@michael_samer said in 22.05 Net problems after upgrading (SG3100):

In the "drop packet/Connection loss" case I get a new IP everytime the connection is lost which is very dubious in itself.

Hmm, yeah that seems very odd. Like it sees a new MAC. Hard to see how that could be the case though.
The NIC link status is logged in the main system log only.

So DynFi, in your setup, just runs commands over SSH remotely? Not that then.

Steve

@keyser The videos I have seen show connecting two pfSense interfaces to the UDM. One to the UDM's WAN port and one to a UDM LAN port to carry the trunked VLANs. It's an interesting concept, but you lose all the netflow data - at least on the UniFi network controller dashboard.

Thanks for your suggestion. I'll experiment with it when the 6100 gets here today. I can always run them independently with their own public IPs assigned via DHCP from the AT&T gateway until I figure it out. I am mainly curious to see what others are doing with their UDMs. Thanks again.

@stephenw10 yep I saw your posts in other questions and I knew the ARP was working the gateway was working too but the problem for me was my ISP Gave the IP they gave me to someone else and didn't update their Sheet of IP's they have.

Everything is been working fine for a the past few hours. they are giving me till Friday to verify it works properly.

@psp

28 Days 22 Hours 38 Minutes 45 Seconds

Freaking power company had a planned outage that was scheduled for like 4 hours, which is well beyond what my ups can handle, so had to do a shutdown :(

It only ended up being like 2 hours, maybe could of made it through - but didn't want risk a hard down.. But yeah that killed my uptime, before it was since updated to 22.05 when it came out.

thanks for the quick reply Steve. I will give it a test as soon as other users are left for the day.
William

@stephenw10 I will talk to them about it. Thank you Sir !

Apaar

Yes, but not in the same way. Depending on how the 'modem' is setup you may be able to access it without doing anything since it's now in the traffic path (no ppp encapsulation).
However you may need to add an IPAlias VIP in the modem subnet to WAN and add an outbound NAT rule on WAN to catch the specific traffic for the modem and translate it to that VIP. That way the modem has a way to respond to queries coming from inside the firewall.

Steve

@saggittarius

c9b53244-f0ab-4931-8b76-7891a29f30ef-image.png

Who is 10.0.10.1 ?Is this your pfSense LAN interface ?
Unbound listens on the LAN interface ? It does so be default.
LAN interface firewall rules do not block port 53 TCP & UDP ?

Hi Steve, thank you again. The Netgate support have been brilliant and very quick.

I set the Draytek 130 and the the Netagte 2100 was setup as PPPOE and very was straight forward. Now adding pfBlockerNG to block ads and types of categories.

@stephenw10 that’s great to hear. Once again thanks for providing good info. Appreciate yah !

@stephenw10

Correct, I have seen this multiple times. I had to rebuild the unit, and re-configure OpenVPN on all users. Very annoying. It literally just loads pfsense and text very quickly, then flashes to the black screen. I get it on some 11th Gen and 12th Gen CPU setups. Even if it does work, the interface is laggy like crazy. I will try to video it tomorrow. Thank you.

Hmm, that's an unusual use case!

Can you see the Radius server responding as expected when the quota is exceeded?

Steve

Thanks! I have PFSense running under a VM on TrueNas Scale, and it works great. Not the ideal setup. It has plenty of horsepower, disk, & memory on the Scale Server (probably WAY overkill).
For the price of that little guy might as well try it out. If it doesn't work out, it goes back. I did find out the NIC's are Realtek, and I'll beat it up to see how it performs.

It looks like it's mentioned in two places. One where it's disabled for a list of MAC types:

if (sc->re_type == MACFG_68 || sc->re_type == MACFG_69 || sc->re_type == MACFG_70 || sc->re_type == MACFG_71 || sc->re_type == MACFG_72 || sc->re_type == MACFG_73 || sc->re_type == MACFG_74) { //Disable Giga Lite MP_WritePhyUshort(sc, 0x1F, 0x0A42); ClearEthPhyBit(sc, 0x14, BIT_9);

And the other where it's disabled unconditionally in the setup function for the 8125:

static int re_ifmedia_upd_8125(struct ifnet *ifp) { struct re_softc *sc = ifp->if_softc; struct ifmedia *ifm = &sc->media; int anar; int gbcr; int cr2500 = 0; if (IFM_TYPE(ifm->ifm_media) != IFM_ETHER) return(EINVAL); //Disable Giga Lite ClearEthPhyOcpBit(sc, 0xA428, BIT_9); ClearEthPhyOcpBit(sc, 0xA5EA, BIT_0); cr2500 = MP_RealReadPhyOcpRegWord(sc, 0xA5D4); cr2500 &= ~RTK_ADVERTISE_2500FULL;

Neither has any sort of external config dependency so it doesn't look like you can choose.
And it looks like it's always disabled in the 8125.

Steve

@stephenw10 Oh my God, you're right, I just couldn't see it, on Monday I'll change the port to 636, I'll update you, thanks so much for your help.
Greetings
Domenico

@johnpoz said in I don't think PLEX is connecting to plex.tv:

If its in AP mode why would your client be trying to ask it for dns?
You should be asking pfsense for dns 10.0.0.2

Well, when you put it that way, It's obvious what's wrong. HA! HA!
I feel like I should have caught that.

I changed the DNS server setting in ProxMox to the correct IP and everything works as it should. It was a setting that was left from the old router. I actually tried to have those two IPs the other way around when installing pfsense, but ran into issues.

I still don't know why this caused playback errors for transcoding, but it all works now.

Thanks so much for all the help.

PPPoE is effectively single threaded so it's probably hitting a single core limit:
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

Though at 5% total that would have to be a lot of cores! What CPU is it? What NICs are you using?

Setting net.isr.dispatch to deferred as shown in that doc will help though.

Steve

Well if you can do a test to make sure it will actually solve the problem first that may be worth it then.

@stephenw10 Thanks Steve! Everything is ok now. I've built a new image and restored my backup. Yeah you were right guys, it took at least 40 min to reinstall and update packages in the background. I wish I can monitor all background processes, to be able to understand what is happening behind the scene.

@brianmaimo said in pfsense "vm_fault: pager read error:

vm_fault: pager read

That's a very generic error. Do you have a crash report?

Any other errors logged?

Steve