@Jake-Biker

You'd then have double TCP error correction and flow control, which could really mess things up. The only reason I'd use TCP is to get through a firewall that blocks everything but browsers on standard ports, such as at my local library.

Nice find. Thanks for the follow up. 👍

Do you see the new device on-line in the tailscale web interface?

The only thing I can really imagine there is that the crypto-routing for that new device is not valid so tailscale rejects it. I'm not sure why that would be though.

Hello everyone
In general, the cause of the problems was a physical malfunction of the computer.
I had a second computer that was completely identical to the problem one. I installed pfSense on it from scratch and transferred all the settings to it manually. I haven't installed any additional packages yet. Since then, there has not been a single unplanned reboot, the system is completely stable. It's been over two months. I plan to reinstall the necessary packages in the near future and continue monitoring.

After transferring the system to a new computer, I decided to experiment with the old one.
To begin with, I decided to completely reinstall pfSense with SSD formatting. I booted from the LiveCD and started the installation. I didn't even have time to rebuild the disk, as I received an error and a reboot. I thought that the SSD was faulty (although his SMART is fine), I replaced it with another one. The error was repeated. That is, it's not about the disk or RAM, because I changed it earlier. But in the end, after 3-4 attempts, pfSense was still installed. But after standing on for a while, the computer spontaneously rebooted. Then again and again. No settings have been made yet.
Next, I decided to try installing Windows 10 on my computer to test it. The installation freezes completely after the first step.
As a result, the ideas ran out, the computer was turned off and put away. Maybe I'll throw it away later.

Thank you all so much for your help!

The uboot version is updated during the upgrade process. The current version reports as:

Vendor: U-Boot Version: 2018.03-devel-1.2.0ROGUE2-01.00.00.02+ Release Date: Fri Feb 7 2020

So it seems you already have it.

@michmoor said in What Software for SG-3100:

Will the SG1100 support MIM ?

Yes. And the 2100. It builds for aarch64 just not armv7.

You should be able to install again from the webgui. Then remove it if you want. Or just leave it, the _17 version should be good.

Yup, pretty sure he could do that in his sleep! 😁

It’s a package you need cronjob I think

The ZFS layout changed. I forget exactly when but I think 23.01 was the first version using a compatible layout.

Yes an upgrade requires a reboot.

Yes, you could run it as a cronjob but I would never recommend doing that. You should always review the release notes etc before upgrading. IMO it should always be a manual task.

Ok that looks like you don't have any users defined that have certs valid for the server. Which is a different problem really, it looks like the package installed OK.

Add a cert to an existing user. Make sure it's created against the same CA the server cert is using.

@Gertjan said in OpenVPN - Making it more tolerant to packet loss without re-auth:

Isn't keepalive a TCP thing ?

Actually, it's an application thing and can be over TCP or UDP. IIRC, there is no keep alive function in TCP, only timeout.

Incidentally, several years ago, I tried an experiment. I was in a coffee shop and used the WiFi to set up a VPN. I noticed there was another open WiFi in the area. I was able to switch WiFi, without dropping the VPN. This is a result of using UDP to carry the VPN. So long as the other end is reachable, it doesn't care how it gets there. This is also why, with WiFi calling, you can transparently move between a WiFi and cell network connection.

BTW, that coffee shop was at the corner of Harbord and Grace in Toronto. That other WiFi's SSID was "GraceLAN". 😉

@stephenw10
Thank you I was in the camp with LPD7. Recovered now.

@stephenw10
I feel SUPER dumb. I did a sloppy job by not turning off all of the routing and firewalling capabilities on the old router, and that is exactly what the problem was. As soon as I disabled all the things, casting worked. I'm pretty sure that this wasn't a routing thing though because I only have the LAN port of the wireless router plugged in (and DHCP would have failed), but this router had firewall services applied to the physical LAN ports which had never been used before. Guessing that the firewall services didn't kick in for WiFi clients (which is dumb) and that's why I didn't have problems in the past.

Thank you all for being so helpful and dealing with my ignorance!

@jeffreyhb123
I think its about https://www.ebay.com/itm/234892002874
My friend uses https://www.ebay.com/itm/326267601406 on 1gbit line without any issue, about 5 years already.

@SteveITS yeah concur multihoming is almost always problematic.. If you do need a connection to another network like a backup network or san (storage area network) its best not to set a gateway on that network.

As to the same windows profile firewall problem - I do believe NLA uses the mac of the gateway as mentioned by @stephenw10

One way to change that would be to use a different physical interface for these networks on pfsense. But personally I would rethink the need for multihoming the box in the first place - what exactly are you trying to accomplish with doing that?

My pc is multihomed.. But the 2nd network is just direct to my nas on a network that can't go anywhere other than the other host on the end of the wire. This is my san if you will.. This network is 2.5ge between my nas and pc used to transfer files back and forth. This network has no gateway, because there isn't one that could get it to other networks, and no dns either. This connection is only used when talking to the device on the other end of the 2.5ge connection.

Thanks solved.. but i solved the problem myself .. but you are the winner.. do you have an btc or monero wallet

@SteveITS said in Can't ping OPT1, missing firewall rule?:

@bumzag 192.168.1.100 is on LAN? Then the pass rule goes on LAN. That device’s gateway should be pfSense LAN IP.

Yeah this was it, forgot to set the DNS server for LAN DHCP to the LAN IP. You helped me last May with almost the same issue lol ty again

@ssmax said in Wan Block after reboot:

if I try to enter through GUI via WAN by disabling the console it doesn't let me,

What exactly are you disabling on the console? Disable pf?

What firewall rules do you have on the WAN? Incoming connections are blocked on WAN by default.

@ssmax said in Wan Block after reboot:

I simply go to the WAN tab, I don't change anything. And the connections come back

The WAN tab where? Which page? You don't save anything?