Hmm, pretty much identical. 😕

You need to policy route clients via the VPN gateway. So first add static leases for the clients so they always have the same IP addresses. Or if you have different subnets for those clients just policy route all traffic from the subnet.

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

Ha, well that's a good outcome compared with some obscure hardware incompatibility. 😉

While this is an old topic, for anyone struggling to get Huawei modem to connect in CDC ECM mode using NDISUP command, the problem is it will ignore those commands sent to cuX serial devices. They need to be sent using the WDM interface, which Linux exposes as cdc-wdmX, but FreeBSD does not.

A workaround is to use a usbconfig command and send that command directly to the device. I explained my findings here: https://dawidwrobel.com/journal/initializing-lte-modem-using-raw-usb-communication/

@stephenw10 said in Bridge mode static IP config vodafone HFC:

Well if the ISP are charging for it and you ware paying then I would want to see it.

100%, if it is something like this which they charge €15 for... https://www.vodafone.es/c/empresas/autonomos/es/vodafone-para-tu-negocio/servicios-one-profesional/ip-fija/

But for regular home use, or even small business use, why pay that money? Unless it would otherwise change frequently and create regular interruptions, it really doesn't matter.

@borjaevo Perhaps a long shot, but which port is pfsense connected to on the modem? Sometimes in Bridge Mode it's only one of the ports that provide internet, likely port 1.

@McMurphy Excellent, glad it worked. @stephenw10 was of course right on the money too, and faster then me :).

Thank you all for your comments.

Not sure what I did, but Firefox stopped complaining.

You can speed up mounting root by changing the value of kern.cam.boot_delay in a custom loader value. But some systems require that delay to allow the root device to become active.

The WAN setup should be quick unless it's waiting for something. Usually that's DHCP but not if it's set static. Do you have it set to dhcpv6 with no v6 server present perhaps?

@andrerochedo Thank you

You can try to resolve those fqdns as an alias and use that in policy routing. However there's a good chance they resolve to numerous IP addresses. Especially for something like that where anonymising the traffic may be important. They may6 not respond to ping but they do resolve. YMMV!

@stephenw10 just saw that thx,
"By default, the M.2 SATA drive will then be the first drive recognized by pfSense" that's good :)
Thanks for your help!

@stephenw10
Thanks for looking at this and helping me out, when i restarted the states, and toggled some firewall rules after testing with packet capture, it just randomly started working.

ive rebooted a couple times and changed things around and it seems to be good for now, not sure what caused the issue however, but i think i should be good now.

Thank you again for the help.

@stephenw10 said in VM access in LAN pfsense from home network:

add the routes to the Orange Pi directly

Okay, thanks for the idea. initially, I tried to add a path to the router itself, but I did not find such an opportunity. I'll try your idea tomorrow. Thanks for the quick replies, have a nice evening!)

@stephenw10 said in Pfsense 2.6 : Google Map picks last known location:

in some database somewhere

multiple dbs I am sure.. There are a few public ones you can use as an example

https://wigle.net/

It is an interesting problem sure - but its not pfsesnse manipulating your location info ;) I wish it was that simple - then I could easy use my pc for making bets vs having to do it on my phone ;)

Back on Plus - thank you @stephenw10.

Given I do not really mess with my firewall much, this should be stable for a while as long as I do not change any hardware. It would be neat if the NDI did not change with simple hardware changes. I get it, but man alive, I hope I never have to change anything. Time will tell.

Cheers,

I also experienced a disappearing P2. Unfortunately, it is hard to say what triggered it because the other side has been down for 5 months and just became available again. They just brought it back up and I expected everything to connect automatically but it didn't. So I looked into what could cause it and found the P2 missing. In that 5 months where the other side was down, my side had a hard drive failure and restore from autoconfig backup. Also, in the config history, wireguard has been automatically spamming the config history so I only have one day worth of true backups (but 30 copies of virtually the same thing thanks to wireguard).

I was able to find and decrypt a much older config manually, view the P2 XML, and recreate the P2 manually.

@xmacj Perhaps the remote side didn't like something about your original ip address.

I have an ecobee premium (upgraded by ecobee due to wifi issues on a ecobee 3 lite - data drop outs, morse code).

No wifi issues (it's bound to 2.4ghz band). But it does like to phone home to amazon every 50s. None of the amazon features are enabled, but it still insists.

To mitigate this, 2 different measures are in place. On the dns side, only requests to *.ecobee.com are resolved (adguard home). All others return 0.0.0.0 .

On the pfsense side, amazon asn is blocked for this device just in case the dns filters are off (sometimes happens during testing).

@alfredo IIRC this is a FreeBSD issue. I get similar error on my FreeBSD machines in ESXi 7. Does not happen very often but a few times daily. Has never caused any real issues.

Have you tried changing the VMware SCSI controller to LSI SAS instead of VMware Paravirtual? I have read that this can help. I have done so and the LSI SAS machine still has some of these errors.

Cheers,

@stephenw10, that's what i was hoping for! thank you!