@stephenw10 I was able to figure it out.

There was a problem on my Netgear switch. Old MTU and VLANs were not removed.

You don't have to put the modem in bridge mode. But doing so avoids double NAT which is preferred.

In what pfSense version?

It's failing to load the font awesome characters. A force refresh or clearing the cache usually fixed that.

@Gertjan Thanks!

@stephenw10 Straightforwardly, AFAICT (see below). This configuration is translated straight from my working OpenWRT configuration, double-checked, etc. For he.net, hostname and username are the same (the domain to use). The 'Interface to monitor' dropdown only has WAN and my other LAN interfaces, no special separate interface for 6rd.

Even if these details were wrong, I would expect to see something other than 'Couldn't connect to server' in the logs. It seems like there is some deeper issue preventing the DDNS handler from even contacting the he.net server.

Screenshot 2024-07-01 at 9.24.05 AM.png

Screenshot 2024-07-01 at 9.24.12 AM.png

@stephenw10 sdwan company we used for few customers at last gig used the documentation network...

192.0.2.0/24

For the tunnels to make didn't overlap with sites of the customer network.

Do you have a wireguard connection still? A wireguard interface?

If not you should remove (or disable) those rules with that alias in them.

@JKnott COOL!!

@stephenw10 said in Not receiving down emails multi-wan in failover config in 24.03 SG1100:

Wow there's no Ethernet when it's acting as a router? That sucks.

Some other router in between then might be your only option then. Two gateways with the same address is a conflict and can never work correctly. The only exception to that is for PPPoE links because they are point to point connections. Butt even then some things will misbehave.

I think I misspoke; the Ethernet apparently does work when their router is enabled and from some more reading it appears it does use the SL router's DHCP to serve a different IP address range to the Ethernet in the 192.168.1.0/24 set. Ok, yay. In bypass mode, the SL router's DHCP server is disabled and the dish's own 192.168.100.1 address is served to the pfSense. From the dish, so pfSense gets the same IP from each dish.

It certainly does suck, though, because I still want the WiFi completely off. I have my own access points and the SL WiFi will pollute the airwaves with traffic that is useless to me. I'll have to keep looking to see if there's a way to shut off WiFi without bypass mode, so I can keep the SL DHCP server delivering different IP addresses than the dish range. So far it doesn't seem so.

Starlink as a company behaves as if it were founded by a control freak. Strange.

While they have built a groundbreaking and well-functioning service in many respects, their terrestrial consumer-facing engineering seems to be where they assign the unpaid summer interns.

I appreciate your help and attention. Best regards.

Mmm, indeed. If you really need UPnP then lock it down to only known devices.

I ordered two of these and put them in my Netgate 6100 Max with TNSR and they are not recognized. Running 22.10 software. Does it need an update?

Well, after reading the reddit post and seeing this comment - It’s a 10G module, so it won’t connect at 1G or 2.5G - I found my problem. I was testing to a 1 Gig port on a Cisco switch. Moved it to a 10G port on server as a temporary workaround and its up now.

@stephenw10 Given that the interface status is "no carrier" I don't think there is a physical connection to either a host or a switch.

@stephenw10
That's good news. Just don't want the issue to carry over and get in a bind.

i agree with backing up any of the files that are changed.

The openssl.cnf file edits was something I did not see many topics within this forum.

As I was comparing a signed CSR using a customer ICA/CA generated from the pfSsense web UI against ACME, I wanted to ask this question.

The signed certificate has an intended use within Cockpit within a number of server (not connected to the internet). Naturally the environment will have a different CA generated.

While the signed CSR from pfsense works well for Apache, Nginx, HAproxy, etc, other applications were not as accepting. I did add my ICA/CA chain to the server's OS. This lead to me to check out the options in the openssl itself (to see what pfSense uses).

Thank you for the responses. I was going to attempt to edit the openssl.cnf and try that.

@CharlesT so the speakers on the iot are the upstream.. But the speakers are not found via multicast they are found via mdns..

Well that works out for you then I would think you can talk to your speakers from multiple networks.

@JohnUtiu Too bad, we could not find out what was going one with the 15.xxx ip's. Maybe the ntopng community has an idea about it. I will let you know if I find out what was going on.

Notably, the NDI changes when network cards are changed.

@stephenw10

Yes I've seen that on my XG210 Rev2