@stephenw10 yup that would be another way @CreationGuy but his rule above his lan allow should trigger and not log that igmp traffic.. and no other rules should be evaluated.. So it shouldn't still see the igmp traffic on his lan allow and block it because of the IP options setting.

@stephenw10 Quick update, my isp provider came out yesterday about lunch time an replaced the card that converts the fiber to ethernet and replaced the rj45 socket. We tested with no errors and i have not seen a hang on the vault yet and it is now almost 30 hours running.

@stephenw10 said in Two IP's from ISP, Two PFsense routers (one a vm) cannot access B from A:

What lloks wrong is that site A has the same MAC for 24.71.68.1 and 24.71.68.91

Exactly, and site A was the one that had .91 before. So if there is some stale info in the ARP table then flushing it may fix it I suppose?

@stephenw10 said in Two IP's from ISP, Two PFsense routers (one a vm) cannot access B from A:

Edit: Good point, it could be Proxmox doing something odd. But I run that here and have never seen it do weird layer 2 stuff like that.

I agree, I use Proxmox for two firewalls in a similar setup, and I have had no trouble with vtnet or direct NIC's. Although I do have a switch on the WAN, not a router. But considering that Proxmox is the one thing that is different vs site A, I'm thinking it may be part of the problem.

@backup2 said in Can't access internet with pfsense and proton vpn:

any chance you can help with this issue also?

What firewall rules have you added there? There are none by default.

Did you enable dhcp on the new interfaces? Are connected clients pulling an IP correctly?

@elvisimprsntr said in PSA - AT&T Email to SMS Gateway Service Ending:

If you are affected and are in need of an alternative, I switched to using Pushover: Simple Notifications for Android, iPhone, iPad, and Desktop
30-day free trial and $4.99 one time license per platform.

I already updated my security system, home automation controller, and pfSense to use Pushover. Took less than 15 minutes.

I’d be interested in what options others are using.

There was a short discussion of this on the Ubiquiti forums. Pushover received a number of recommendations. Other options mentioned were Zapier and Telegram. Home Assistant apparently has notification support through its app.

I switched over to Google Chat for notifications via a webhook (Chat webhooks require a Google Workspace account, which we already had). Straightforward to implement and working well so far. There's also an email-to-Chat interface.

There's nothing much shown in that status output you uploaded. Mostly because the system logs are completely spammed with:

Apr 13 15:42:11 bkk-fw upsmon[52386]: Poll UPS [apc] failed - Driver not connected Apr 13 15:42:16 bkk-fw upsmon[52386]: Poll UPS [apc] failed - Driver not connected Apr 13 15:42:21 bkk-fw upsmon[52386]: Poll UPS [apc] failed - Driver not connected

You should disable that if the UPS isn't actually attached.

You also have a number of arpmovment messages. If those are legitimate consider disabling logging those:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/logs-arp-moved.html

@Cabledude said in System Logs-Gateways: no entries after 24.11 update:

[24.11-RELEASE][root@SPK.home.arpa]/root: ps aux | grep 'dpinger'
root 82858 0.0 0.1 12952 2540 0 S+ 16:00 0:00.01 grep dpinger
[24.11-RELEASE][root@SPK.home.arpa]/root:

means : no dpinger process is running !
You should see : see above, previous post,w where I gave 1 for IPv4 and 1 for IPv6. You should see the same thing.
No dpinger running == totally normal that there are no gateway logs ;)

I just restarted my pfSense this morning as I upgraded to 25.03.b.20250414.1838 which came out yesterday and :

[25.03-BETA][root@pfSense.bhf.tld]/root: ps aux | grep 'dpinger' root 7412 0.0 0.1 14692 3084 - Is 08:10 0:00.62 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B 2a01:dead:beef:a600:92ec:7 root 7653 0.0 0.1 14692 3084 - Is 08:10 0:00.56 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 192.168.10.4 -p /var/run/d root 51651 0.0 0.1 14076 2684 0 S+ 09:23 0:00.00 grep dpinger

and logs do show up for me now.

Btw : the beta releases are really good ... no issues what so ever for me (vanilla dual stack pfSense. with captive portal, FreeRadius, minimal pfBlocker and some other small gadgets).

Yes we need more information to diagnose this. Still this? https://forum.netgate.com/topic/189542/pfsense-access-interruption

If so I suggest continuing there.

But if you're running in hyper-V still check for the reported hveventX issue: https://forum.netgate.com/post/1207821

@Gblenn
currently all my environments are in hyper v so I will not be able to experiment on proxmox.
I can't figure out why pfsense is cutting off access but I will focus on finding out

thanks

First, in the GUI, stop FreeRadius.

Then, in a first console access, you run

radiusd -X

Then, in the second (use SSH ?!) start our radtest :

@laurens-DS said in Setting up FreeRADIUS on pfSense with Google LDAP and integrating with UniFi Controller:

when i do a radtest

In the first console, with the Radius debug log output, you can see the reason.

@jazzl0ver Awesome, thanks 🎯

[root@gw-2 ~]# /sbin/glabel label swap0 /dev/blabla

was exactly the part which I have been missing 🏷

And why:

[root@gw-2 ~]# glabel list

Didn't showed me anything 🔑

I have never understood why a licence for a short duration (1 year) can not readily be moved when the old hardware is not functional (cold spare or hardware failure).

Having a licence tied to hardware makes perfect sense for a long term licence (where ongoing company income comes from old hardware dying and being replaced eg Netgate hardware) but makes no sense when an annual licence fee is paid.

Perhaps Netgate just dislikes selling software and really only wants to sell hardware.

@balsal7346 said in Verizon FiOS Home Internet with CR1000A Router to use with Netgate 1100:

netgate 1100

I know this is an old post, but wanted to provide my approach since I took an interest in pfsense only a couple of months ago.

I found a video (https://www.youtube.com/watch?v=Vf1sTkxxjLs&list=WL&index=2) that helped me convert the CR1000A into an access point.

I configured the pfsense software using https://www.youtube.com/@NaomiBrockwellTV

I plugged the ethernet cable from the ONT into the WAN port of the pfsense box.

I plugged to converted CR1000A into the a network switch.

I plugged the LAN port of pfsense into the switch.

This way the pfsense firewall is between the Internet and the CR1000A that acts as an AP for my wireless devices since I didn't want to spend any extra for a different AP.

I'm still on a steep learning curve for the pfsense software, but I have wired and wireless access to the Internet for most common activities.

@pst Never mind, a two hour wait and a prayer seems to have resolved whatever state the box got itself into...

@Gblenn that, and Adguard can do DOT and DOH.
I might enforce the DOH servers on the client side.

@NGUSER6947

you can install coturn on your Nextcloud server, here is a german howto:
https://www.c-rieger.de/stunserver-coturnserver/

@stephenw10 Thanks for that!

@gstlouis
I'm also using the apcupsd package on an pfSense installation. The UPS supplies a Proxmox server. On this I installed apcupsd as well.
The service connects to pfSense via NIS and gets the UPS status from it and triggers its shutdown on its own.

The shutdown of the server works as expected on power outages this way.
Just ensure that the other hosts shutdown before pfSense.

@stephenw10 ok I will try it later on my test machine

@chpalmer so I have to reboot the modem to connect a new device to the modem Ethernet, that was one thing that wasn't happening today. Got it.