Yup, what I missed here is that whilst it's not hitting the default block rule it's in fact also not hitting your custom rules. It's actually the hidden block all v6 rules that are added when you unset 'allow IPv6'.

@dennypage Hasn't been a problem.

loopstats.jpg

@maximushugus

I tried to compile pimd for actual FreeBSD15 current, however I am facing issues which I can, given my limited knowledge of c, git and pimd internals, not solve.

At least I did not manage that up to now despite significant effort.

starting a tool like ^script^ and then compiling the source etc, you can see the warnings and some errors in the script generated file. In the file warnings and an error

related to e.g. not longer supported macro's and and a fatal error related to ^man^ which should be an absolute path
I tried to fix the ^man^ error using ^ConfigureOptions="--mandir=/usr/local/share/man",

That does remove the error but not in such a way that there are man8 packages in the stage directory / distribution file or package.

For that reason I did build a package without man files, and installed that pimd package on actual pfSense plus version.
It does not work. Main problem it can not find the interfaces see pfsense systemlog

I would have prefered to test on a fresh pfSense system, however netgate does not make an iso available :( I do not like that, however I do understand netgate!

Troglobit has a significant newer pimd version ^pimd-dense^ which can perhaps been an pimd alternative.
I do not know the difference in functionality!

So ^we have a problem^ !!

Some options:

support from someone with higher c and git knowledge able to solve the actual warnings and man issue in the code try to compile pimdd which because more recent probably has less compile issues and perhaps even has a freebsd ports creating a couple of VM's with the media player. One for each VLAN which needs media files

@zikou Please follow this: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

@Cabledude FWIW leaving the dashboard open is also going to log every HTTP request for updating said dashboards. (disk writes)

Watch your CPU usage without the dashboard open, and while you make the DHCP changes (e.g. "top" command line).

Hi all,

I realized that I did never get back here and tell you how it went.

I did run on the old hardware for a while until it got unbearable. I than thought to go back to test different things suggested here, but when I started the new firewall again, everything just worked. All interfaces was there etc. I have now run it for several months with no issue. And the problem with the VPN that went down on the old firewall, is also solved, so it must have been too slow hardware. My thought is that it did need one more reboot(?) Maybe an update to get all drivers working or something?

@Gblenn said in New hardware - not working with config from old hardware:

I have been thinking about Sophos HW to use for my firwall and as far as I understand there isn't anything "special" about them. Except the SSD that might be locked from installing anything else on it (but thats apparently simple to get around?)

Yes, I actually did not even test to install PF Sense on the current SSD. I just installed a new SSD. And yes, it seems to be just an ordinary computer with many NICs.

Thanks for the useful info.

Mine was expired 150 days ago, but according to the info above, i've just renew-ed.

@stephenw10 unfortunately I had not saved those off but to me as I recall they were same.

In the mean time I built a new instance with 2.8 instead of upgrading old and built it on the OMV UEFI instead of bios. Fingers crossed.

If it dumps again I will use both logs next post.

Thanks.

@Seeking-Sense said in How do I enable IPv6 traffic on VLAN for IoT Matter traffic?:

@dennypage
…
Do you have any experience with the Tapo switches?

I don’t have direct experience with Tapo. However I do have experience with Kasa, and I can attest that TP-Link goes out of its way to push / force you onto cloud services.

@stephenw10 I don’t have control of the panel but thanks for asking as I can open a. Support ticket with SPAN.

tried to upgrade my 2.7.2 to the new 2.8.0:

Before, i backed up my configuration (always make a backup before) Confirm update / upgrade After rebooting, it was working, still showing version 2.7.2, but I think it was not the same version anymore, because i was unable to upgrade any packages, showing version mismatch. Downloaded fresh new instalation 2.8.0 and installed using a pendrive Installed and configured the interfaces. Recovered the configuration file. (from web interface) waited to reinstall all packages everything working fine, new version 2.8.0

Indeed, I have to consult the community on how to configure the captive portal, too.

Sounds like you might want/need to set 'do not wait for RA' in the dhcpv6 client settings on the WAN. Otherwise you will only see it connect after the ISP sends an RA and that can vary a lot.

I got it now. Thank you very much.

@bmeeks

i just adapted my config as you advised. Many thanks, again

@johnpoz said in Specific website access.:

when you leave off the www. is when wrong cert is presented

Could be worse...we recently got referred to a new small client having (among other things) email problems. Their email provider AFAICT deleted two email accounts on them, the webmail link on the provider's web site uses HTTP and displays a different client's home page (including a button to request restroom access...??), their actual webmail URL has a mismatched cert, there is no encryption available on the POP/IMAP email connections, etc., etc. Also the same email provider was "out of town on a job" so took a week to respond to emails and voicemails. But, ya know, they are not quite sure about moving email elsewhere.

Also the same client has been paying a different IT provider "for four years" for Microsoft 365 Apps, yet has Office 2021 (perpetual) installed on his PCs.

Just venting. Carry on.

Indeed, only Plus is supported in Azure.

@stephenw10 Oh, maybe I misread the thread I thought it wasn't sending the alerts. I'll give it a try once I have my LAN smtp server setup.

@johnpoz said in Is it possible to determine the internet speed at the router (netgate 2100)?:

You should order one and give it a go - let us know how it turns out

No way! I like my netgate 2100.

Witth the great help from this forum, I was able to configure 2 VLAN kind of setup WITH dumb switches (not managed).

@dennypage helped me to setup NUT as well. Thx Denny!

I only hope netgate comes with a similar product for prosumer along with 8 port POE++ switch etc just like ubiquiti. My understanding is netgate farms out hardware and is not manufactured in-house. Netgate needs to up their game !

Then I would still be looking at the actual packet captures in Wireshark to see what's not passing (or being sent).