@gertjan That did it! I had issues entering text via the console at first, but I moved the USB cable to another port on my PC and it worked fine. Ran this three times and then rebooted. IT'S ALIVE! Filesystem check: fsck -y / Reboot: /sbin/reboot Thanks again!

@thatguy said in Internet routing stability problems: I'm thinking it has something to do with your ISP. I have almost the exact same problem with a Carrier Grade NAT ISP in my area. Any client I manage that has a pfSense appliance and using the same ISP has the issue as well. It has been suggested before, and when it was, the term voodoo-engineering sprang to mind. Only briefly, until I realized people on this forum are experts, not banging rocks together. So this morning my connection dropped again. I was in an on-line meeting, so I noticed immediately. And I was unable to quickly fix it with the usual release/renew-cycle. So I came up with a second work-around, which seems to work. There is one solution and one workaround. Solution: Call your ISP and request a static IP. You will most likely have to pay more for it monthly. That is a possibility, but my ISP requires me to upgrade my consumer plan to a business plan for that. Not only does that double the costs, it also comes with business terms and conditions that don't need to adhere to all kinds of consumer protections. Next year our village will have a glass fiber network, and I'll kick the cable modem anyway. So I'm not going to commit to a whole year for a new plan. Hopefully the fiber provider will do better. Though I do think this is something we need to understand. What is it exactly what they do to throw off the best router in the world? Are they violating the protocol? And how can pfSense be hardened against that? It seems to be hardened against nearly anything else... Workaround: Make a script to periodically ping the Gateway. Once it fails the script will automatically disable and then re-enable your pfSense WAN. Here is the post on how to create that script. However, I run it every minute instead of every five minutes through Cron. Well, I am a Linux software developer, so this is something I could do, but I'm a bit lazy, so I came up with something else. Something we did 20+ yeas ago, when cable modems and ISPs didn't have their stuff in order: I have taken the DHCP dynamically allocated IP v4 address, mask and gateway, and I have configured it as a static IP configuration in pfSense. That'll teach them! I know they don't like that, and it can cause IP conflicts down the line, but I've had the same IP address for years, so I'm sure I can ride it out until our fiber connection is here. And since they seem to violate the protocol, I'm feeling free to do so too ;-). Anyway; Static configuration brought back my connection immediately, while many release/renew-cycles a moment before did not. So there must be something DHCP at play. I will report back here if the problem persists, but I have good hope, since it cured the problem so quickly.

I would first try copying it from FreeBSD 12.2. A lot of modules will load like that.

SG-2100 (2 days out of box) on latest - 21.05-RELEASE (arm64) VPN OpenVPN Clients Pencil Edit User Authentication Settings Area/block Load the empty password box - just tested it - with the box below unchecked (default) - Do not retry connection when authentication fails That was not it. the box being checked - it was the empty password box. Have a screenshot picture but getting that into this underpowered forum tool is not worth the effort. 1 min exact boot to the OpenVPN fowl up - then about 2:30 to the finished console screen due mainly to what appears to the be GeoIP files being reloaded and placed?

@leemajors said in cant log into webgui: how do i set up console access nothing serious happened https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html miniUSB cable to PC or MAC, etc -Putty or MobaXterm or what you like https://www.putty.org/ https://mobaxterm.mobatek.net/ [image: 1627229868642-969e7547-6ec8-4268-9a9a-2058ce5c18dd-image.png]

@kiekar Well, you need to get some more skills, before we continue... Obviously, you are using Wireshark, which is fine, but you did not capture any VoIP stuff. There's actually a menu for all of that. This is basically a filter for the packets you captured plus something that shows you an outline of a call. Just play with this. Once you have monitored a bad call convert the packets to text and edit your IPs etc, such that nobody can figure out who you are.

@jimp I wasn't asking for help because I didn't collect logs or take screenshots of the errors. I work in support so I know how the game goes especially with no logs; I was just pointing out that weird thinks have been happening in the last few releases that did not happen before like this PHP error that made my filter rules with aliases disappear and so that I could not edit any filter rules at all. Not sure how or why a factory would resolve the issue; regarding DHCP, Unifi is to blame here as they had several DHCP issues when the DHCP server used was non UDM..I'd hold off from upgrading any AP's until at-least the next release comes out. Now that I've signed up for the forums I'll be sure to collect screenshots ands logs to document any issues I experience..sorry I didnt think to do so this time.

@stefanl Same here. Went smoothly.

@jknott The traffic goes through the IPSec tunnel because the networks are defined in IPSec phase 2.

@stephenw10 Answer, hopefully in order... Version is 2.5.2 on the Azure VM and 21.05-RELEASE (amd64) on the 5100s OVPN is site-to-site, pre-shared key, UDP on IPV4 only, Layer 3. On the remote server there is a point-to-site server (for use as a remote internet gateway). It's for travel use but nobody's travelling so there are no connections. Latency is 27-32 ms, WAN Azure to WAN local; 100-130 ms to the other sites from WAN local. I only have one local device so I haven't tried to replicate here. I could spin up a Hyper-V guest but not now, I am currently working on alternative method, most likely a Linux server on the local LAN, running OpenVPN as a server and NAT port forward Linux server. We are up interactively but backups through the tunnels are an issue. Not an expert regarding state tables so I wouldn't know what to look for. I can try clearing the state tables after the trouble begins to see if that reset avoids a reboot to restore WAN performance. Would that provide useful information? We're not running IPSEC now. We were, but IPSEC failed after a recent upgrade. We switched to OpenVPN. I have read that the IPSEC issue has been resolved but haven't switched back. One more observation. We do have a point-to-site server running locally. There is one user, a Synology raid device that phones home and stays connected 24x7. It is used as an off-site backup device accepting snapshot replication and file share backups. It's been running without issues. It seems to be the site-to-site tunnels that are tripping us up, on the client-side.

When you run Squid in transparent mode on pfSense it adds port forwards to the listening interfaces to redirect traffic on ports 80 and 443 to localhost. You can just as easily add those manually and point them at some other IP where the proxy is. If it's on the same subnet things get complex to avoid asymmetric routes. But, yeah, it depends what the clients are and why they 'need' to use the proxy. The cleanest way to do it is configure the clients to use the proxy. pfSense doesn't have to do anything then beyond routing the traffic. Steve

@jimp said in Troubleshooting what caused pfsense to hang: Since that device has a serial console, you should leave a serial client open and connected to the serial console at all times, with the client set to log the output and/or have a large (100k+ line) scrollback buffer while you're looking into the problem. If there is some kind of crash or other error condition it would be printed on that console. When it's locked up, check what is in the console output and see if the device responds to input over the serial console. Try things like using a menu option or hitting ctrl-t to see if it prints any output. If the output just stops and it is unresponsive at the console and across the network, then it's likely hardware related, though that isn't always definite. That's what I thought I should do. I only ever had to use the serial console during pfsense installation but it would be a good idea to keep connected to it at all times and use it when this kind of issues happen.

Yes, do that. Or just paste the diff text into the patch directly. Steve

@marvosa Thank you for the info. EDIT: I think you were right, it was the traffic shaper. I deleted the existing shaper, re-ran the wizard and traffic speeds appear as fast as they should be and relatively stable! Thank you for your help... I'll post an update should anything change, but for tonight, it looks good!

I have ZFS on a gen 1 i3 with 8gb ram. When I switched I did not see any CPU or RAM difference.

DHCP Static Mapping is how pfSense refers to that. But we knew what you meant.