@patient0
Hi,

I am facing the pfsense Crash report . Its fressh setup. The firewall keeps rebooting.

db:0:kdb.enter.default> bt
Tracing pid 0 tid 100283 td 0xfffffe00dc1841e0
kdb_enter() at kdb_enter+0x32/frame 0xfffffe00dc68aa10
vpanic() at vpanic+0x163/frame 0xfffffe00dc68ab40
panic() at panic+0x43/frame 0xfffffe00dc68aba0
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00dc68ac00
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00dc68ac60
calltrap() at calltrap+0x8/frame 0xfffffe00dc68ac60
--- trap 0xc, rip = 0xffffffff80e24c30, rsp = 0xfffffe00dc68ad30, rbp = 0xfffffe00dc68ad80 ---
ether_input() at ether_input+0x50/frame 0xfffffe00dc68ad80
re_rxeof() at re_rxeof+0x2c0/frame 0xfffffe00dc68ae00
re_int_task() at re_int_task+0xcf/frame 0xfffffe00dc68ae40
taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe00dc68aec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe00dc68aef0
fork_exit() at fork_exit+0x7f/frame 0xfffffe00dc68af30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00dc68af30
--- trap 0x242424, rip = 0x24242400242424, rsp = 0x24242400242424, rbp = 0x24242400242424 ---
db:0:kdb.enter.default> ps
pid ppid pgrp uid state wmesg wchan

I have never understood why a licence for a short duration (1 year) can not readily be moved when the old hardware is not functional (cold spare or hardware failure).

Having a licence tied to hardware makes perfect sense for a long term licence (where ongoing company income comes from old hardware dying and being replaced eg Netgate hardware) but makes no sense when an annual licence fee is paid.

Perhaps Netgate just dislikes selling software and really only wants to sell hardware.

@Bob-Dig
Auf DHCP Server.
Der weist den Clients ja die Netzwerk-Einstellungen zu. Typischerweise sind das IP, Subnetzmaske, DNS. Der kann aber auch weitere Netzwerkparameter zuweisen, so bspw. statische Routen.

Mit den auf pfSense verfügbaren DHCP Servern habe ich das allerdings noch nicht gemacht, aber meines Wissens kann ISC das auch.

@swk said in Loadbalancing Failover legt alle WAN Verbindungen (& VPN) für 5-15 Sekunden lahm:

Netgate_Firmware_Upgrade 23.05.00

du solltest mal Updates einspielen, aktuell ist 24.11

@gems
Is igc0 your WAN ?
If so, it start by going up at 15 22:34:31 - and go down again moments (ms) later.

Have a "talk" with the device that's connected to your pfSese, and figure out why it flaps the WAN line like that : why it pulls down its LAN interface that is connected to the pfSense WAN interface ?

That said, it could also be pfSense that 'restes' the line.
This happens when the WAN quality monitoring detectes that the WAN line is bad.
This is done by a process called "dpinger" that pings the/a WAN upstream gateway, and mesres the delay.
You can see that delay here :

06093408-c91e-46ec-855f-b0aefacb673c-image.png

where it shows my IPv4 and IPv6 connectivity "quality".

If the ping requests don't come back anymore == bad connection ? then dpinger can 'reset' (that's called the "action") the WAN interface. This provokes a WAN down event followed by a WAN UP event, and this will recreate (rebuild) the WAN connection.
As per your instructions : System >Routing > Gateways > Edit :

0c6d943a-9b6e-42d6-a6a8-53349a9b5c0d-image.png

If dpinger starts to detect that ping requests stop to come back, then this even is also logged :

ef20556f-951e-49cd-8c85-75933ca2f43f-image.png

( this shows the start of a dpinger process for the the IPv4 WAN part )

@winkmichael Thanks so much. I'll look into it some more, but you were a great help. What I meant by a 0 point release is that is it basically an alpha or beta version until it reaches version 1.x This to me has historically been an indication that it shouldn't be deployed in mission critical spaces or commercial spaces, but good to hear it is very active and very reliable. thanks again

packetcapture-vtnet0-20250411155701.pcap -> contains a prefix delegation change initiated by a WAN interface save&apply. You should see the request from the pfSense and the answer from the upstream internet router in this capture file.

IPv6 prefix assigned to upstream internet router by internet provider: 2003:e2:8703:e000::/56
Delegated to pfSense: 2003:e2:8703:e0f8::/61

@sam422 just rebooted and everything is now working normally again managed to update the system packages which being unable was how i knew there was a problem.

pkg -d update gave loads of similar warnings to this:

Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults Hostname pfsense-plus-pkg00.atx.netgate.com was found in DNS cache Trying 208.123.73.207:443... Connected to pfsense-plus-pkg00.atx.netgate.com (208.123.73.207) port 443 ALPN: curl offers http/1.1 CAfile: none CApath: /etc/ssl/certs/ SSL certificate problem: unable to get local issuer certificate Closing connection

which is problem why the upgrade checker wasnt working and couldnt even remove a package.

disabling ipv6 on the wan seemed to fix it for some reason.

It should be fine. I'm running it here without issue.

@philippe-richard
I'd favor the masquerading solution, but the natting must be done on the edge router. How to do this, depends on the device. Presumably it's not Netgate?

On pfSense you can do this with an outbound NAT rule.

@drodgers Ah okay hopefully you can figure it out 🤞
No, I'm using a VMG1312-B10A as a modem. I don't believe you can configure the Vodafone router to be in bridge mode.

@viragomann said in Nextcloud und SSL über pfSense Configurieren:

https://<WAN IP>

Sooo Fehler gefunden, es waren die IPv6 Einträge, gelöscht und es funktioniert!

Über DSL von Zuhause konnten alle anfragen Aufgelöst werden, über bein Test gerät welches über Mobiele Daten ging nicht... da dieses vermutlich IPv6 genutzt hatte.

Besten Danke für die unterstützung

@Gertjan Yes,.. there is a short link from the exchange via fibre to the cabinat, and the cabinat is approx. 200m away from my property,.. but still a relatively short link in copper term.
But as copper tests showed my link appeared ok,.. although engineer did say he recently encountered a customer where the copper had worn,.. but only showed up as a problem when it was windy.

@Cabledude said in System Logs-Gateways: no entries after 24.11 update:

[24.11-RELEASE][root@SPK.home.arpa]/root: ps aux | grep 'dpinger'
root 82858 0.0 0.1 12952 2540 0 S+ 16:00 0:00.01 grep dpinger
[24.11-RELEASE][root@SPK.home.arpa]/root:

means : no dpinger process is running !
You should see : see above, previous post,w where I gave 1 for IPv4 and 1 for IPv6. You should see the same thing.
No dpinger running == totally normal that there are no gateway logs ;)

I just restarted my pfSense this morning as I upgraded to 25.03.b.20250414.1838 which came out yesterday and :

[25.03-BETA][root@pfSense.bhf.tld]/root: ps aux | grep 'dpinger' root 7412 0.0 0.1 14692 3084 - Is 08:10 0:00.62 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B 2a01:dead:beef:a600:92ec:7 root 7653 0.0 0.1 14692 3084 - Is 08:10 0:00.56 /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 192.168.10.4 -p /var/run/d root 51651 0.0 0.1 14076 2684 0 S+ 09:23 0:00.00 grep dpinger

and logs do show up for me now.

Btw : the beta releases are really good ... no issues what so ever for me (vanilla dual stack pfSense. with captive portal, FreeRadius, minimal pfBlocker and some other small gadgets).

After it breaks with the upgrade, does it show any remaining updates if you run pfSense-upgrade from the console? Are the services actually running - you can compare the output of ps auxwwd. Does it remain broken even after a reboot?

@stephenw10

It has been four days. I looked at the logs more closely, and the UFS filesystem is uncleaned. Did a full reboot with filecheck, and has now been up for more than 5 days now, whereas before it would crash within a day or two.

Will keep an eye out and follow your steps if the issue recurs.

@Gertjan
Ok updated to the latest beta and it works now.
Thank you for your detailed help and understanding.

@1013215273

Look again at the captive portal settings.
There are no IPv4 addresses to be set.
You have to select an interface, like LAN, or, so what I have, PORTAL (was originally OPT1).

How where why do you want to set "172.16.69.x" ?
What are you trying to achieve ?

If I had to choose between purchasing the OpenWrt One or a Chinese equivalent from AliExpress, I would prefer the OpenWrt One. Although I'm not particularly fond of the manufacturer due to their tendency to frequently release devices and then either barely support or not update the software for them, in this case, it's a good combination of price, hardware, and OpenWrt, with which support is unlikely to be an issue on this device.

Unfortunately, I had already purchased a similar device from AliExpress and spent a lot of time experimenting with firmware. But... Filogic is very fast; it's probably the fastest OpenWrt router I've had.