Subcategories

  • Announcements and information about pfSense software posted by the project team

    220 Topics
    3k Posts
    P
    @SteveITS Thanks for the clarification, I would give you an up-vote but I do not have enough reputation.
  • Discussions about pfSense software that do not fit into one of the more specific categories below.

    27k Topics
    191k Posts
    O
    @stephenw10 Could not send the message to root@example.com -- Error: Failed to connect to ssl://example.com:587 [SMTP: Failed to connect socket: stream_socket_client(): Unable to connect to ssl://example.com:587 (Unknown error) (code: -1, response: )] Submission is set to require TLS and it's failing and not seeming to be taking the CA/certs I added. Could not send the message to root@example.com -- Error: Failed to add recipient: root@example.com [SMTP: Invalid response code received from server (code: 450, response: 4.7.1 Client host rejected: cannot find your reverse hostname, [10.254.0.1])] This is because there's no PTR for the far side of the tunnel between the sites and the dnsmasq setup is currently just domain override-based.
  • Discussions about Multi-Instance Management.

    22 Topics
    150 Posts
    stephenw10S
    This should be fixed in the next version.
  • Discussions about installing or upgrading pfSense software

    10k Topics
    62k Posts
    stephenw10S
    You can just resave that value in the update settings tab. It should then look like: <pkg_repo_conf_path>2_8_1</pkg_repo_conf_path>
  • Discussions about firewalling functionality in pfSense software

    10k Topics
    59k Posts
    S
    @Uglybrian, Thank you, I will give that a try. Stuart
  • Discussions about Network Address Translation (NAT)

    6k Topics
    31k Posts
    KahnaresK
    @SteveITS I haven't tried disabling or removing Outbound rules, but it's worth a shot. I'm not sure it would make a difference, but stranger things have happened and it's quick'n'easy to test. Outbound is just directing traffic to the gateways (ISP or VPN, depending on the VLAN). I'll test my loopback theory too.
  • Discussions about High Availability, CARP, and utilizing additional IP addresses

    3k Topics
    12k Posts
    U
    A week ago, I switched our Kea DHCP backend on our production firewall cluster to Kea (after a lot of test in a virtualized environment). It worked fine until yesterday, when suddenly the clients stopped receiving leases. After some troubleshooting, I found that the Kea server must have crashed on the primary node, and the secondary node didn’t seem to fail over properly. Both firewalls were running, but no leases were being handed out to clients. The error log I found was the following: port 67, reason: Address already in use - is another DHCP server running? Oct 21 14:26:57 ITL-FWL-001 kea-dhcp4[65433]: WARN [kea-dhcp4.dhcpsrv.0x7f3c2012000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface lagg1.999, reason: failed to bind fallback socket to address 10.0.63.2, port 67, reason: Address already in use - is another DHCP server running? Oct 21 14:26:57 ITL-FWL-001 kea-dhcp4[65433]: WARN [kea-dhcp4.dhcpsrv.0x7f3c2012000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface lagg1.999, reason: failed to bind fallback socket to address 10.0.63.1, port 67, reason: Address already in use - is another DHCP server running? Oct 21 14:26:57 ITL-FWL-001 kea-dhcp4[65433]: WARN [kea-dhcp4.dhcpsrv.0x7f3c2012000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic Oct 21 14:26:57 ITL-FWL-001 kea-dhcp4[65433]: ERROR [kea-dhcp4.dhcp4.0x7f3c2012000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 14:26:57 ITL-FWL-001 kea-dhcp4[65433]: ERROR [kea-dhcp4.dhcp4.0x7f3c2012000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 14:27:01 ITL-FWL-001 kea-dhcp4[17711]: WARN [kea-dhcp4.dhcpsrv.0x106d79612000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 21 14:27:01 ITL-FWL-001 kea-dhcp4[17711]: WARN [kea-dhcp4.dhcp4.0x106d79612000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 21 14:27:01 ITL-FWL-001 kea-dhcp4[17711]: WARN [kea-dhcp4.dhcpsrv.0x106d79612000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 21 14:27:01 ITL-FWL-001 kea-dhcp4[17711]: WARN [kea-dhcp4.dhcpsrv.0x106d79612000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface lagg0.10, reason: failed to bind fallback socket to address 10.0.9.2, port 67, reason: Address already in use - is another DHCP server running? Oct 21 14:27:01 ITL-FWL-001 kea-dhcp4[17711]: WARN [kea-dhcp4.dhcpsrv.0x106d79612000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface lagg0.10, reason: failed to bind fallback socket to address 10.0.9.1, port 67, reason: Address already in use - is another DHCP server running? Oct 22 10:22:33 kea-dhcp4 78645 WARN [kea-dhcp4.dhcpsrv.0xc0595a12000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 22 10:22:33 kea-dhcp4 78645 WARN [kea-dhcp4.dhcp4.0xc0595a12000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 22 10:22:33 kea-dhcp4 78645 WARN [kea-dhcp4.dhcpsrv.0xc0595a12000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 22 10:22:33 kea-dhcp4 78645 WARN [kea-dhcp4.dhcp4.0xc0595a12000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 48, queue size: 64 Oct 22 10:22:33 kea-dhcp4 78645 ERROR [kea-dhcp4.packets.0xc0595a12000] DHCP4_BUFFER_RECEIVE_FAIL error on attempt to receive packet: Truncated DHCPv4 packet (len=172) received, at least 236 is expected. Oct 22 10:22:33 kea-dhcp4 67709 WARN [kea-dhcp4.dhcpsrv.0x3a7d32612000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 22 10:22:33 kea-dhcp4 67709 WARN [kea-dhcp4.dhcp4.0x3a7d32612000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 22 10:22:33 kea-dhcp4 67709 WARN [kea-dhcp4.dhcpsrv.0x3a7d32612000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 22 10:22:33 kea-dhcp4 67709 WARN [kea-dhcp4.dhcp4.0x3a7d32612000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 48, queue size: 64 It seems like another instance of Kea tried to start, even though there was probably already one running. I restarted the firewall, and it seemed to recover. However, I can no longer trust it in production. I’ve looked into it further, and later the same day something similar occurred again. I also noticed since yesterday that, from time to time, the DHCP status on the lease page goes red for one node for a few seconds, then recovers automatically. ct 21 18:20:31 kea-dhcp4 34212 WARN [kea-dhcp4.dhcpsrv.0x3bc9d6212000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 21 18:20:31 kea-dhcp4 34212 WARN [kea-dhcp4.dhcp4.0x3bc9d6212000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 21 18:20:31 kea-dhcp4 34212 WARN [kea-dhcp4.dhcpsrv.0x3bc9d6212000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 21 18:20:31 kea-dhcp4 34212 ERROR [kea-dhcp4.dhcp4.0x3bc9d6212000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 18:20:31 kea-dhcp4 34212 ERROR [kea-dhcp4.dhcp4.0x3bc9d6212000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 18:21:15 kea-dhcp4 71088 WARN [kea-dhcp4.dhcpsrv.0x2b7e08012000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 21 18:21:15 kea-dhcp4 71088 WARN [kea-dhcp4.dhcp4.0x2b7e08012000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 21 18:21:15 kea-dhcp4 71088 WARN [kea-dhcp4.dhcpsrv.0x2b7e08012000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 21 18:21:15 kea-dhcp4 71088 ERROR [kea-dhcp4.dhcp4.0x2b7e08012000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 18:21:15 kea-dhcp4 71088 ERROR [kea-dhcp4.dhcp4.0x2b7e08012000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Error initializing hooks: CmdHttpListener::run failed: unable to setup TCP acceptor for listening to the incoming HTTP requests: bind: Address already in use [system:48 at /usr/local/include/boost/asio/detail/reactive_socket_service.hpp:161:33 in function 'bind'] Oct 21 18:28:52 kea-dhcp4 16688 WARN [kea-dhcp4.dhcpsrv.0x10a766c12000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled. Oct 21 18:28:52 kea-dhcp4 16688 WARN [kea-dhcp4.dhcp4.0x10a766c12000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Oct 21 18:28:52 kea-dhcp4 16688 WARN [kea-dhcp4.dhcpsrv.0x10a766c12000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Oct 21 18:28:52 kea-dhcp4 16688 WARN [kea-dhcp4.dhcp4.0x10a766c12000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 48, queue size: 64 I did some research and found that maybe the 48 threads could be an issue? This is a dual-CPU server with 48 threads in total. I am also using the DNS Registration and early DNS registration options to register the dns names of static mappings and to also register the dns entries of the clients that bring the hostname when making the dhcp request Does anyone else have a clue how to investigate this issue further? Thanks in Advance
  • Discussions about Layer 2 Networking, including switching and VLANs

    1k Topics
    10k Posts
    nazar-pcN
    @viragomann said in Can't get pfSense bridge to work with VF NIC: Yeah, if you pass through the hardware to a VM, the host cannot use it anymore. That is 100% not true. As I mentioned, I pass through VF, SR-IOV is designed just for this. Host device remains and is supposed to be able to talk to guests and to the outside. @viragomann said in Can't get pfSense bridge to work with VF NIC: You should rather create a bridge in Proxmox, connect the hardware NIC to it and assign and IP and connect the virtual interface of the VM, if you want to access both devices over the single NIC. That is exactly the description of the virtio interface I have, but it is slow, just ~1.3 Gbps in pfSense due to multiple reasons (issues opened for years and little if any progress is happening on them, so I wanted to pass through the physical hardware). On Linux virtio interfaces trivially push over 10 Gbps, but not in pfSense.
  • Discussions about routing and Multiple WAN uplinks (WAN Failover, WAN Load Balancing, etc.)

    9k Topics
    42k Posts
    B
    Just managed to fix the issue. It was not related to the floating states thingy. They are all at default. Under VPN -> IPsec -> Advanced settings, change "IPsec Filter Mode" to "On Assigned Interfaces" This gives you a Firewall rules tab per (ipsec) interface, instead of the general "IPsec" firewall rules tab. Now create rules on those tabs to allow traffic.
  • Discussions about traffic shaping and limiters

    3k Topics
    16k Posts
    stephenw10S
    No support are in the same situation we are. It would require building a 25.07.2 release. It's fixed in 25.11 snapshots if you're able to test there. The first public beta is close.
  • Discussions about DHCP, DNS Resolver (Unbound), DNS Forwarder (dnsmasq), and general DNS issues

    7k Topics
    43k Posts
    GertjanG
    @IanMcLeish said in Host overrides in DNS Resolver: Perhaps they are now not required No need to be unsure. Fact check. Question : what are the host names the my pfSense can resolve for me (knows about) ? : Answer : [image: 1761200903195-8fd4565d-732f-4eab-b7d8-79863fd657e9-image.png] and hit Execute.
  • Discussions about IPv6 connectivity and services

    2k Topics
    20k Posts
    A
    Thanks @Gertjan and @JKnott I will leave this rule in place in that case.
  • Discussions about IPsec VPNs

    6k Topics
    24k Posts
    stephenw10S
    Ok that's good information. 20s like that sounds like a redirect timing out. And where that would apply in 2.8 might be change in default for firewall state policy from floating to interface-bound: https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#config-advanced-firewall-state-policy Specifically this applies to VTI tunnels when the IPSec filter mode is still set to the combined ipsec tab: https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#ipsec-vti-filtering I would bet that's what you're hitting unless you've tested it already.
  • Discussions about OpenVPN

    10k Topics
    53k Posts
    GertjanG
    @azdeltawye said in Having trouble accessing NAS through VPN server: huh?? Don't worry. I thought you had a single pfSense LAN, 192.168.125.0/24 and a NAS using 192.168.200.4 on that LAN. That will fail of course. But solved now : you have more then one LAN ^^ Your NAS lives on the LAN called 'HOME' : [image: 1761199898398-481daab1-1e43-419d-9e7e-99026aea453d-image.png] Check that : [image: 1761199937968-99b220ee-00af-42ab-b2bb-7db05055f0e4-image.png] has been set to /24. Check that your OpenVPN interface firewall says : [image: 1761200024499-9752f332-864b-4fe2-978d-4be4171e900b-image.png] Btw : You've two of them : 10.0.20.0/24 and 10.0.10.0/24. About : [image: 1761200571524-1aacbf53-f23b-47aa-829b-1c6cbb5d62f6-image.png] I would presume that your iPad would have a 10.0.10.0/24 or 10.0.20.0/24 IP when connected to the VPN, not this 10.208.190.248 IP (where did that came from ?)
  • Discussions about Captive Portal, vouchers, and related topics

    4k Topics
    19k Posts
    GertjanG
    @PhilC168 I also have a hotel here, pfSense, and my LAN is fully dual stack for a couple of years now. There are days, weeks, even months where there was more IPv6 traffic compared to IPv4. But, today, mid octobre 2025, I don't recall ever see one client asking me why my portal doesn't support 'IPv6'. More serious : I even doubt that I saw a client this year who knew what 'IPv6' or 'IPv4' is. That one person that didn't ask the reception about IPv6 didn't even bother : he connected to the portal over IPv4, fired up his "IPv6 aware VPN" connection and surfed away using IPv6 over my "IPv4 only" network ^^ So, imho, no, IPv6 yet isn't a show stopper. I already feel sorry for the guy @netgate who gets the mission to implement that one. Btw : @Enrica_CH said in IPv6 support for Captive Portal planned?: IPv4 addresses will by more and more rare so that some day a part of the internet won't support IPv4 anymore. That didn't age well ^^ Since 2016, there are no more 'free' IPv4 left, and still, IPv4 is still pretty mandatory everywhere. Tens of thousand of IPv4 devices can access the internet just fine over just one ISP IPv4. Most IPv6 aware ISP don't implement IPv6 - the prefix part, very well. Miost of them can give you a IPv6/128, but a prefix ? euh, oh, "we call you back". Yes, IPv4 will fade out in the future. That's fact. Some one who starts to admin a pfSense today, and this person is 20 years old, then maybe he will see the end of 'IPv4' when he finishes his IT career ...
  • Anything that does not fit in other categories related to the webGUI

    2k Topics
    10k Posts
    patient0P
    @eeebbune said in Can't see Alias Details from Netgate4200: If I go downgrade, would it be possibly resolve my issue? I'm afraid it won't fix it, I assume.
  • Discussions about wireless networks, interfaces, and clients

    2k Topics
    11k Posts
    stephenw10S
    Yeah, there's really no point in doing that. You are just accessing the same server via two addresses it's listening on.
  • Discussions about monitoring via SNMP

    197 Topics
    609 Posts
    C
    I figured it out . My firewalls had an old unused OpenVPN client connection on it that was unstable and every time it reconnected, it got a new IP address causing pfsense to restart all packages, and since it took down SNMP, we wouldn't get alerted about the interface going down either... So this issue is solved now
  • Discussions about pfSense documentation, including the book

    186 Topics
    1k Posts
    opnwallO
    As a volunteer translator, I suggest that the official website update the template files of the online translation (https://zanata.netgate.com/) in a timely manner, or open the function of uploading po or mo files to replace the translation templates that are still in pfsense 2.50.
  • Topics related to developing pfSense: coding styles, skills, questions etc.
    1k Topics
    7k Posts
    stephenw10S
    We are testing internally to make sure things are stable before making the next public build. Looks good so far. [25.11-BETA][admin@4860.stevew.lan]/root: uname -a FreeBSD 4860.stevew.lan 16.0-CURRENT FreeBSD 16.0-CURRENT #14 plus-RELENG_25_11-n256491-a459b76736d0: Wed Oct 22 06:10:38 UTC 2025 root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/obj/amd64/mjYGPXLl/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/sources/FreeBSD-src-plus-RELENG_25_11/amd64.amd64/sys/pfSense amd64
  • Discussions about playing network-based games behind pfSense from consoles, PCs, etc.

    429 Topics
    3k Posts
    N
    This discussion about using pfSense for VPN interfaces and game server port forwarding is quite technical but very useful for gamers and network enthusiasts who want secure and optimized connections. It reminds me of how watching online movies หนังออนไลน์ also depends on stable and well-configured networks both require speed, security, and smooth performance to fully enjoy the experience. Just like setting up pfSense ensures a seamless gaming session, having a good connection makes online movie streaming effortless and enjoyable.
  • Discussions about virtualizing pfSense in hypervisors such as AWS, VMware, Hyper-V, Xen, KVM, qemu, etc

    2k Topics
    12k Posts
    weehooeyW
    @lifeofguenter Ah. I see that now. I did not realized the windows scrolled. @weehooey your script does not work. When I install qemu-guest-agent it already installs a start script: What you are showing is not what our script does. I can tell you that we tested using the script we provided, and it works on 2.8.1. Perhaps you have not marked your script as executable?
  • Discussions about pfSense hardware support

    8k Topics
    69k Posts
    N
    @NC1 This would be for home use, not infrastructure as it applies to Enterprise environments. It seems a 40Gbps bus would be plenty fast though for a 1Gb service from your local internet provider. Anyway... I don't know which drivers would be needed which is why I was asking if anyone has ever tried it or thought about it. Maybe someone would have some insight as to the pros and cons. I did see the price tag. I was merely trying to give an example of an external chassis a NIC card could be used in. As a side, I typically future proof my home builds to at least a minimum of 5 years if I can. In a configuration such as this, I could repurpose the NUC for some other future project and plug the external chassis with the NIC card into a different computer. Just a thought.
  • Discussions about collaboratively raising money for a feature. To start a thread you must offer a starting price and be very specific on the feature you would like to see.

    457 Topics
    6k Posts
    J
    Rereading this I realize I didn't provide much context or frame the issue very well, and since I can't edit I'll post what the OP should have started with here. From the pfSense Docs: Captive Portal in pfSense software forces users on an interface to authenticate before granting access to the Internet. Where possible, the firewall automatically presents a login web page in which the user must enter credentials such as a username/password, a voucher code, or a simple click-through agreement. Users have made many requests for something similar, but for authorizing access into the intranet, instead of out to the internet. This is often called a "reverse portal". This would be useful for e.g. setting up MFA for wireguard vpn connections or requiring login to access a different segment of the local network. Unfortunately, despite being nearly identical in implementation, netgate explicitly states that their captive portal feature is not capable of acting as a reverse portal, aka authorizing access to the local intranet. One of the challenges with reverse portals is how to know when the user has disconnected and needs to reauthenticate. Here I propose a design where the user has to keep a browser tab with an open tcp connection (SSE with heartbeats) connected to the firewall to for the pass rule to be enabled; when the connection closes the pass rule is disabled and they will have to reauthenticate.
  • 10k Topics
    64k Posts
    R
    @stephenw10 Finally found the availability to go through this one again and for good. Old Kingston was no good, bought a new Sandisk and no joy. Eventually got it working with a very old usb flash drive. "efi_load_pe: Invalid DOS Signature" was gone. Reinstalled it but got into a new problem where ada0 was not recognized. Boot loop where only usb would work. Support was GREAT! They helped me and did a remote session and they nailed it with a "setenv pfsenseboot" command. At some point I believe we were even tricked by " being different from ' not sure to be honest, we did it a lot of times. But we got it! Reinstall to 25.07.1 worked well at the end. Did a new environment and tested my restore. All good and no surprises! Restored and rebooted and halted a couple of times to test if ada0 would kick in every time, which did ever since. People in the forum say the support is great, I can confirm! Thank you to those in forum.netgate and those at portal.netgate. Thanks! P.S. I will now try to fight again with unbound that insists to be delayed by either openvpn or pfblockerng :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.