Does WAN2 actually have a DHCP lease? Is the WAN2 gateway shown in Diag > ARP?

It could just be an upstream issue at the ISP.

https://redmine.pfsense.org/issues/15499

@stephenw10 said in Rearranging the interfaces:

Not worth it IMO.

I get some peoples ocd tendencies, etc. But the only time I ever look at the assignment page is to take a screenshot to show users which is way more often than I actually go in their myself for something ;)

You can sort by name in the widget you might have on your dashboard, and the drop down to go to an interface is sorted as well with that check box..

I could see maybe if was a really long list and you didn't want to scroll through them all or something?

Its almost certainly blocked on the client device directly. So like Windows firewall, if it's a Windows device.

Ah, nice. 👍

What exactly are you seeing?

@GeorgePatches said in What happened to the CE downloads?:

@mcury Yes, that part seemed to work much like the standard installer.

Thanks GeorgePatches 👍

@usafit why would you think that should go on your firewall.. Endpoint is in the name even, pfsense or any router/firewall is not an "endpoint"

The firewall aspect of pfsense, just allows you to control what is routed.. Can endpoint A on network X talk to endpoint B on network Y..

An endpoint is something that starts a conversation, the other end point is what that something is talking to.. Pfsense is the router between when those 2 things are on different network..

Sure when you access the gui of say pfsense, then pfsense is the endpoint in that conversation.. But vast majority of traffic flows thru pfsense, pfsense is not the "endpoint".. Installing such software doesn't make a lot of sense for something like pfsense.. You would put that on your VM host, or the vm themselves or you laptop or your PC, or your phone, etc. Some iot device..

Is it no longer possible to download the CE images without registration?

If you see it again I would check the state table. The dpinger state may have been created on the wrong interface before the VTI came up and still be there.

@johnpoz
Thank you John. I'll have to do some research and figure out how to implement this.

There is nothing public. Generally we include as a recommended patch anything that can be fixed by a run-time patch, is confirmed as fixed definitively and has significant impact.

Hmm, I wonder how that happened. Curious. Glad you were able to track that down.

@stephenw10
No wireguard in my case. Now I use PPPoE only for IPv4 and HE GIF for the IPv6 testing and fallback. No problem with 13.x.x.x based sites currently, but I did not tested all of them.
I honestly don't understand what the relation to IPv6 is at all if packet capture shows that the connection is going through the IPv4 stack. I would be sure that it's some configuration error either from the provider's side or somewhere else on my end, but in fact, everything works directly, without pfSense.

To get a working internet connection we must create a VLAN7, assignee it and add a PPPoE connection. I wouldn't say this is impossible, but if one character is wrong and the installer try three times to connect my ISP blocks me for some hours...

@lightingman117 It feels like asking for trouble if you install unsupported packages inside pfsense... I am running pfsense as a VM under Proxmox which has worked fine for a few years now. With such a setup you can run any number of additional "packages" as separate VM's on the same machine, all booting up and working in unison.
Such a setup should work perfectly fine on a Protectly machine...

I then have AdGuard Home running as a VM and simply set all DHCP clients in pfsense so that their DNS is the AdGuard IP. AdGuard is not a DNS resolver, just a blocker/filtering service so it needs to point to a DNS service. You don't need to use pfsense resolver (unbound) but you can if you like, simply by setting the IP as the upstream DNS in AdGuard.

Then if you find it useful you can use pfBlockerNG to do additional filtering, like GeoBlocking.

@stephenw10 It was an antivirus page I left up that Squid stopped your right. Thanks I never reset the firewall when that was open.

The "Squid stopped a virus page"

Install snort , untick "keep settings after deinstalling" remove snort again. Looks this msg disappeared

@stephenw10 I will do it, thanks a lot for your patience and your help

Hmm, I have no idea how it's ended up displaying that file there. I've never seen that.

What sort of things were you doing before this happened? Did you add any custom code?

Steve