Hmm, so in that log after 'Bootup complete' none of the WG tunnels or gateways were up?

@johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

can you explain to me what exactly is this interface that you show here ?

That's pfSense most important interface 😊
The one that works when even all your NICs don't work.

Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

Keep in mind : what happens when you have a disk drive issue ?
=> pfSense can't boot.
=> Network interfaces will all by down ...
You the the console (serial or VG/HDMI/Keyboard) access.

For command line commands I use the ... command line = console (or SSH) access.

@stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

@stephenw10
Does this makes sense? Both ports showing as same mvneta0 and both of them are active?

Even when I change LAN cable from middle port to Opt, it is still showing the same (even after reconnecting the putty)

a6e2868a-e473-4bb7-b45d-bcc217661915-image.png

@jarmo said in Should my dhcpv6 clients also get a /64 address?:

[jarmo ~]$ ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever

That is your loopback - that isn't handed out by dhcp ;)

that is just ::1

Example - here is my lo interface

lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0x0 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Oh you have it on your wlp0s20f3 as well - that makes no sense.. What OS is that on? But should be your actual prefix.. It clearly is a wireless interface since it starts with wl

@tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

I've never encountered any problems

And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

@luckman212 No idea, just spitballing, but is it dependent on the type of VPN you choose? I use OpenVPN, not IPSec.

Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

@NickJH
Not clear, what you intend to achieve with this, but the Directory container in Apache is meant to be used for local paths. "/" might not be correct here.

If you need to describe a virtual path use "Location".

@lbeard said in Dynamic dns don't work with carp ip:

Done => https://redmine.pfsense.org/issues/16326

Great, thanks 👍 👍

@Gertjan said in Does not have a public address and is behind NAT:

Managed to solve the problem.

You need to enter any fictitious name and your external IP in DNS Resolver. I entered both my pfsense on one and the second pfsense.Снимок экрана 2025-07-21 в 15.38.01.png In phase 1 you need to register.
Снимок экрана 2025-07-21 в 15.39.32.png
After which everything started working.

@stephenw10

Hello,

we add some client target routes (custom option "push route <ip> <mask>") to modify the VPN "content".

In 2.7.2
The /etc/rc.reload_all was triggering the update of /var/etc/openvpn/server1/config.ovpn with the changes from /conf/config.xml)
Afterwards the OpenVPN service was restarted

same like the "save" button in the WebGUI/OpenVPN menu.

in 2.8.0 the config.ovpn stays unchanged if I execute /etc/rc.reload_all

If I do a "reboot" the changes in config.xml will be applied to config.ovpn and OpenVPN service.

Hope this is clearer now.

BR

Nice. Weird though. 😕

@wc2l Whst makes you think it’s pfSense related? (Serious question)

Is IPv6 working?

@viragomann

The LAN rule already has the source set to all and all ports going out are open.

@spickles Thanks for the explanation. I think I understand now.

Yes, the example I gave is router on a stick.

I didn't dig deeply, but it appears that while pfSense supports VLAN traffic segregation, it does not support tagging inbound traffic onto a VLAN, i.e., no concept of a PVID that can be set per port (excluding the few Netgate devices with built-in switches). Tagging has to be done downstream: a host that tags its own traffic, a switch or an AP.

You might be able to get something similar to what you describe with bridge groups (haven't played with them myself on pfSense) rather than VLANs. IIUC, each bridge group can be configured with its own router config. That way, all ports in the bridge group would share a gateway/routing/firewall configuration. For individual hosts, their port on the pfSense would be assigned to the relevant bridge group. For the multi-VLAN AP, each VLAN that also support hosts directly attached to the pfSense would be assigned to the bridge group containing those hosts/ports. I've never tested whether VLAN subinterfaces can be assigned to bridge groups, but the GUI seems to support it. The downside of bridge groups is that the bridging is done on the CPU; there's a performance hit.

@chano76 Define "disconnects"? As in, unplugged, or the gateway is marked down?

@Wolfgangthegreat For example (this is checked by default):
8544523b-d69b-4088-b221-d2532912455c-image.png

There was a backend issue that's now fixed.