@pfsvrb
this was an issue on my system also..
Target & Interval were default set to 0..
change to 5 & 100 fixed it

Do you see anything blocked in the firewall logs?

Connectivity from that host is otherwise good?

Is it using the same DNS server(s) when configured statically?

Ultimately I would run a packet capture when you run the failing task and see what's actually failing there.

@Lars_ said in How to update No-IP IPv6 (dynupdate.no-ip.com does not have an AAAA record):

@SteveITS Determined testing pays off. It works now 🎉

Same for
dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myip=%IP%
with option "HTTP API DNS Options = Force IPv4 DNS Resolution" enabled.

I was actually quite close. The solution is to update the AAAA record using IPv4:

Service Type: Custom (v6)

HTTP API DNS Options = Force IPv4 DNS Resolution

Update URL:
dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myipv6=%IP%

Note: It has to be &myipv6=, not &myip=

Is this something that makes sense to be implemented in No-IP (v6) and No-IP (free-v6)? It would not work if IPv4 DNS resolution isn't available, but I guess that is not very common in the wild.

Haven't found a way to tag this thread as SOLVED.

This solution worked for me!

I'm experiencing this issue as well. I've been watching for patches and new releases to see if this is resolved.

@bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

@nicolasfo said in [RESOLVED] IPSec tunnel OK but routers can't ping each others:

You can know everything about everything thanks to Google. But if you don't know what to search, it is useless.

The problem is resolved, by adding a bogus route, by hand.

Here's the explanation :

https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

Thanks for help

Oh my god this worked! Created an account just to say THANK YOU for this. I have a pfSense<->Unifi connected via IPSec. Applying it on the pfSense side makes pfSense->Unifi direct gateway/FW connection possible. Applying it on the Unifi side made my IPSec work perfectly.

Again, thank you!

@drodgers Hey. I'm going through this exact thing now with Vodafone and pfSense and struggling. I've replicated your settings but it seems very intermittent.

My clients get ipv6 addresses and can ping out fine however browsing this forums dies because it responds with and ipv6 address.

For some reason as soon as I enable ipv6 netflix and paramount also stop streaming 🤦 They browse fine but as soon as you try to play a video it's a no go.

Any ideas or pointers please or could you post your most recent working config please?

For 25.07 RC, this worked for me (run sh first)

[25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4

@cdal

This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)

@rocket

Updated July 20-2025

pfsense 24.11 - Telegraf freebsd-15

pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

pfsense 2.7.2 - Telegraf freebsd-14

pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

https://www.freshports.org/net-mgmt/telegraf/#history

@Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

Therefore:

Addition for anyone struggling to find where to edit files on your pfsense system.

Go to Diagnostics --> Edit File --> insert the location of the file:

/usr/local/pkg/pfblockerng/pfblockerng.sh

Go to line number 1232 by filling it in the Go to line field.

That line should read:

s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

replace only (leave the rest intact):

masterfile

to

mastercat

Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

@Nicholas97 Sticky connections are not enabled. Gateway status is fine. Weights for each LAN are set to 1 which should be fine for 2x gigabit connections and total bandwidth used of less than 1gbps. Will look at the logs but will have to figure out what I'm looking for ... will report back.

I have read the multiwan load balancing docs pretty well and searched the forums here before posting this originally. Unless there are other pfsense forums you're referring to?

@aGeekhere They just release Squid 7 and it is stable if you want to check it out

"The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-7.1 release!

This release is, we believe, stable enough for general production use.
We encourage all users of any previous major version of Squid to upgrade to it,
as well as users of beta version 7.0.X.

It can be downloaded from GitHub, at
https://github.com/squid-cache/squid/releases/tag/SQUID_7_1

Since version 6, Squid offers:

better support for overlapping IP ranges and wildcard domains in acl countless security, portability, and documentation fixes

Since version 6, some previously deprecated features have been removed:

Edge Side Includes (ESI) access to the cache manager using the cache_object:// scheme - use
http instead the squdclient tool - use curl
http://<squid-address>/squid-internal-mgr/menu instead the cachemgr.cgi tool the purge tool - use the http PURGE method instead Ident protocol support basic_smb_lm_auth and ntlm_smb_lm_auth helpers - use Samba's
ntlm_auth instead

Further details can be found in the release notes and in the changelog

Please remember to run "squid -k parse" when testing the upgrade to a new
version of Squid. It will audit your configuration files and report
any identifiable issues the new release will have in your installation
before you "press go".

If you encounter any issues with this release please file a bug report at
https://bugs.squid-cache.org/

--
Francesco Chemolli

squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users"

I am having issues with this right now

"I got as far as this with the make clean install no matter what I do I can’t get this package installed. I have tried pkg install heimdal same error after install and pkg install krb5 and pkg install krb5-devel. I don’t know what I am doing wrong it does the make clean for a while and crashes for the bootstrap version the other one I could get going

ERROR: checking whether S5L_CTX_sess_set_get_cb() callback accepts a const ID argument" ... yes checking "whether X509_get0_signature() accepts const parameters" ... yes checking whether the TXT_DB use OPENSSL_PSTRING data member... yes checking whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_V alue should used... no checking whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used ... yes configure: OpenSSL library support: yes -lcrypto -lss1 configure "Library -Kit-kros" support: no (auto) /configure: LIBHEIMDAL_KRB5_PATH+=-L/usr/lib: not found /configure: LIBHEIMDAL_KRB5_CFLAGS+=-1/usr/include: not found checking for LIBHEIMDAL_KRB5... no configure: error: Required library 'heimdal-krb5' not found ニニニン Script "configure" failed unexpectedly. Please report the problem to timp87@gmail.com maintainerl and attach the '/usr/ports/uuu/squid/uork/squid-7.1/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system te.g. a /usr/local/sbin/pkg-static into -g -tal. *** Error code 1 Stop. makel1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid root@free:/usr/ports/www/squid #"

it gets so far along and fails with this error.