@macaruchi Peers allow Adresses > gust give 1 IP per Peer (/32) + check your Firewall Rules

@ojosaghae Coming from that far, 2.5.1, I would backup a pfSense config, and not bothering upgrading the device. Install clean with a memstick version from pfSense download. You'll have a chance to change the file system to ZFS. "You want that" and in place upgrading can't give you that.

Probably not. What I would expect to be required would be to bridge each VLAN individually. But if you do that you can't bridge the untagged parent interfaces because it will break VLANs on those NICs. So if you moved all traffic onto VLANs then using multiple bridges it should. Steve

If it's a bug in GAProxy it might be fixed in the dev version of the package. It uses 2.8.d12 vs 2.7.8 in the standard pkg.

@mpcjames Just to help with some of your early questions. You are correct that the Openreach VLAN is added by the modem or ONT. For generic modems this may have to be added manually, or not, as some UK-specific firmware loads do this for you (eg on some Draytek units with BT-approved firmware). The MTU for your WAN/pppoe0 link (shown as MRU 1492 in your stats above) should be set at 1500 - ie the standard packet size. The actual physical interface connection between your pfSense router to the Openreach modem or ONT should be set at 1508 MTU, to allow for the extra 8-bytes of the PPPoE wrapper: [image: 1694082069193-2023-09-07-at-11.18.35.png] [image: 1694082081847-2023-09-07-at-11.19.14.png] You will see the somewhat bogus PPPoE MTU 1492 mentioned a lot on English-speaking forums as they tend to be dominated by those from the US, where they do things differently. The 1492 setting has become somewhat of an internet lore but is incorrect for many other countries, including the UK. I'm on the pfSense Plus side of the house where there have also been a number of PPPoE niggles, one of which is the multiple attempts to achieve a PPPoE link, rather than the expected single attempt. This can muddy the waters when doing any testing. For reasons unexplained the latest 23.09 dev firmware is more likely to make a PPPoE connection at first try. So there is hope that things are getting better for UK-style connections. I hope this adds some UK-orientated clarity! ️

Yes, there are many ways you could do this. Really having the TP-Link as the main router is restrictions here. If you have something else behind it as a VPN server that creates a local routing problem if it's i the same subnet as hosts that need to connect to the remote VPN subnet. If you can't swap out the TPlink for pfSense then consider what it can do and build anything else around that. If that can do Wireguard it would likely work since Wireguard inherently includes routing.

Nice catch. Yes, exporting and manually removing that from the config should correct it.

@macaruchi said in Vlan wifi doesnt connect: There is a way to send any packets to this vlan to test the conectivity? Connected a PC or laptop to the pfSense interface an configure it's network port for this VLAN.

@cornerstonefound said in Guys, totally new, I need 3 ports to connect to different things from minipc how simplest way?: Do I set all this up in the pfsense GUI and so on? Yes. At the first boot after install you would assign the NICs to interfaces at the console. Then connect to the webgui on the LAN interface and configure the other interfaces. Steve

@stephenw10 I see, thank you very much for your answer

You'll also be able to see the interface names at the console or by running ifconfig at the command line.

What version did you upgrade from where it was working?

@stephenw10 My ISP finally called me back this morning and said that it looks like the box outside is going bad. They are rolling a tech to replace it this morning. Will see what happens.

@mcury The mistake I was making was to enter the username just as straight text, ie "pfsense". When I switched to "CN=pfSense,CN=Users,DC=lan,DC=company,DC=com" the bind authentication started working. The authentication appears to be working. Now on to making it secure. Thanks for posting the screen shot.

Once created the LAGG appears as any other interface, you can assign it, you can create VLANs on it etc. You can then select the LAGG, or VLANs on it, to assign as existing interfaces and that way keep the existing subnet and firewall rules etc. Steve

@Mikalatto Hi Mika, do you have a picture or model number of your equipment? Is your fiber terminating into this Nokia ONT and then going directly to the WiFi Hub? You may have a newer setup than I do so I might not be able to help. My connection is currently setup where the incoming fiber terminates into the Nokia G-240G-A ONT (same as in the Facebook link) and then from there it's ethernet to my pfSense box. There is no WiFi Hub necessary.

@johnpoz Thanks!

If you reboot and then check the log when does that first appear? At what point in the log? Also check /tmp/php_errors.txt

@magoo_it said in PHP error after reboot: It seems that today is not my best day on IT ... well better days will come. aww, don't be so hard on yourself. I have to keep a sticky on the Reddit group about this tool because it seems very few people there know about it, either.