@ClayJones said in Using PFSense and a transparent firewall to create a pure IPv6 network:

ust as a follow up. The firewall idea is working well. It is remarkable how fully fleshed out IPv6 really is. Only a handful of apps or websites don't work.

Exactly. I fail to understand why some are so reluctant to move to it. With some, I suspect it's deliberate ignorance. I've had it on my home network for over 14 years and it just works!

BTW, I remember the days when it was necessary to use a tunnel to get it. I did that for almost 6 years, before my ISP provided native IPv6.

I figured it out!

The DNS resolver with pfSense on VBox is just broken; I switched it over to the DNS forwarder, and it worked as it should have.

@marcosm

https://redmine.pfsense.org/issues/15769

Thanks Marcos.

You mean using two separate public IPs for outbound NAT from two internal subnnets?

Yes, that should be fine if so. You'd have to switch outbound NAT to manual or hybrid mode and add a rule to do it for at least one of those subnets.

Steve

SOLVED:

a very basic issue, non-related to pfsense etc

The Lastpass-Chrome-extension always substituted my username into the field for the bind-user in the auth-server-config. And that could not work.

Now with tests on the shell I figured that out and replaced it with a correct bind-user. Things work now!

sry for the noise

@stephenw10 Yeah, a combined widget with a automatic reboot timer, a rollback timer and such could be REALLY cool.

@stephenw10 Ok, will try today this too. Thanks.

Indeed, I would have expected it to be. I would have tried stopping then starting (not restarting) IPSec if you can. It's possible it still had some part of that config present.

@smokinjo said in Updating pfsense before using as firewall?:

Can I just connect it to the local network and log in? Pfsense will be behind the firewall, but updating things should work fine.

Yes, as long as there is no subnet conflict between the WAN and default LAN (192.168.1.1/24). If your existijg LAN is already using that you would need to set a different LAN subnet in pfSense first.

Yeah I am pretty much an exclusive firefox user, while I do have other browsers, edge and chrome installed. I almost never use them other than odd testing of something here or there.

I only ever interact with the pfsense gui using firefox and have never ran into any sort of issue editing anything.

Currently using 131 of firefox.

@pFence
Did you create redmine bug report already?

I was using outlook with app password and login and it just fails to connect

@mikek DOH! thanks! I thought of that right after I posted but haven't edited yet. how is that ;)

Still doing a lot of learning myself. trying to get involved and posting forces me to thing through these scenarios.

@smokinjo You can restore forwards to a new or same config version:
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html

Restore will prompt you to assign interfaces. Click Save there before you click Apply.

Super easy as long as you have the same number or fewer interfaces on the old router.

Aha. Yes that's because tailscale isn't present at that point but you have assigned it as an interface. But tailscale should never be assigned.

You should unassign it.
https://redmine.pfsense.org/issues/14780

That sounds like the server is blocking those pings from outside it's subnet.

You can confirm that by running a pcap on the interface connected to the server in pfSense whilst pinging from the laptop.

@stephenw10
For the record, the network is today working 100% magically.
I might buy a 3 NIC PCIe card to resolve any potential IP conflicts. Just a guess as the tcpdump was a bit detailed.

@JonathanLee said in Log / routing full of upnp related messages:

Yes does your ip schema still the same

Hmm? Does my IP schema still ?look? the same??

The LAN, where UPnP is enabled has two of the Static IP's (gaming PCs) which in the ACL list (192.168.1.92) and they have the same port range allowed.

The IP's that show up in the log are all from the DHCP range .130 and above.

Yes we are running current now in Plus so you would need to use 15.

And, yes, I can ask but I think there would be almost no chance of Netgate developers getting involved here. 😉

@johnpoz , Thankx....