@coffeecup25 If it is plus, you will need to contact support to get it re-activated. However it will work, you just can't install packages/updates/upgrades

@amrogers3 said in OpenVPN bad encapsulated packet length question: I am not sure what you mean by ai driven forum spams A user giving random advice, just signed up and then suggesting sex related sites, is an advanced form of spam. Now.. tell me that you don't also have a tls key. And never ever use tcp for a vpn, unless you don't have any option.

@ipguy It is ancient at this point, you would probably need to run a very old build of pfSense. although the solution someone posted here might work, if support is compiled in. https://forums.openvpn.net/viewtopic.php?t=35809#p111709

@revengineer the reply would be allowed by the open state. What’s the right column? https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

@stephenw10 so i did more testing cuz pfsense keeps locking me out of internet on the 2.8.0 i dont remember it happening so much on 2.7.2 but when the internet stops working on WAN or vpn.. it can connect to some sites on the WAN if i unplug the lan and let the pfsense rest for an hour i still can not ping websites by there name so google.ca ebay.com amazon.com from pfsense but i can ping 1.1.1.1 8.8.8.8 i tried reboot and the wan says online, but vpn doesnt work... my site to site to my sisters pfsense is down pfsense can not not ping dns names.. i can just ping ip address's i change the wan from pppoe to dhcp so it gets 192.168.2.x ip and i can just ping ip address not dns names i do a reboot and i still cant connect site to site.. dns names dont work just ips.. i delete all in the dns reslover and set ALL ALL for incoming and outgoing.. i do reboot pfsense and still cant ping dns names from pfsense just ip address's i do a restore of the config file boom i can ping dns names again once it reboots.. so something seems to get flag and reboots cant correct it.. is it my poor internet thats causing this like seems like a flag issue.. its like a circuit breaker.. it trips and you cant use internet anymore till you reset the breaker or restore pfsense... i cant downgrade to 2.7.2 cuz its not an option in the update.. could this be a panic kernel issue where i had to set that set hint.iwm.disable="1" could the os be panicing and bricking my dns till i restore and then its solved till it breaks like a circuit breaker.. is there more tests i can test?

@ipguy Some services dont max out to the OS limit and have their own internal limit, but if it is the case then I dont know how you would raise it, I think a VPN hitting the listen queue limit is highly unlikely unless you running a public VPN server that has gone viral or something. So it seems odd to me you have this problem in the first place. 'netstat -L' shows listen queues, looks like OpenVPN has a limit of 1. My OpenVPN processes are running in client mode though. There is nothing in the manpage to tune it, and I found a very old dev post from people asking for the limit to be raised, it very likely is compiled in to the binary.

I removed the NAT rule and the router restarted cleanly. All working ok now. I will be upgrading to a Netgate 4200 in the next weeks.

@Phizix Note these options if you do reinstall: https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html The SSD is at its EOL? That seems uncommon for an SSD…

@chrcoluk Thank you!! I'm going to give it a try tomorrow probably! Hopefully I can figure it out. I'll let you know!

To anyone following this thread: I'm on pfSense+ 25.07 now and testing a new version of the Auto update check script. Once 25.07 is released (in a few days I expect...) I will push this update, should work on current pfSense 2.8.x / 25.07.

Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

@johnpoz said in Strange DNS Issue: Could be a peering problem your isp currently having.. But yeah if you are resolving and can not talk to the owning NS for a domain, your not going to be able to resolve anything from them. I came to the same conclusion as it's now miraculously working! I knew I dotted all my i's and crossed my t's and coming up with nothing on my end lead to me to believe it was something upstream. Thanks to everyone that chimed in!

@yellowRain What is exactly the point of hiding private ranges?

@chris.doldolia Are you trying to isolate the port or run multiple VLANs on the same port? Isolate: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html

@Bob.Dig I don't think that's what's happening. If you scroll up a few posts to where I have a section called "Some pings (with source address binding) and routes" you can see that the pings are traversing each separate gateway (you can tell from the vastly different latencies). I just ran a few tcpdumps to confirm as well, the packets are definitely egressing out the separate correct gateways without the static routes: [25.07-RC][root@r1.lan]/root: tcpdump -ni ix0 dst host 8.8.8.8 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on ix0, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^C 0 packets captured <<–– ✅ no packets to the monitor IP seen on the WAN1 interface 857 packets received by filter 0 packets dropped by kernel [25.07-RC][root@r1.lan]/root: tcpdump -ni ix2 dst host 8.8.8.8 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on ix2, link-type EN10MB (Ethernet), snapshot length 262144 bytes 06:22:32.463054 IP 192.168.191.2 > 8.8.8.8: ICMP echo request, id 22849, seq 36, length 9 06:22:37.497085 IP 192.168.191.2 > 8.8.8.8: ICMP echo request, id 22849, seq 37, length 9 06:22:42.500047 IP 192.168.191.2 > 8.8.8.8: ICMP echo request, id 22849, seq 38, length 9 ^C 3 packets captured <<–– ✅ packets being sent via WAN2 166 packets received by filter 0 packets dropped by kernel

@dennypage said in pfsense-tools.git clang gcc: @phil80 said in pfsense-tools.git clang gcc: portsnap fetch properly fetches freebsd ports collection FWIW, portsnap is very dead as far as the FreeBSD folk are concerned. All references to it were removed from the documentation 5 years ago, and its use is no longer supported. The original announcement is here: [HEADS UP] Planned deprecation of portsnap. Thank you for the reminder. I usually only use Latest. I always use git for collaboration In short life or one use jails, portsnap is way faster to fetch than git for one package compile Based on your linked article, I'll favor git in the future

okay, i`m still waiting for the release of july... ;-)