Mmm, you'll probably have to wait for it to fail and check what states are still there. I'd expect it to just re-connect if the states timed out and start to fail.

Sounds like they are getting redirected locally if they see a cert error. Check what cert they are being offered. The details there may indicate what is intercepting the traffic.

@akhuyna It's like I already said that. :)

@SteveITS Since the Netgate 2100 is at the Methodist local church and I support the firewall, this was a real user issue. They access the site monthly to do retirement account contributions for the church employees. Fortunately the login mechanism (once you can see it) requires two-factor authentication. Glad for that.

Like BIOS settings? Not really. It could be an ACPI bug that's exposed by the larger kernel in 25.07 taking up more space. But I'd expect a panic if that was the case.

@Bob.Dig No worries.

Thanks. I had the same issue, kept failing boot verification 43000 files in the config backup directory. After getting rid of those, it upgraded faster than I have ever encountered in the past., I had gotten used to upgrades taking 10+ minutes.

It should still have a default route of course.

Yup more and better logging is coming. However it also looks like there is an issue with the negotiated MRU/MTU value so a fix for that is in the works.

All sorted. SUE..... Turns out ethernet doesn't work that well over a 300m long cable..... Interesting though, the RJ45 Cable Tester did work so that was a bit confusing. Anyhow, good to know for the future and all sorted now.

At that point it might prove helpful to configure a serial console output and hook up the serial port to another pc running some terminal software with a big scroll back buffer. It might give more insight than fans spinning at boot. p.s. Strange as it is, I do suspect power issues, its a good way to crash a system without leaving ANY traces apart from the new boot logs.

@jwright Which device do you have/are running pfSense? If it’s a netgate device, connect to the console with a serialport terminal like “putty”. If it’s a homebuilt pfSense CE, connect a monitor and keyboard. Then you will know if it boots as expected or something catastrophic has happened.

@guardian said in Anyone using pfSense with telMAX ISP (Canada)?: I don't trust my ability to secure it. Not much different than IPv4. You start out with everything blocked and only allow what you want. In fact, you can configure many rules to apply to both IPv4 & IPv6. Here's an example: [image: 1755915116010-9101928c-dd2d-4e58-abe2-d4a68923083d-image.png] The first rule blocks pings and the second allows other ICMP.

Anybody is using Protectli Vault V1410-4 Port ?

Yeah, just to prove it out I ran a simple test. Since I don't have anything I can easily use that advertises mDNS I just turned on Publishing in Avahi itself on 4 firewalls: steve@steve-NUC9i9QNX:~$ mdns-scan + 4860 [00:08:a2:xx.xx.xx]._workstation._tcp.local + 4860._ssh._tcp.local + 4860._sftp-ssh._tcp.local + fw1 [00:08:a2:xx.xx.xx]._workstation._tcp.local + fw1._ssh._tcp.local + fw1._sftp-ssh._tcp.local + pfsense [00:01:21:xx.xx.xx]._workstation._tcp.local + pfsense._sftp-ssh._tcp.local + pfsense._ssh._tcp.local + 1100-3 [f0:ad:4e:xx.xx.xx]._workstation._tcp.local + 1100-3._sftp-ssh._tcp.local + 1100-3._ssh._tcp.local In that result 4860 is in the same subnet as the client I'm testing from. fw1 is the router on that subnet. pfsense and 1100-3 are other firewalls in different subnets connected to fw1. You can see the scan tool is able to see all of them no problem.

@stephenw10 Thanks

2.8.0 has the patched code: https://github.com/pfsense/FreeBSD-src/commit/2abea9df01655633aabbb9bf3204c90722001202

Got it working. I needed to add a virtual MAC in OVH [image: 1755849994302-7f78b61e-b920-4844-9aec-a984ec259bd5-image.png]