I understand, thank you for the details and fast reply.

@stephenw10 @johnpoz thanks!

@stephenw10 I might have to reformat the micro HDD it’s one big zfs parition

@war6000 while that would most likely stop the logs you were seeing. It would prob be a more logical to set your ip to say 192.168.100.2/24 and then if you want to talk to 192.168.100.1 to access say your modems status page you would be coming from 192.168.100.2 vs your public IP on that interface hoping the modem answers, etc.

vip.jpg

states.jpg

It's this: https://redmine.pfsense.org/issues/15411

Running an OpenVPN client in pfSense connected to some commercial provider does nothing to protect wireless traffic between clients and pfSense.

Running a client in AP also doesn't protect the wireless traffic and would prevent pfSense seeing the traffic.

If you actually want to protect the wireless traffic you would need to run the VPN client on the end point client devices directly. But you shouldn't need to do that unless you have an ancient AP that only supports WEP!

Steve

The 4100/6100 bracket fixes to the device using specific mounting holes in the side. The 1100 doesn't have them so you'd need to do some work to it just to allow it to hold it. A shelf or something custom would be better IMO.

Thank you @Konstanti for pointing to the relevant part in the source, as a quick remedy, I changed 5 of the ips to a /29 as other type of alias, and now it stays running.

However I am clueless on how IGMP is supposed to function, is it actually worth anything when using IPTV app's on smart tv's like ITV player, iplayer, channel 4 etc. or is it just for specific types of TV broadcasts?

Since turning it on there has been some activity from the TV in question, and my one plus 8 pro phone despite having no TV apps installed is now sending IGMP packets.

It also is spamming this which is the TV IP.

The source address 192.168.90.119 for group 239.255.255.250 is from downstream VIF[1]. Ignoring.

Ok i worked it out
first enable 2-Step-Verification
then go to
https://myaccount.google.com/apppasswords
and create a password

@stephenw10

Basic setup, I changed the portal to no Authentication and enabled it on the VLAN 30 interface.
I wrote two words in the terms and conditions section.
and under Firewall - VLAN 30 interface, I created a test rule to allow all traffic (Any, Any) on that interface.
I tried to assign VLAN 30 to a physical port on the PFSense just now and that did not make a difference either.

For web browsers, I tried Chrome and Edge, with and without incognito, after a hard cache reload, and after a restart.
I also tried a Pixel 7 and a Samsung S24+ Phone (Connecting to the SSID for VLAN 30), same issue.

I just tried to ping google.com in windows cmd and it returned the IP address for google, but the request timed out.
Is it safe to assume DNS is good up to this point?

Edit: I just got the portal to pull up on my phone, The changes I made were as follows:

1- Assign the VLAN-30 a physcial port on Lan 3 for testing. (Test portal, Test failed)
2- Update the PFSense from the previous stable build to the most current one. (Test portal, Test failed)
3- Disable DNS Server Override (which shouldn't be related but it was mentioned somewhere in the wild). (Test portal, Test failed)
4- Reboot.
5- Test portal, Test Successful.
6- Enable DNS Server Override. (Test portal, Test Successful)
7- Assign VLAN 30 to the original port I expected it to be on. (Test portal, Test Successful on hardwire)
8- Test using SSID, Test successful.

For testing sake and knowledge,
I'm about to restore a backup that I had yesterday before the update and test again. I'm wondering if it was an issue related to the previous stable version.

Edit 2: I just realized that restoring a backup does not revert the release, I will test with that backup anyways since I already know it was bad?
I'll update shortly after it's done.

Last Edit:
Under Services>DHCP>VLAN30 Interface>Server Options>DNS Servers:
I had these pointing to google DNS servers.
Of course, since there is CP and it has to be passed before connecting to the internet, the clients never reach out to the DNS server and in turn breaks the CP connection.
Clearing these fields resolves the problem.

This was on me, I apologize about it.
Thanks for your help @stephenw10 -!!

@TJS well out of the box pfsense would you a self signed cert that you would have to make an exception for. So you would have to add the exception

example using firefox

I have my own cert, that I trust - but I don't have this IP of pfsense listed in the san, so its not trusted

example.jpg

@reberhar I have 4 pairs of HA/CARP pfSense units and 1 stand alone.

9 pfSense units, plus other servers at these locations that occasionally send logs in this manner.

@spotlizard said in New Pfsense install results in greatly reduced upload/download speeds:

They had taken the modem OUT of Bridge mode. A normal reset doesn't change this, so their tech must have done it in the background as part of their troubleshooting. Once I changed it back and restarted Pfsense I saw a significant increase in performance.

Wouldn't this have been visible in the pfsense dashboard? Your WAN IP would change to something very different than the public IP normally showing up there... probably a 192.168.1.N subnet?

@klubar That issue has been fixed in recent versions. I suggest simply reinstalling the latest version on it first, then restoring.

@azizth said in Unexplained Behavior on a Network Interface 192.168.1.2:

Moreover, PCs in the Administration network, when configured with DHCP, have no access to the network

The show use and yourself why ?!!

ipconfig /all

and you see everything about the lease : the IP, the gateway which must be 192.168.1.2, the DNS that must be 192.168.1.2 etc.

Just for my own curiosity why 192.168.1.2 and not 192.168.1.1 ?
192.168.1.1 has been tested by millions, and doesn't need any thoughts.
Changing it to 192.168.1.2 is like opening a can of worms, which isn't a big deal, but look again, you can't see the bottom of the can.

SWAP is used to store crash reports. Have you seen a lot of crashes?

Otherwise what packages are you running? The load averages look pretty high.

Steve

@jim82 said in Localhost IPv6 added as resolver after 24.11 upgrade:

it's a viable option

But limited in time.
I'm like everybody else, I saw IPv6 coming, and thought back then (early 2000) : "wow, that's something my kids have to deal with, IPv4 rocks, works fine, and I've other things to do".
Now, its 2024. Every OS on planet earth will use initially IPv6, and if that doesn't work out, it will fall back to IPv4 if available.
Read again what I've just said. For every connection that is created, this decision step is taken.

True, not every ISP offers a IPv6 connection. Lets presume most do now. And if they do, chances are the connection is pretty broken in the way they implemented it "not as it should be". (RFCs are clear, but they are like us : don't want to learn new things, and, it costs them $€)
We've seen this already happening ones, when IPv4 went mainstream for 'everybody', when ISPs were created. It took a decade or so for IPv4 as a connection method became a no-brainer. These days, it works out of the box, with much knowledge needed.

Anyway, if you can, make IPv6 work. deal with it now. Our kids have already enough problems to deal with, like flooding, overheated planet and so on 😊

@jhmc93 said in Plex through surfshark wireguard pfsense vpn:

@Patch pfsense doesn’t have a WiFi device to broadcast WiFi. Pfsense is a side step as it also ran off a power line network plug for just my media servers, so I narrowed it down so when I connect to my isp WiFi my Plex shows indirect connections but if I join my VPN program through my laptop it goes back a normal connection.

Yes, that ^ otherwise what is the point of having pfsense at all?
If you are looking to improve network safety/security and perhaps add more functionality, you really need to move everything over to be on the LAN side of pfsense.
Right now you are just making life difficult for yourself.

The best, and also cheapest solution would be if you can connect pfsense directly to the incoming cable (ISP WAN cable in pfsense instead of ISP router). Then turn off DHCP in the ISP modem, and connect one of it's LAN ports to pfsense LAN. This turns it into an AP and you are good to go...

Otherwise check if the ISP router has bridge/passthrough mode. If not you need to place pfsense in a DMZ, which the router probably has.