So I had a very similar scenario last week - PFsense would nicely close the PPPoE connection (3 or 4 times over a couple of days) and then take ages to reconnect. My ISP (Aquiss) got OpenReach out to check the Fibre and everything seemed to check out fine, though they reported they could see rather more drops than just the 3 or 4 I could see - 18 or so - no further issues since though. So I think the connection was dropping, but only a few times it was long enough for PFsense to give up and shut up shop? However, the other end of PPPoE link (run by OpenReach?) would stay up longer and we had to wait until it timed out before Pfsense would reconnect? I've since added the Gateways widget to my Dashboard and replaced the monitor IPs with something further down the line - as ISP provided gateway didn't respond to ping - [image: 1627999309109-056ae178-4059-4e09-a5e1-eba95bb921fd-image.png] Can't seem to get the IPv6 address to respond (though IPv6 is running fine). Noting that I assume I've got a reused IPv4 address as my firewall is repeating blocking an attempt to connect on port 500 (IPSEC VPN?) from some other address! Bottom line - my problem has disappeared for the moment, - so either fixed by re-seating of cables during OpenReach Test or some other hidden change - but if it's some random issue...

That just looks like the same crash. It happens at 'configuring firewall'. Do you have any odd rules that might apply to the pfsync intercace? Floating rules for example? Does the 'infinite dashes' appear differently to this? Steve

@viktor_g thanks, but how do I know if the above alert is an actual issue and needs fixing.

@diyhouse said in How to check Download Speed: with a old (firmware upgraded) BT/Huawei FTTC Modem Is that 'firmware upgraded' as in unlockled? In which case what is your actual line sync rate? I'm around 250m from the cabinet and see ~72Mbps sync rate but that gives a 67Mbps line rate. # xdslcmd info --show xdslcmd info --show xdslcmd: ADSL driver and PHY status Status: Showtime Retrain Reason: 1 Last initialization procedure status: 0 Max: Upstream rate = 12142 Kbps, Downstream rate = 71580 Kbps Bearer: 0, Upstream rate = 12127 Kbps, Downstream rate = 66999 Kbps Bearer: 1, Upstream rate = 0 Kbps, Downstream rate = 0 Kbps Link Power State: L0 Mode: VDSL2 Annex B VDSL2 Profile: Profile 17a TPS-TC: PTM Mode(0x0) Trellis: U:ON /D:ON Line Status: No Defect Training Status: Showtime Down Up SNR (dB): 8.1 13.0 Attn(dB): 13.7 0.0 Pwr(dBm): 13.9 3.0 Though I note my upsteam sync is in the toilet today, for some reason. That translates to about 62Mbps measured download. Steve

@chudak said in CE paid version ?: I will consider donating to the FreeBSD Foundation Always an option. pfSense wouldn't exist as it is without FreeBSD.

So you're asking here how to restore a 2.4.5p1 config from some other hardware into a VM? Firstly I would exit the config to correct the interface names inclusing the VLANs because doing so manually is painful. Secondly when you restore the config it will revert the repo setting and pull in packages from 2.5 which is probably what you're hitting. Restore the config with the WAN disconnected so it cannot do that. When you get the notice that it failed to install packages reconnect the WAN, reset the package repo to 2.4.5 deprecated again and manually install the packages. The packahe config will be retained. Steve

Did you have pf enabled in FreeBSD? If not try enabling that or disabling it in pfSense. That is what throttles throughput ultimately if nothing else is. Steve

Hi Stephen! Hmm, not sure why it would be showing that unless it's losing sync maybe? I guess it is something like that... I will check if I can find somewhere where I can ask what that message means exactly and what can be done about it... I do have another device which is originally meant for a raspberry PI but can be used serially if I have the right adapter (it has TTL signaling) which I don't right now... I am quite curious to see if the problem will be present with it once I have the proper adapter. I expect it to appear as a GPS source though unless you have it configured as PPS only? No, it configured as a serial GPS, I am not using the PPS configuration. Once I used the port specific system tunable it went from not supporting PPS to supporting it without doing anything else... It would be nice if the value of that system tunable would be modifiable from the serial GPS settings because that's the only way to get PPS working for a serial GPS I think.. I used the port specific system tunable because I think system tunables get backed up in pfSense backup while modifying loader.conf.local would not have been backed up, am I right? Unfortunately my own serial connected GPS seems to have failed so I have nothing to compare it with directly. No time to investigate it. No problem, thank you very much for your help, with your help things went from totally not working to mostly working.. If I find a solution to my latest problem I will let you know.. Thank you! Nick

If you're using PPPoE you should be able to use the process in the doc pretty much exactly. By default I expect the Draytek to be in bridge mode so you only need to create a PPP interface using that as parent and it will work. Then assign the parent interface, re0 unless you have other re NICs, additionally and use that to access the modem management. There should be no need to add a bridge. And I would use hybrid OBN mode as I said. Steve

@mikeinnyc I'll get a trusty Intel The em(4) driver supports Gigabit Ethernet adapters based on the Intel 82540, 82541ER, 82541PI, 82542, 82543, 82544, 82545, 82546, 82546EB, 82546GB, 82547, 82571, 82572, 82573, 82574, 82575, 82576, and 82580 controller chips: Intel Gigabit ET Dual Port Server Adapter (82576) Intel Gigabit VT Quad Port Server Adapter (82575) Intel Single, Dual and Quad Gigabit Ethernet Controller (82580) Intel i210 and i211 Gigabit Ethernet Controller Intel i350 and i354 Gigabit Ethernet Controller Intel PRO/1000 CT Network Connection (82547) Intel PRO/1000 F Server Adapter (82543) Intel PRO/1000 Gigabit Server Adapter (82542) Intel PRO/1000 GT Desktop Adapter (82541PI) Intel PRO/1000 MF Dual Port Server Adapter (82546) Intel PRO/1000 MF Server Adapter (82545) Intel PRO/1000 MF Server Adapter (LX) (82545) Intel PRO/1000 MT Desktop Adapter (82540) Intel PRO/1000 MT Desktop Adapter (82541) Intel PRO/1000 MT Dual Port Server Adapter (82546) Intel PRO/1000 MT Quad Port Server Adapter (82546EB) Intel PRO/1000 MT Server Adapter (82545) Intel PRO/1000 PF Dual Port Server Adapter (82571) Intel PRO/1000 PF Quad Port Server Adapter (82571) Intel PRO/1000 PF Server Adapter (82572) Intel PRO/1000 PT Desktop Adapter (82572) Intel PRO/1000 PT Dual Port Server Adapter (82571) Intel PRO/1000 PT Quad Port Server Adapter (82571) Intel PRO/1000 PT Server Adapter (82572) Intel PRO/1000 T Desktop Adapter (82544) Intel PRO/1000 T Server Adapter (82543) Intel PRO/1000 XF Server Adapter (82544) Intel PRO/1000 XT Server Adapter (82544)

@starcodesystems said in Envoy Proxy: Envoy Proxy I'm not aware of anything at this time. Is there a feature request open for it? I'm not seeing one here. You can open one with reasons for including it etc. Steve

This install is now working again after re-running the initial setup wizard. Quite how a reboot can get the system into a state where nothing works is quite the question....

@noplan said in PFsense 2.5 RC OpenVPN/ExpressVPN problem: @trikki69 said in PFsense 2.5 RC OpenVPN/ExpressVPN problem: so your problem is now solved with this added this to my advanced custom options within the OpenVPN client setup: ;pull-filter ignore redirect-gateway; brNP Yep - works great now, no thanks to ExpressVPN support.

What are you looking for exactly? If all you want to know is the source IP, log is fine - if you actually want to look at the payload of what is sent and received you would want a packet capture... Long term storage of packet captures is not all that simple..

@daddygo said in help with centralized control: Hello, Well, there is only "HA conf." that can stay in sync, but it's a good question anyway(!), because there is no such thing like "pfS cluster with central MGMT" I would say ,at every point, every FW (firewall) is unique, but there really can be a situation where you need to clone a system - pfs to pfs to pfs, etc. BTW: this could be a smart question, don't know :) Hello, thank you, I agree with the point that each point must be unique, however, there are common policies when the company has distributed branches that all must comply with. Let's have the idea or the example that suddenly we are going to give permission so that they can use a ZOOM for a webinar and only for one day 50 branches should be given permission ... that's what I want to get to.

HAProxy can pass FTP using TCP mode but not with host-header matching like that. You can only do that with http, ftp doesn't send that information. Steve

Update: issue resolved. Found that it was my anti-virus causing the issue. Once I put an exception for the IP of the SG-1100 I was able to get to the page and log in. Probably due to the cert that is automatically generated by pfsense that my anti-virus didn't like.

@pfnow I have a Phillips AndroidTV and dug into the network traffic a bit. With the above setup the multicast and unicast traffic passes fine through the networks. But when the Youtube app on my pixel phone tries to open the Youtube app on the TV a 403 Error is returned which is I think the cause why the TV is not being shown in the list. I think like @wrightsonm said, the Chromecast possibly only allows casting from the local subnet. I'm thinking if it may be possible to bypass that with NAT, but I haven't tried that yet and I'm a bit reluctant since I want to avoid NAT as much as possible and find a better solution. Unfortunately I haven't yet found if my TV has this src ip restriction and since @JacobS successfully casted with this setup that restriction may not be a standard chromecast thing.