I just wanted to follow up on this and let everyone know I could never get anywhere. While I did backup/restore last month I kept this box around to try to troubleshoot. No pkg command would yield any results, even trying to install from local.

If anyone winds up in the same boat, I'm afraid this post likely won't help.

@stephenw10 Thank you so much, problem solved, i change the setting that you suggest to me and now work perfectly.

It would usually demote itself, causing a failover, if any interface that has a CARP VIP on it loses link. That can be affected if the interface is a bridge though for example. The bridge itself never goes down.

Ok, so try swapping it to LAN and see if the problem follows the USB NIC.

It may not. You might find it 'just works' as the WAN.

You can restore the config to pull in all the previous settings.

However the new NDI will need to registered for Plus upgrade to get 23.09.1 though.

Yes, they happened simultaneously and crash reports although I didn't adjust any with the secondary.

@alhaunts Nice, just installed it here.

https://redmine.pfsense.org/issues/15119#change-72146

@stephenw10 Thank you!

You're a legend, both of those combined are what restored the internet connection.

Thank you so much for all of your assistance over the past few days.

I greatly appreciate all of your help!

@stephenw10 Perfect example of why I checked here first!

@Fringe1533

Hi
To connect such clients on Mac OS, I recommend using the Apple Configurator program, in which you can create a profile for connecting to a Wi-fi network (WPA-Enterprise).
After creation, this profile is imported to the MacBook, and it connects successfully

f2b0a1cd-2885-4edc-aec0-acd1644a38f1-image.png

da5fa148-047c-4674-a85d-8f7cc6c702bf-image.png

050f7847-3a4d-45da-a9c2-d8364172eb67-image.png

8db8eddb-9eff-426c-aae3-bfb3c84d5e06-image.png

bfc430f0-774f-4430-b611-ce8c7fdfec32-image.png

@stephenw10 thank you for your wisdom.
@pfguy2018 thank you for asking.

@pfsense57352
🤣

You should not have gateways set on LAN or OPT1. (or possibly OPT2). Only the WAN should have a gateway set for pfSense and that is added automatically for DHCP.

When you add a gateway to an interface pfSense treats it as a WAN and that is not the case for LAN or OPT1.

Additionally whatever is at 10.0.2.2 is not responding to ping. That's probably because it's the VBox NAT host. You should set some the external IP address for pfSense to monitor on the WAN.

Steve

@Gertjan Thank you for the detailed explanation!

Nothing there looks specifically wrong.

What sort of WAN connection is it, DHCP?

Do you expect to get a public IP there?

Do you reboot the modem to be sure it's not locked to the MAC address of the old router?

Steve

@ChrisJenk said in Where does DHCP6 client keep its lease info etc.? And can I force a refresh of the DHCP6 lease from the command line?:

Also, is it possible to force a DHCP6 refresh for an interface (the WAN in my case) via some command? I can do it by toggling the WAN interface to disabled and then back to enabled in the GUI, but that disrupts IPv4 traffic, which I want to avoid.

This could be

Note : haven't try this myself.

Btw : when I check the ( Status > System Logs > DHCP )

eaa4a625-d194-4690-b0cd-e88d86f9da51-image.png

I see that the DHCP6C renews very often - every 10 minutes ( 😵 ) or so.
Not sure if this is normal. The DHCP6 server is in my ISP box, that's the one handing out "20 min" leases ... Not something I can change.
The WAN IPv6 and prefix didn't change for the last 9 months or so ( ouf ...).

Re: PFsense random loss of WAN gateway

I just wanted to add my thanks!

I have a Telia Fiber connection and it would lose WAN every six hours. Turns out that the Telia DHCP server only allows a limited number of renewals after which it demands a broadcast again.

The above option to always broadcast works fine.

It took me several month to find this solution! Thanks again!

@johnpoz @stephenw10

The problem with pfBlockerNG and config saves is even bigger as that many MANY configuration changes are all SYNCED to a CARP member triggering a HUGE number of unnecessary reloads and changes on the secondary node. And as pfBNG doesn't really sync the lists but the config only, the second node still has to run its own instance of pfB and do the whole download and install of the lists AGAIN, so you nearly have double the config changes to the standby node. Also in a bigger setup you have to either completely disable the sync because of this or you have to time the standby node down to do updates e.g. only daily or all 12h as otherwise you get hit with the sync job that triggers a reload of MANY services of the standby node, then have the node perform its own pfB download and saving configs. So config history is completely broken and unusable in a cluster where pfB is enabled as you won't see anything older then a day or two with that many checkpoints. Also the sync adds even more on the standby AND triggers high load and temporary RPC/sync unavailability as the node gets simply swamped by syncs and reloads (talking about a big node here with many VPNs, big ruleset etc. - datacenter firewall). That's a really big minus of pfB currently. I already mentioned that to BBcan/Tony several times but never came to tackle down the issue (with various others concerning a CARP setup like the interface creation in DNSBL mode etc.)

Cheers