Big thanks' to all for useful tips!

Still no router to host so either there is no route somehow or it's resolving to some IP that's incorrect.
Make sure it's actually resolving as expected:

[23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg00.atx.netgate.com pfsense-plus-pkg00.atx.netgate.com has address 208.123.73.207 pfsense-plus-pkg00.atx.netgate.com has IPv6 address 2610:160:11:18::207 [23.01-RELEASE][root@6100.stevew.lan]/root: host pfsense-plus-pkg01.atx.netgate.com pfsense-plus-pkg01.atx.netgate.com has address 208.123.73.209 pfsense-plus-pkg01.atx.netgate.com has IPv6 address 2610:160:11:18::209

Then run it with -d4 to get debug output and test over IPv4.

Steve

@johnpoz That drawing is still valid for when I was testing the bridge.

I just mentioned (off-topic) that I also tried to migrate the APs to wired backhaul, but that didn’t go well either. I decided to give up on those and redo my network completely (except Netgate).

@steveits @stephenw10

Actually, it turned out not pfSense's fault but a Mikrotik that's my LAN boss...in an attempt to mitigate a triple NAT situation from using the T-Mobile's gateway, I turned off NAT on the Mikrotik losing established routing; so, rather than messing with setting routing manually, I enabled it and smile with my triple NAT.

Thanks Steve!
This appears to be definitely related. Setting all dev.hwpstate_intel.%d.epp=95 seems to have affected temp readings and brought them within more reasonable levels. I will educate myself more on this.

I am in the lab today and will explore bios settings.

Warm regards,
Mark

I've just encountered this issue setting up my remote logging for the first time. Using Syslog-NG, I had to include 'create_dirs(yes)' in my syslog-ng.conf file.

Example:

destination d_remote {
file("/var/log/remote/$HOST/$YEAR/$MONTH/$DAY/syslog.log"
create_dirs(yes));
};

Cheers!

@shocko if you go to https://www.pfsense.org/download/ and do Not select an architecture, and click Download, you’ll see the last couple versions. Which will get you the same file. :)

@stephenw10
Thanks，i've already solved the problem.
Forget to lanuch the gateway opposite my local net caused this error.

@stephenw10

When following DoT procedure base on netgate.
All alliases having dynamic name to resolve, get an response from dnsfilter « failed to resolve host - will retry again later ». Some of them does resolve bost most part failed completly ans then, at a point failed all.

When chanching aliases to url ip table , no problem occur.

If i remove all DoT everything work as expected

Note : i have arround 140 dynamic name to resolve.

Hope help

Behavior apper on sg-3100, sg-8200 pro max. And all other device

Version 22.05 not affected
Version 23.01 affected

Thank’s

Hope helps

stephen, your last message prompted me to look at my BIOS boot priorities again.
The 1st Boot Device Priority was UEFI OS as expected. 2nd - 6th Boot Device Priorities were disabled.
However, under Network Device BBS Priorities, there were 4 entries for Intel Boot Agent (IBA) ports. I had these disabled at some point but some how that reappeared. I disabled all 4 entries and the IBA (CTRL+S) setup messages disappeared during boot up.

I did briefly remove the Quad port NIC while doing some other activities. I suspect that the Network Device BBS Priorities were enabled when the card was reinserted into the slot.

In any event, many thanks for helping solve this issue!

@stephenw10 said in Cable modem, pfSense and switches on UPS but still issues with power bumps:

The modem might lose sync even if it doesn't lose power.

Very true.

Since he said Arris 32 channel which would be a DOCSIS 3 model..
https://approvedmodems.org/bad-modems/

@creationguy bump

There are at least two things wrong with this package

Time is off and there is no way to fix it making the timeseries charts unusable. Minute Interface Top Talkers field no longer reports IPs.

This version of ntopng Community is worse than the one that comes with 22.05 for those main reasons.

I have opened a RedMine on this to see if the earlier package can be made available but of course thats a black hole.....

Thanks for the confirmation stephen!

Thanks ! i will try that !

Yes, that seems more likely something in the base TCP stack since forwarding still passed pf but does not terminate TCP sessions.
A lot changed between 2.6 and 23.01 (or 2.7) because of the rebase to FreeBSD 14. I'll see if any of our developers are aware of anything that might have caused this.

Steve

Hi,

the problem was our fault, nothing wrong with PfSense.

The OpenVPN client stop working with 2.6.2 udpate. It starts working again with the one that PfSense have in bundle with the config.

@stephenw10 Looks like that did the trick. Thank you!

@fsc830 Yeah. I came across it after I had posted.

It seems like the new FreeBSD 14.0 kernel used by pfSense Plus 23.01 is based on a pre-release version. So basically, I'm SOL for now.

I don't want to mess with the system too much so I just went ahead and reverted all the changes I had made. No biggie but thanks for the heads up.

Well for some reason traffic from the firewall itself is failing. Maybe you have a rule blocking it? Something incorrectly NATing? Check the states while trying to download lists.

Those logs are expected if you open the webgui to random connection attempts. It's not an indication of any sort of compromise.

You can test it yourself, just try to access some page before you login and you will see those logs:

Apr 5 22:02:16 nginx 2023/04/05 22:02:16 [error] 47504#100318: *72304 open() "/usr/local/www/somenonexistentpage.htm" failed (2: No such file or directory), client: 172.21.16.8, server: , request: "GET /somenonexistentpage.htm HTTP/2.0", host: "4100.stevew.lan"