@JonathanLee said in Doh and chat gpt: I mean there has to be a way to make doh work and clients use pfSense to resolve doh Unbound ... using Using DoH implies that the pfSense GUI, also listening on port 443, TCP, has to 'go elsewhere'. Hummm ... This nghttp2 library, and all it's dependencies (!) has to be included / compiled in. Just so I understand this feature request : local DoH would be nice if you can't trust your local LANs, right ? This would be your own cables and Wifi links ... That's why ? How does the LANs client side work ? This won't be 'plug and play'. There is, imho, no such thing as 'tell the DHCP server to tell de DHCP client that there is a DoH DHCP option' which means that every DoH has to be setup 'manually = manual DNS DoH setup for every device. @JonathanLee said in Doh and chat gpt: https://forum.netgate.com/topic/195948/mime-type-for-doh Wait ... You want DoH ? Or you don't want (block), DoH ?

@marcosm said in Endpoint-independent Outbound NAT (eimnat) rules: The crash can be uploaded here: Done.

@stephenw10 Oh, great! Thank you for that correction (I didn't know that). I'll replace my script with the one you gave me. Thank you so much!

@w0w Yes he has. I'm facing exactly the same under kvm kvm issue

Yup Cloudflare was having all sorts of issues yesterday. Are you still seeing this today?

Ah OK, you can see it's trying to use old lease data after failing to get a new lease. Look for /var/db/dhclient.leases.mvneta1.666. That file should show all the recent leases and it;s tryign the most recent one. Either remove the 192.168.100.1 leases from there or just remove that file entirely.

Finally got this sorted. Zen offered a loan router as I couldn't find the original and it arrived next day, which was nice. Then, after spending over an hour on the phone to a tech person they finally passed the issue over to their IPv6 team who rebuilt the connection and all is now fine. Well, I say all is fine - After I configured everything I started receiving reports that xbox was not working and sure enough xbox.com is painfully slow to load when connecting with IPv6 - I'll look into that one day, could be DNS related. All I really needed to do was get some servers connected so I can play with DNS AAAA records and get some web servers running IPv6. Had to disable the local DHCPv6 server as it either leases addresses to all or nothing. Couldn't find a way of only releasing the static entries so ended up with static IPv6 addresses for just the servers I wanted. Everything seems to be OK for now. Thanks all for your replies and help.

@EDaleH Thanks for your input on this matter. This issue is not related to the DHCP server, especially KEA DHCP. We are still on pfSense 2.6 as mentioned, so ISC DHCP is in use, and there are no lease problems. Lease times are already configured correctly. The core reason that @Gertjan pointed out is correct and seems to be the right direction to get this resolved. It doesn’t affect everyone, but systems under heavy load during peak hours are the ones that usually run into it. The issue is a race condition under load. If the pruning process takes a long time to enumerate and remove old entries, and a new session or disconnection occurs, or if the process is interrupted or times out, the lock file may remain or the process might not finish its database write cleanly. This can leave the system in a partial state where the voucher record is removed but the session is still present. I also believe this issue also exists in pfSense+ since the captive portal code is same in the areas related to this behavior.

@Jaritura I wonder if that really works. On WAN direction 'in' means connections from the public to the WAN. Your first rule keeps the state for all these connections. Have you implemented this and it works?

@Lartax73 said in Latest pfSense release (25.11) uses FreeBSD 16 - official release is December 2027: Thanks for your explanation. So in practice, does Netgate have many issues using FreeBSD-CURRENT for pfSense 25.11 (crash, NIC driver, ZFS…)? And do they have a roadmap to migrate to FreeBSD 16-RELEASE when it comes out? I don't think there were more issue then when they followed the RELEASE channel. And no, they will stay on CURRENT (you may want to read the blog post), no going back to RELEASE.

I have upgraded to 25.11-RC (amd64) built on Tue Nov 18 19:08:00 EET 2025 and tried both a uefi and an fx440 bios based setup. Issues remain exactly the same in all environments. Reverting to 25.07.1 release, everything works as expected both on uefi q35 and i440fx bios environments.

@SteveITS said in HA XMLRPC sync appears to “merge” but does not actually write changes on the Backup: do you mean any change, not just pfB? Exactly. Anyway it looks like this bug is related to pfB somehow.

@chpalmer this screams incoming spam..

@io games That definitely sounds like one of those intermittent WAN/DHCP edge cases that’s hard to reproduce, especially if it only hits every few months.

Really appreciate you circling back with the full explanation — this is extremely useful for anyone running multi-WAN with Starlink in the mix.

Using rustdesk pro self-hosted If's fantastic except when a client machine is in a restrictive environment with only 80/443 outbound open. Apparently there's a working websocket config but I wanted to use PfSense/HAproxy and can't translate the setup from nginx I'm a bit surprised more people aren't trying to do this to avoid the crushing costs of Teamviewer these days, and the absurd limimtations or security risks of other solutions.

@lavenderfox2430 Still using the box. Ended up switching to the two 10g sfps for all my physical links. Could not make the 4 pass-through nics to be normal mode. With so many nic’s, I didn’t feel the need to explore other possibilities. .