@bmeeks There community edition as well, when I'm asked about pfSense package, I mean community edtition. Plus Suricata 8.0 a huge step forward from previous releases.BTW any plan to integrate Suricata 8.0 in pfSense? https://www.stamus-networks.com/clear-ndr-community.

Using rustdesk pro self-hosted If's fantastic except when a client machine is in a restrictive environment with only 80/443 outbound open. Apparently there's a working websocket config but I wanted to use PfSense/HAproxy and can't translate the setup from nginx I'm a bit surprised more people aren't trying to do this to avoid the crushing costs of Teamviewer these days, and the absurd limimtations or security risks of other solutions.

@UserCo I'm seeing something similar. I've had terrible luck with keadhcp in HA mode. It works, until it randomly doesnt. This last time for me the logging just stopped a day or two before I noticed and the last message was that it couldnt reach the HA partner. The web UI showed that everything was fine, restarted the services on both nodes and that did nothing. Ended up rebooting both to get it back.

@gaxiolamx Quien es tu monitor en tus gw's?

I got caught up in work and dropped this for a while. I'm back now and I've made a little progress. Xfinity / Comcast is give me a /60 (16 /64 subnets). I have the LAN interface tracking WAN using hex 0. This gives my LAN the address of 2601:abc:abcd:fd00:a236:9fff:fef2:383a . This is the last 0 in fd00. I want to pass down to my layer 3 switch a /61 to split among the other VLANs/subnets on that switch. FYI, the L3 switch is the only device on that VLAN. In pfSense, I've changed to the KEA DHCP backend. In SERVICES > DHCPv6 SERVER, on the LAN interface, I see: PRIMARY ADDRESS POOL: PREFIX: Delegated Prefix: WAN/0 (2601:0abc:abcd:fd00::/64)/64 [image: 1763432218723-72bc82e2-4a51-4a05-be4b-ec46d865e660-screenshot-from-2025-11-17-18-00-07.png] In PREFIX DELEGATION POOL I'm trying to serve out a /61 (which should be 8 /64 subnets) to the downstream layer 3 switch. I ran a packet capture on the LAN interface and cleared out the IPV6 DHCP client on that VLAN/LAN interface. It looks like pfSense is only sending a single /64 address. [image: 1763432238823-07003cd3-c7c3-470a-be07-c4097fc66713-screenshot-from-2025-11-17-18-06-47-sanitized.png] I'm not sure where to go from here. I think I've got the DHCP server configured correctly. Does anyone have any thoughts on this? Thanks!

Note to self under the latest release I had to set decipher list to cipher_list = "DEFAULT@SECLEVEL=0"

@w0w You can also run Squid on OpenWRT I am told there is so many packages I have been playing with OpenWRT because TP-Link was doing so weird data harvesting and pfsense caught it in the act after I just installed openwrt per @johnpoz recommendations. I just run it in bridge mode now

@jimp Is this still a known issue somewhere? I have my session timeout set at 1440 (should be 24h) but I get logged out way sooner than that, seems like 1-2 hours. I don't see anything odd in the system log, and my client IP is not changing. I will note: I often see /tmp/sess_* files piling up. I sometimes need to clean these out. There can be dozen or more. All of them have a 0 byte size, with the exception of one or two files (which I assume to be the active login session) (25.11 snapshots) screenshot [image: 1763646625741-efed403b-7d32-4c44-a42b-2edc2a6fcd0b-screenshot_greh3qcu-resized.png] redmine: https://redmine.pfsense.org/issues/16555