@stdanro It would be the recovery from that -- look at the code referenced - syslogd and the changes are specifically related to EGAIN and ECONNREFUSED messages (they were not being handled) - not having them processed causes all kinds of interesting artifacts -and different when sending to a single server vs multiple servers (I have 2, and the order they are listed also changes the behaviour that is if one goes down and the other does not, which is my case) Because in my environment I know exactly when the issue is going to occur because of a fixed schedule maintenance window on one of the syslog servers) I have a script that monitors that receiving device and restarts syslog accordingly after it detect the system/port are back and available) Other than that "tiny little issue" as far as I can tell it is rock solid in processing messages. The only option for us currently is to wait for the new build of syslogd - so that it just recovers like it did before, back in the 24.11 days.

@johnpoz @provels I know that "unstated industry standard" is 192.168.100.1, but I've learned the hard way that assuming may cause problems. Now if IANA had something stating 192.168.100.1 is the default address for devices like cable modems, I'd accept that as gospel :)

@ezhawk said in Ecobee thermostat can’t connect to servers: And to no one's surprise, Ecobee says it is a problem with the pfSense Just to be clear (and I leave it after that), my suggestion to contact support was not to blame them but get help from them, getting information about connection made by pfSense and if Ecobee was blocking that connection at some point. I suspect you won't get that info in a chat from a 1st level support. Your package capture shows a 'Client Hello' from the Ecobee device when connecting to idt.ecobee.com and in a normal conversation, the answer would be a 'Server Hello' from the Ecobee server. But instead Ecobee ends the connection (the connection to home-fw.ecobee.com get a 'Server Hello', seems successful).

@johnpoz In cas this was not clear, the question is meant for @aarontry1

@stephenw10 Sorry for the delayed reply - I have just got back from a business trip. Anyway, this is the output from the CLI [2.8.1-RC][root@pfSense.mymain.local]/root: ls /var/run check_reload_status cron.pid daemon_sshguard.pid devd.pid devd.pipe devd.seqpacket.pipe dhclient.igb0.pid dmesg.boot dnsbl.pid dpinger_VPNUNLIMITED_L2TP~10.240.0.2~10.240.0.1.pid dpinger_VPNUNLIMITED_L2TP~10.240.0.2~10.240.0.1.sock dpinger_WANV6_TUNNELV6~2001:470:1f08:84a::2~2001:470:1f08:84a::1.pid dpinger_WANV6_TUNNELV6~2001:470:1f08:84a::2~2001:470:1f08:84a::1.sock dpinger_WAN_DHCP~82.13.203.142~82.13.202.1.pid dpinger_WAN_DHCP~82.13.203.142~82.13.202.1.sock dpinger_wg1GW~10.102.1.114~10.102.1.114.pid dpinger_wg1GW~10.102.1.114~10.102.1.114.sock dpinger_wg2GW~10.102.100.206~10.102.100.206.pid dpinger_wg2GW~10.102.100.206~10.102.100.206.sock expire_accounts.pid filter_reload_status filterlog.pid ipsec_keepalive.pid kea kea2fib6.cache kea4-ctrl-socket kea4-ctrl-socket.lock kea6-ctrl-socket kea6-ctrl-socket.lock l2tp_opt9.pid ld-elf.so.hints ld-elf32.so.hints log logpriv mdns-bridge.pid miniupnpd.pid nginx-webConfigurator.pid ntpd.pid pfSense_version pfSense_version.rc php-fpm.pid php-fpm.socket ping_hosts.pid radvd.pid sshd.pid sshguard.pid syslog.pid unbound.pid update_alias_url_data.pid updaterrd.sh.pid utmp utx.active wireguardd.pid [2.8.1-RC][root@pfSense.mymain.local]/root: [2.8.1-RC][root@pfSense.mymain.local]/root: ls /var/run kea4-ctrl-socket.lock kea6-ctrl-socket kea6-ctrl-socket.lock l2tp_opt9.pid [2.8.1-RC][root@pfSense.mymain.local]/root:: Too many arguments. [2.8.1-RC][root@pfSense.mymain.local]/root: check_reload_status ld-elf.so.hints ld-elf32.so.hints log logpriv mdns-bridge.pid miniupnpd.pid nginx-webConfigurator.pid ntpd.pid pfSense_version pfSense_version.rc php-fpm.pid php-fpm.socket ping_hosts.pid radvd.pid sshd.pid sshguard.pid syslog.pid unbound.pid update_alias_url_data.pid updaterrd.sh.pid utmp utx.active wireguardd.pid

ZFS is also a lot more resilient to filesystem issues than UFS. So if you see frequent power outages it's a much better choice. But, yes, it does write more to the drive. Though the default values in 25.07 reduce that significantly. You can mitigate it almost entirely by running RAM disks too.

Yup so check the routing and arp table on a client when it's unable to browse.

@ChrisJenk said in Netgate 6100 / 25.07 - any recipes / guidelines for optimising high speed LAN and WAN connections?: Speedtest program on the router itself No, I ran it on a Windows computer connected at 2.5Gb. I got full line speed up and down. I have since changed my internet to 1Gb so I only get 1.2Gb up and down now. A while back a friend and I were building and testing a VPN tunnel between us, a 7100 and a 6100, we found a noticeable speed difference if we used iperf on pfSense vs a computer on each end. We only get in the 700Mb/s range and still iperf on pfSense really added a load and skewed the results at least 10%.

guess back to testing... after a reboot of pfsense i can search again on the HD site with that disabled.. will test more to see if it comes back.. havent solved how the isp dns or cloudflare dns show up on the vpn side as it says you maybe leaking i gave up trying for now jsut working on this pfblocker

If it's a paid subscription and you had to replace the hardware you should open a TAC ticket. We are not completely inflexible. Yes, it's tied to the hardware but if you are forced to change that we have options.

^^ yes - this. - and the syslogd fix in the works should resolve this.

@chudak said in Why do we need to pay for pfS + ????: How do you connect monitor to it? See for example https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/#how-to-guides In general Netgate makes sure new releases work on old Netgate hardware until it can’t.

@johnpoz Yep, that's the setup I've got in place. It's been working for quite a few years for me when I was on a cable modem. @Bob.Dig My SG2100 does get a public IP, it is pingable from the outside world but still get no tunnel. In the Gateways widget the tunnel just shows "Offline, Packetloss"

@stephenw10 thanks for the feedback!

Mmm, you'll probably have to wait for it to fail and check what states are still there. I'd expect it to just re-connect if the states timed out and start to fail.

Sounds like they are getting redirected locally if they see a cert error. Check what cert they are being offered. The details there may indicate what is intercepting the traffic.