Oh yes there certainly are many users running VMs as edge on all hypervisors. I just wouldn't myself.

@hescominsoon said in 25.7.1 package issue: 25.07.1-RELEASE on both and yesw i access both in private mode which auto clears when i close the tab. Minor nitpick…Private/incognito tabs all share the same session so cookies/cache would clear when closing the window/all private tabs.

@marcg I finally got the PD on the pfSense and I'm working through the reservations I had set to the tunnel so they get an reserved address within the PD. I had wanted to keep the tunnel from he.net but I never could get that working. If the BGW320 ever gets a different prefix I'll have to change any AAAA records at he.net's free DNS services. Won't be too difficult and I could script it through their API if it starts to happen often enough. I've had the same prefix for about a week now. Same IPv4 since I put the SG4200 online. I don't expect any changes but since I'm on the gulf coast it's somewhat likely that I could lose power and/or network for multiple days if a hurricane rolls through town. That could cause a change in the leases.

And 192.168.100.1 is part of the DOCSIS specification. That's because all cable modems run with this IP address.

@SteveITS Thanks very much, i knew i must have missed something. Clean Firewall logs now.

@stephenw10 I agree @ramup thanks for keeping everyone in the loop

Try 2.8.1 first if you can. You are probably hitting this preventing the SWAP being enabled: https://redmine.pfsense.org/issues/16232 Unfortunately that fix didn't make it into 2.8.1 but you can apply that patch there. Or manually make the one character change! That should give you the expected 16G of swap which will be enough for any core file.

@stephenw10 I did not know about that. Thanks - implemented and it's working!

@keyser Fantastic, thank you! Yeah, I ended up getting to the JSON settings before I saw your reply, and I had DEBUG instead of just INFO and the logs were going crazy! I think, with as active as my network is, and as chatty as the DHCP devices are, I'm going to ignore the web GUI, and just tail the logs over SSH. That way I can grep and sed to my heart's content. I also set-up log rotation using the built-in method, so that's good. Every once in a while I have these bursts of pfSense learning.

Yup, that's fixed in current versions.

@tman222 I've got T-Mobile Home Internet (THMI) set up as my backup to Starlink in a pfSense failover gateway group. It is kept alive by a ping to 8.8.8.8 and my gateway always has the ipv4 address of 192.168.12.1. The pfSense interface gets .12 address, right now, .12.145. For science, I turned on ipv6 dhcp to get the one and only ipv6 address from the TMHI gateway and it did get an ipv6 address it couldn't really do much with, kept alive by pinging the ipv6 of 8.8.8.8. Until it didn't work. One day the ipv6 address and interface was just dead and the ipv6 address wouldn't come back with some usual efforts. Since it was just an experiment, I shut the ipv6 off. Since TMHI won't give a prefix, it's really not much use that I can tell to have the router interface have an ipv6 address with nothing else downstream. So it just uses ipv4. Note, I have shut off all the wifi on the box and just use it through the ethernet port. I used a great IOS app called HINT Control to shut off the wifi on the TMHI gateway. I have my own wifi, so I don't need it polluting the em spectrum with more. Since we live in the sticks, both our Starlink and TMHI use CGNAT of a sort but I don't have any problems with double-NAT with either. It just works.

I think you may be over reacting to users questions. There are plenty of things pfSense could be better at! Most commonly when we see reports of some service that worked fine behind some other router but not pfSense it's either a NAT issue or some ALG/Proxy that was present on the other device but not in pfSense. Try setting a static source port. The difficulty here is that it doesn't fail immediately. It looks as though the ecobee server marks the IP address bad in some way after some time and presumably after some conection event that pfSense fails to pass. But we have yet to see exactly what that is which makes it difficult to diagnose.

Mmm, I've never seen that here either.

ZFS is also a lot more resilient to filesystem issues than UFS. So if you see frequent power outages it's a much better choice. But, yes, it does write more to the drive. Though the default values in 25.07 reduce that significantly. You can mitigate it almost entirely by running RAM disks too.

Yup so check the routing and arp table on a client when it's unable to browse.

@ChrisJenk said in Netgate 6100 / 25.07 - any recipes / guidelines for optimising high speed LAN and WAN connections?: Speedtest program on the router itself No, I ran it on a Windows computer connected at 2.5Gb. I got full line speed up and down. I have since changed my internet to 1Gb so I only get 1.2Gb up and down now. A while back a friend and I were building and testing a VPN tunnel between us, a 7100 and a 6100, we found a noticeable speed difference if we used iperf on pfSense vs a computer on each end. We only get in the 700Mb/s range and still iperf on pfSense really added a load and skewed the results at least 10%.

If it's a paid subscription and you had to replace the hardware you should open a TAC ticket. We are not completely inflexible. Yes, it's tied to the hardware but if you are forced to change that we have options.

^^ yes - this. - and the syslogd fix in the works should resolve this.

@chudak said in Why do we need to pay for pfS + ????: How do you connect monitor to it? See for example https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/#how-to-guides In general Netgate makes sure new releases work on old Netgate hardware until it can’t.