SOLVED: a very basic issue, non-related to pfsense etc The Lastpass-Chrome-extension always substituted my username into the field for the bind-user in the auth-server-config. And that could not work. Now with tests on the shell I figured that out and replaced it with a correct bind-user. Things work now! sry for the noise

@stephenw10 Yeah, a combined widget with a automatic reboot timer, a rollback timer and such could be REALLY cool.

@stephenw10 Ok, will try today this too. Thanks.

Indeed, I would have expected it to be. I would have tried stopping then starting (not restarting) IPSec if you can. It's possible it still had some part of that config present.

@smokinjo said in Updating pfsense before using as firewall?: Can I just connect it to the local network and log in? Pfsense will be behind the firewall, but updating things should work fine. Yes, as long as there is no subnet conflict between the WAN and default LAN (192.168.1.1/24). If your existijg LAN is already using that you would need to set a different LAN subnet in pfSense first.

Yeah I am pretty much an exclusive firefox user, while I do have other browsers, edge and chrome installed. I almost never use them other than odd testing of something here or there. I only ever interact with the pfsense gui using firefox and have never ran into any sort of issue editing anything. Currently using 131 of firefox.

@pFence Did you create redmine bug report already?

I was using outlook with app password and login and it just fails to connect

@mikek DOH! thanks! I thought of that right after I posted but haven't edited yet. how is that ;) Still doing a lot of learning myself. trying to get involved and posting forces me to thing through these scenarios.

@smokinjo You can restore forwards to a new or same config version: https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html Restore will prompt you to assign interfaces. Click Save there before you click Apply. Super easy as long as you have the same number or fewer interfaces on the old router.

Aha. Yes that's because tailscale isn't present at that point but you have assigned it as an interface. But tailscale should never be assigned. You should unassign it. https://redmine.pfsense.org/issues/14780

That sounds like the server is blocking those pings from outside it's subnet. You can confirm that by running a pcap on the interface connected to the server in pfSense whilst pinging from the laptop.

@stephenw10 For the record, the network is today working 100% magically. I might buy a 3 NIC PCIe card to resolve any potential IP conflicts. Just a guess as the tcpdump was a bit detailed.

@JonathanLee said in Log / routing full of upnp related messages: Yes does your ip schema still the same Hmm? Does my IP schema still ?look? the same?? The LAN, where UPnP is enabled has two of the Static IP's (gaming PCs) which in the ACL list (192.168.1.92) and they have the same port range allowed. The IP's that show up in the log are all from the DHCP range .130 and above.

Yes we are running current now in Plus so you would need to use 15. And, yes, I can ask but I think there would be almost no chance of Netgate developers getting involved here.

@johnpoz , Thankx....

The WAN interface is the local NIC in pfSense. It has an IP address assigned to it. The gateway is the remote device that pfSense sends traffic to which also has an IP address assigned to it. The WAN and gateway IP addresses are (almost always) in the same subnet so they can connect at layer 2. I.E. using ARP or DHCP.

Remember Parallel DB25 print servers where you could connect your laser printer to a couple years ago? Same thing if it has no web server running or access to the network it won't work. My question is can you do a test page from the printer itself? Think in Isolate. Does the printer work? Does it get an IP address? If that works why can't windows see it. Can you ping it? Can you ping pong it from the firewall? Have you attempted a complete wireless reset on it? Can it see the SSID.

This is a new install? Behind an ISP router? What IPs are you actually seeing now? How is the WAN configured? What is not working? Steve

Your 'Allow Trusted Devices' rule is UDP only. If that is intended to pass traffic it should be UDP+TCP or TCP only at least.