortunately.

Steve