@gritdesigned7930 said in Gui DHCP ISC KEA DNS Resolver all crashed 24.11 reinstall didn't work:

kea-dhcp6.dhcpsrv.0x9ac02a12000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic

You have a "Kea DHCP server for IPv6" configured, but the interface is down.

The Kea DHCP server IPv4 log lines are the normal startup log lines.

My Kea, both IPv4 and IPv6 are up and running on several interfaces. I see only INFO messages, when leases get renewed etc.
And "Write include: /var/unbound/leases/leases4.conf" ...
And "Add record: "iphone-xii-gertjan.bhf.tld. 28800 IN A 192.168.1.35"
Etc.

So like:
/usr/local/bin/php -f /usr/local/sbin/pfSsh.php playback svc restart unbound

Well I would start by just enabling the igmp proxy and see if that accomplishes what you need with the default options.

https://docs.netgate.com/pfsense/en/latest/services/igmp-proxy.html

There are some custom options you can use via a custom conf file if required:
https://man.freebsd.org/cgi/man.cgi?query=igmpproxy.conf

But igmpproxy is best avoided if at all possible IMO. What are you actually trying to do?

@netboy Really not a problem.

Thanks Much. I will give it a try and update what I find but it maybe a few days until I have time.

Thanks Again!!

@bennetbj11 said in PFsense reboots at the same time every day:

Also, as it has been a while the reboot has moved back exactly 1 hour to 03:05 each day now since the clocks have changed.

Any other Ideas? I am lost as to why this device is doing it.

Okay that really is a strange case. Since the reboots moved back exactly one hour with daylight saving i assume, then the cause has to be external. Since the hardware/pfsense clock moved with daylight saving, then the reboot should remain at 4:05 if it was some internal service/timebased scripts or such.

since it didn’t it must be external. So I would look at @stephenw10’s suggestions about power surges. But I don’t think you’ll diagnose this unless you attempt sitting at the console on the box when it happens. Does it throw any errors before hardbooting - fx. No diskstorage found/as in dead SSD/eMMC.

@Master-Henry said in Had PfSense. Had to reinstall. Not getting a connection:

There is nothing on LAN. Blank.

Like at the console in the menu?

Is your client pulling a dhcp lease even?

@netboy I only allow eap-tls auth to my "trusted" wifi network. You could issue the certs and install on their PCs - but not on their portable devices.

What is the point of allowing them to connect to both with their PC.. Why would they switch between the 2 in the first place.

But yeah if its just a psk they would be able to use that on any device to connect. But why would they? This is your family right - tell them use ssid B for their tablets/phones and ssid A for their PC. And don't even give them the psk to be honest. You connect the pc to the ssid you want them to connect too.

Sure they know the psk they could use it on any device they want. That is why you use a more strict auth method on a trusted SSID. I find it highly unlikely they would have the know how to export a cert you installed on their PCs and move it to their mobile devices.

@syorke what part are you not getting that if your rule says only 192.168.1/24 can use this interface with the lan2port subnets, how would 192.168.0.x be able to use it?

You need to allow both 192.168.1 and 192.168.0 - you can do that with a 2nd rule, you could do that with using a cidr of 192.168.0/23 you could create an alias that has both networks in it.. Or you could just make it an any with the "*" like your antilock out rule.

No you shouldn't use a modem vip I created for use on my network.. I posted up a screen shot of my outbound nats - I highlighted the part you should be looking for that downstream network to be in.

@cheleby Were you able to start dpinger via the command line to check the error as @stephenw10 suggested?

@louis2 said in Confused since the introduction of pfSense Plus:

Could I go back

You can install CE and restore your config file if the "config rev" is the same or earlier:
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html

@louis2 said in Confused since the introduction of pfSense Plus:

what would happen when updating the FW-hardware

If the generated NDI changes (based on hardware changes) the license is invalidated.

You should be thinking about replacing it. There have been a lot of bugs fixed since 22.05.

We have nothing planned that would sell at <$100 as far as I know. Really you would be looking at something used to fit that price range IMO.

If you're asking can you run pfSense as a VM in proxmox then the answer is yes. But there are some caveats! It's a more complex setup to be sure the traffic is all passing through the VM. If you have to reboot proxmox you lose your router/firewall. There are lots of users doing exactly that though.

The above got put into action this evening. Apparently it's been 2 weeks already since the last disconnect. Entire outage lasted about 6 s while dhcp renewed and other services refreshed.

Im quite confident this is not a pfsense issue but rather att. I will post a thread on reddit, perhaps someone knows something I don't.

The other option is to reconnect the att provided ONT back into the loop instead of the third party sfp stick. Wait 2 weeks to see if it disconnects too.

@stephenw10 said in netgate licencing and hardware changes:

Nope it would not. The ordering of NICs is not important.

Thank you 😊

@cheapie408 where in your "modem" which doesn't have a public IP.. You mean your gateway, a modem/router combo that you put into bridge mode.. Modems don't get put into bridge mode.

And yeah its possible for them to passthru a different public IP to the client than what it has.. Many of those devices can do passthru, ie bridge mode and also still do nat for devices connected to its other ports, etc.

Have seen this a lot in business deployments of comcast/xfinity.

Rebooting switches wouldn't have anything to do with it - other then the interfaces would cycle if you rebooted the switch, do you have a switch between your isp device and pfsense wan?

Probably a temporary connection failure. Try making a manual backup and make sure it appears in the backup list.

For whatever reason the system alias TAILSCALE__NETWORK is not being populated so the firewall rules cannot be loaded.

So if you replace those in your firewall rules with the actual subnet it will then be valid and load.

Did Protectli ever get back to you? Is it resolved? Im curious because I have a similar issue with my hardware. I have it sitting at the BIOS screen to see if it may be hardware rather than software based.

Thanks!