@Cloudless-Smart-Home many, many threads regarding the home assistant not liking to be proxied, but I found the solution was to turn off the ssl checkbox that works in every other server, evidentially because they were already running https, unlike home assistant. also had to add a config.yaml entry to allow trusted proxies and uncheck forward for, but then it worked too, for the record, incase someone else stumbles into this conversation, they won't have to spend hours and hours to find a simple solution. sooo much to learn and such hard knocks when you do, lol.

Is this considered a maintenance/revision item with respects to software development or a regression? I can't understand the amount of debugging by way of brute force that must have taken place with this. YOU ARE AMAZING !!! Thank you for sharing how you fixed this.

Yup both good suggestions.

i have seen igc NICs get stuck in a link negotiation loop before when connected to some specific devices. But only at 2.5G. And even so it didn't actually stall out pfSense.

Details and fix for the Kea error:
https://redmine.pfsense.org/issues/16154

Arpwatch has no way to suppress protocol errors such as this. ANDwatch, a pending package to replace the Arpwatch package, allows suppression by way of pcap filtering.

@stephenw10

Yes, or just disabling the power management/green feature of the Nic should be enough, this is how it is right now on my Hyper-V host. There was a message (no error) in the Windows event logs about switching states or so, while the hvevent storm.

@madmaxpr FWIW for reference:
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html

@patient0 Ugh, this is embarrassing /:()

Ha. Fair. 😉

@viragomann
THANK YOU!

I will study every word of your message and continue my inspection.

I'll come back here with the rest, and if I finally come up with a solution that works I'll put it here completely for others too.

The servers should still be accessible.

But I would just reinstall 2.7.2 and restore your config.

@SteveITS the issue of duplicate IP#s is one that I didn't see (or that didn't strike me as odd for some reason, but you would be right). I need to set this aside for a couple of days and maybe pick it up after I get some higher priority issues taken care of. Thx.

@Gertjan Thank you so much!

I mean the qemu conf file for the VM which I expect to look pretty much the same in any host OS. Like:

root@pve:~# cat /etc/pve/qemu-server/119.conf args: -global virtio-net-pci.disable-legacy=on -global virtio-scsi-pci.disable-legacy=on -global virtio-ballon-pci.disable-legacy=on balloon: 1024 boot: order=scsi0;ide2;net0 cores: 1 ide2: local:iso/netgate-installer-v1.1-DEVELOPMENT-amd64-20250318-0600.iso,media=cdrom,size=1062414K machine: q35,viommu=virtio memory: 2048 meta: creation-qemu=7.2.0,ctime=1713818950 name: pfSense10 net0: virtio=8A:1C:48:8A:25:E7,bridge=vmbr0,firewall=1 net1: virtio=BC:24:11:CC:61:EA,bridge=vmbr1,firewall=1 numa: 0 ostype: l26 parent: snap3 scsi0: HDIMG:119/vm-119-disk-0.qcow2,iothread=1,size=10G scsihw: virtio-scsi-single serial0: socket smbios1: uuid=ac41daa9-526a-42b9-84d4-0904a44b7468 sockets: 1 vmgenid: 72cd897c-0186-4e1d-aaae-f41810d575d7

It does look like we might be on to something upstream though. But first we need to replicate the failure which is proving difficult.

@acamoura uso como proxy transparente também, e com interceptação de SSL ativada.

55fba810-1f4c-4883-88a1-664a5cba457b-image.png

Vou fazer uma instalação limpa para testar, muito obrigado.

@johnymarconi You had mentioned it worked until you got new hardware. I was referring to with the old vs new configuration. That is when it worked with when it didn't.

@JKnott
Yes your are right
I am on vacation and it is not possible to change the local network.
Changing my local network I will do it (but when I will be back at home)

So I was trying to find a temporary bypass :-)

Thanks, all! Upgrading to the latest pfSense Beta fixed it!

Irgend etwas muss ich noch übersehen. Folgende Outbound NAT-Regeln habe ich aktviert:
Bildschirmfoto_2025-04-24_12-25-27.png
Leider kann ich noch immer nichts hören und Personen die mich anrufen können auch mich nicht hören. Es ist zwar möglich mich anzurufe und ich kann auch ausgehend anrufen, aber was nutzt dass, wenn dann keine Sprachübertragung stattfindet.

Was übersehe ich oder kann ich noch tun, um der Ursache auf den Grund zu gehen?

1&1 Support hilft nicht weiter. Die wollen nur FritzBoxen supporten.

Ich habe zwar noch eine Fritte, aber die ist 'ne 7430 und bringt mir nicht viel, denn die hat ja nur 100er LAN-Ports. Die hatte ich nur mal für einige Minuten am ONT dran, um herauszufinden welches AFTR-Gateway 1&1 verwendet. Selbst das wollte deren Support angeblich nicht wissen, weil die Fritten das ja automatisch ermitteln ...

@Bob-Dig Thanks Bob I have it fixed now.