All Linux distros won't connect to the net, internal or external.

From internal it could be based on many points here, vlans, firewall rules and and and....

From external it must be over VPN or if you talk about your servers inside of the DMZ it is another point we should now first.

It might be sounding strange, but you should be providing us perhaps with some more informations, that we not have to "digging all out of your nose". VLANs, DMZ, LAN or 2 DMZs, who is doing the DCHP job, if more the than one, were all the others set up as a DHCP-Relay or not?
What is all installed and activated?

pfBlocker-NG Snort & Suricata lightSquid, Squid & SquidGuard Is there another router in front of pfSense? That must be accepting then the private IPs at the WAN, and so on.

Thank you everyone- makes sense but wanted to verify.

@stephenw10
I think you hit the nail on the head, I had recently made NAT changes on the Primary side as part of a setup for testing wireguard and went from automatic to hybrid and broke it by creating a NAT to the CARP address that synced to the Backup. Thanks for pointing me in the right direction.

@stephenw10
Never mind, i gave up the package freeradius and i'll use a freeradius server with my users stored in openldap.

Thank for you help.

mkal

@stephenw10 The above procedure did the job.

It would have been just as quick to backup config, re-install and restore config.

In a high availability environment with hot-swap drives, the procedure would be a great solution to avoid any downtime.

Thanks for the info.

Ted

Sorry I have not updated. I have not been able to get back to the firewall yet, but I am hoping to soon.

@rcoleman-netgate

Duely-noted.

Ah, that will do it. I should have pressed that question when I asked it earlier. Lesson for today.

Good result. 👍

Steve

Probably something in the crypto-routing that is generated by the allowed subnets.

Also remember that Wireguard doesn't add any routing for you so you must add that manually if you need it. Though you're probably using policy routing here.

Steve

If you assign the lagg interface and leave as type none you should be able to set the speed/duplex there and have the members inherit it.
Using DACs can be a problem though as they often don't present any selectable speeds to use.

Steve

@stephenw10 I will try that next. Thanks for the recommendation.

@192-168-1-0 Okay - thanks for that too.

My HH 2K is currently plugged into the 2x analog trunks coming into the house (Bell bonds them within the HH 2K). From there, my only cabled device is a data switch that I have for pretty much everything that is cabled into the network. There is a secondary cable connection, which is coax as I said and that runs to the TV in the family room. For some reason, if the cabled/coax PVR loses power or stops working, then I lose all of the wirelessly connected PVRs. It seems the HH 2K is really dependent on the coax-connected PVR. The Bell support person told me one time it's what stores my recordings (from any in-home PVRs, wireless) and so when I play them back, it comes off of the coax-connected PVR. As I say, if I lose the coax-connected PVR, I have no TV at all - just internet at that point. With the websites I use for watching TV - I almost don't need the "tv service" from Bell anymore. I'm considering dropping it, but I will wait and see what options they offer me to get off of the analog trunks and onto fiber...

@NogBadTheBad @stephenw10 thanks guys! 👍

Then I'm not really sure where you are getting the traffic data from currently. The logs don't record that.
You need Netflow data to see session bytes remotely.

Steve

You can reply here any time. There is no time limit on threads currently.

@stephenw10 Just as a side note: still seeing that phenomenom in current snapshots / dev versions of the package. Install seems fine I guess (no immediate DNS/dpinger problem) but after upgrading/reinstalling the package you'll get it again.