I figured it out! The DNS resolver with pfSense on VBox is just broken; I switched it over to the DNS forwarder, and it worked as it should have.

@marcosm https://redmine.pfsense.org/issues/15769 Thanks Marcos.

You mean using two separate public IPs for outbound NAT from two internal subnnets? Yes, that should be fine if so. You'd have to switch outbound NAT to manual or hybrid mode and add a rule to do it for at least one of those subnets. Steve

SOLVED: a very basic issue, non-related to pfsense etc The Lastpass-Chrome-extension always substituted my username into the field for the bind-user in the auth-server-config. And that could not work. Now with tests on the shell I figured that out and replaced it with a correct bind-user. Things work now! sry for the noise

@stephenw10 Yeah, a combined widget with a automatic reboot timer, a rollback timer and such could be REALLY cool.

@stephenw10 Ok, will try today this too. Thanks.

Indeed, I would have expected it to be. I would have tried stopping then starting (not restarting) IPSec if you can. It's possible it still had some part of that config present.

@smokinjo said in Updating pfsense before using as firewall?: Can I just connect it to the local network and log in? Pfsense will be behind the firewall, but updating things should work fine. Yes, as long as there is no subnet conflict between the WAN and default LAN (192.168.1.1/24). If your existijg LAN is already using that you would need to set a different LAN subnet in pfSense first.

Yeah I am pretty much an exclusive firefox user, while I do have other browsers, edge and chrome installed. I almost never use them other than odd testing of something here or there. I only ever interact with the pfsense gui using firefox and have never ran into any sort of issue editing anything. Currently using 131 of firefox.

@pFence Did you create redmine bug report already?

I was using outlook with app password and login and it just fails to connect

@mikek DOH! thanks! I thought of that right after I posted but haven't edited yet. how is that ;) Still doing a lot of learning myself. trying to get involved and posting forces me to thing through these scenarios.

@smokinjo You can restore forwards to a new or same config version: https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html Restore will prompt you to assign interfaces. Click Save there before you click Apply. Super easy as long as you have the same number or fewer interfaces on the old router.

Aha. Yes that's because tailscale isn't present at that point but you have assigned it as an interface. But tailscale should never be assigned. You should unassign it. https://redmine.pfsense.org/issues/14780

That sounds like the server is blocking those pings from outside it's subnet. You can confirm that by running a pcap on the interface connected to the server in pfSense whilst pinging from the laptop.

@stephenw10 For the record, the network is today working 100% magically. I might buy a 3 NIC PCIe card to resolve any potential IP conflicts. Just a guess as the tcpdump was a bit detailed.

@JonathanLee said in Log / routing full of upnp related messages: Yes does your ip schema still the same Hmm? Does my IP schema still ?look? the same?? The LAN, where UPnP is enabled has two of the Static IP's (gaming PCs) which in the ACL list (192.168.1.92) and they have the same port range allowed. The IP's that show up in the log are all from the DHCP range .130 and above.

Yes we are running current now in Plus so you would need to use 15. And, yes, I can ask but I think there would be almost no chance of Netgate developers getting involved here.

@johnpoz , Thankx....

The WAN interface is the local NIC in pfSense. It has an IP address assigned to it. The gateway is the remote device that pfSense sends traffic to which also has an IP address assigned to it. The WAN and gateway IP addresses are (almost always) in the same subnet so they can connect at layer 2. I.E. using ARP or DHCP.