Making it a wildcard domain fixed the problems xd

@csharp2a
So you only passing through connection to your work. This is absolutely compatible with the pfSense Plus home license, of course.

These things were already discussed here some time ago and there is a document from Netgate in the web, which explicitly confirm the compliance of such a use case.

@steveits Thank you for the clarification. I have a ticket in to get my new firmware. :)

Yes, in most cases you can just backup your config and restore it into a different device. pfSense will ask you to re-assign the interfaces to whatever is available in the new hardware and you're done.
However there are some caveats! If the new hardware has fewer total interfaces for example you you need to lose some or convert to VLANs etc. If your config contains a lot of sub-interface types like VLANs, LAGG or PPP it can be easier to modify the config manually before restoring it.
And if the new hardware has the same interface types as the old device pfSense will just use them without asking your to re-assign which might not be what your want.

In this case moving from the 1100 to the 2100 hits several of those points so it's better to modify the config before installing it. But since you bought that from us we can do it for you if you open a ticket with us.
https://www.netgate.com/tac-support-request
And, yes, it will bring all the settings from the 1100 and packages will be reinstalled.

Steve

my isp uses PON, they would not give me the type of sfp i needed to plug in straight to pfsense.

If you choose restart then select rescue shell you can check the install log file to see what actually failed there.
It's probably an issue specific to VBox in OSX though (or maybe on ARM?). I've installed pfSense in VBox many times and it works fine.

Steve

Mmm, first report I've seen of that. But good to know, I'll be watching for it.

Steve

That's what dpinger does for the gateway monitor and you said you tried setting it to 1.1.1.1. That should have logged the outage.
When this happens it just restores itself without intervention?

Do you have any access to the modem to check the connection or logs?

Steve

@stephenw10
Steve, many thanks your attention.

My mistake, the backend config. (Http check method) was changed from OPTION to GET, and was resolved.

@stephenw10 After slapping Unbound a couple times everything started working! I've upgraded my modem too after having the firewall functional and it's still going strong.

Thanks for the help!

@stephenw10

I'm up and running on my Protectli FW4C with 2.5G NICs using the latest dev version. Speedtest is showing 1200Mbps down and 1600Mbps up on my 2G service.

Will try out disabling the VLAN filtering on the FW4B tomorrow.

Thanks!

In a stiuation like this you probably want LAN to be assigned as the bridge interface itself, bridge0.
Then all the other ports you want added to that bridge.

Otherwise if you disconnect the LAN port the DHCP server on it will stop since it sees the interface as down. It sounds like that might be what happened.

You will want to have access to the firewall via some other interface while you set that up because it's very easy to lock yourself out. Ask me how I know. 😉

You probably want to the bridge filtering sysctls set to move filtering onto the bridge. That way you just have the LAN firewall rules to control all the traffic from clients on it.
https://docs.netgate.com/pfsense/en/latest/bridges/firewall.html#bridging-and-firewalling

Steve

You may have to add the force flag or remove the existing pkg first because it's pulling from an external repo.

@dobby_ thank you very much for your reply. I will read the message carefully.

Many thanks again,
Mauro

@ktm

I see the bug is still open, so is there any specific info
from my installation I can provide to assist?

Perhaps also a fresh install?

@TAC57

I turned off RAM disk and everything looks good. I'm
running mirrored SSDs so I should be good.

Squid gives you the ability to use, if much is present, RAM
for caching objects faster then "old days" HDDs. But you
own SSDs and so the gain ist minimal. Or you got let us
say 16 GB to 32 GB RAM installed, DDR5-3200 or
DDR4-3200 and give some for caching it will perhaps
also speed up things today also if you "spend" let us
say 10 GB of it.

Possibly. 😉

It's not something I would normally advise doing. The traffic shaping could be problematic. The filtering to keep each customer separate will be...interesting.

But it might work I can only really suggest you try it if you can test it in something.
I will say that trying to run that virtualized will almost certainly fail without a bunch of additional tweaks. I would test on real hardware if you can.

Steve

It would be interesting to try a much longer timeout in the dhcp settings instead, The suggested 900s for example. However I don't expect that to work since the timing difference in the logs is only ~15s. A setting of 120s would have worked if it could.

Steve

Thx!
Got it to work by selecting "Pure NAT" on "NAT Reflection mode for port forwards"
Although i'm not exactly sure what that means in terms of security.

Will dive into that matter later on, so i know what i'm doing. ;-)