@stephenw10
If you need more info, fire away as I'm in prep mode for next week for a workshop with new pfsense features and stuff, so anything I can get to you to get fixed for 24.11 release or afterwards would nice as I can show it and tell people "it's getting fixed as we speak" :)

@Antibiotic A vps (virtual private server) is just an instance you run on the internet somewhere.

Its just a vm, so a full OS that you can really pretty much do anything you want on, just like some vm or server you would setup locally but its hosted somewhere on the internet.

If your looking for a lowcost vps, check out https://lowendbox.com they have all sorts of links to deals.

I show one on there currently at racknerd for like $10 a year.

10.jpg

check out for a few different $1 a month deals

https://lowendbox.com/blog/1-vps-1-usd-vps-per-month/

I use to have bunch of different ones in different locations, west cost, east cost, Chicago, EU (NL) - but I trimmed back and currently only one I have active is with https://buyvm.net/ which is 2$ a month currently.. Price has gone up over the years ;) I do have another server currently in NL.. But its not really a lowend box, and is more like $10 month vs a year.

The one I have currently still have, I first got back in 2016, it was $15 a year then. Now its 24.. not really bad price increases, since over the years they have increased what you got for the money.. I might have to spin up one of these 10 a year guys to just kick the ties on it. Might switch over and save myself $15 a year ;) hehehe

If I needed one in a specific location for something I was testing, the great things about these is you can have them spun up and active normally in a few minutes.

@hannuse dhcp will not send out a discover, ie broadcast for any dhcp server until the lease expires. How long that is dependent on the length of the lease you got from the first dhcp server.

@dutsnekcirf said in Convert pfsense ova file to qcow2 fails with either virt-v2v or qemu-img:

I'm wondering how well this works.

Very well. All the config is in that file. It should restore and be identical. The only issue you will have are he interface names will probably be different (vmx vs vtnet) so they will need to be re-assigned when you import it.

Steve

@argonaut how would that be? Why would a tunnel to a docker running behind pfsense access pfsense gui?

When you resolve say something.domain.tld that is hosted on clouldflare, and then pushed down the tunnel when you access it, that would not access your pfsense wan IP and then gui port.

Now sure if something.domain.tld resolved to your pfsense wan IP, and you were running the gui on pfsense wan port, and you had that open sure they would hit your gui. But why would the gui port (443? or 80?) be open on your wan in the first place?

But none of that would have anything to do with a tunnel between a docker and clouldflare.

If your gui is exposed on your wan, they don't have to "guess" any domain, they could just hit your IP with random scan.. You understand there is going to be countless things scanning the internet, and sure on 443 and 80.. And lots of other ports - you shouldn't really ever expose pfsense gui to the public internet. If you want to access your pfsense gui while remote, it would be best to vpn to pfsense, and access the gui over the vpn.

@Jozy you can run captive portal on the cisco controller, or just let cisco provide the wifi and run the captive portal on pfsense.

@CatSpecial202 said in Setting up IPv6 on my Netgate:

Interfaces → WAN

DHCPv6 Prefix Delegation size 64

WIth Prefix Delegation size 64 you can't get any valid smaller prefix for lan or other local networks.

What is the prefix size your ISP offers you: usually they offer /56 (at least here in Germany), sometime /48 or /60 and seldom just /64
If your ISP offers you a /56 you shall also ask for a /56 if you are directly connected to the ISP. If you have a Router inbetween (eg. ISP -> router -> pfsense) you shall then ask for a /57 prefix, since the router will use the /56 prefix.

Here you will find more helpfull informations:
https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html
https://docs.opnsense.org/manual/how-tos/ipv6_fb.html

And this seems to be comcast specific:
https://forum.netgate.com/topic/165929/comcast-residential-64-delegation

@diyhouse I've tried the 4.2.7_MDM6 firmware with my Vigor 166. The connection has been up for ~10 hours without dropping so I'll stick with it and see how it goes. I would have expected the *_BT firmware to have dropped a few times already based on what's happened in the past.

@ahole4sure said in ATT Internet AIr:

The current trouble I am having is that my identical ATT device, when connected to port 2 of the switch, is not passing through the IP address when I created or setup the interface as DHCP -- the other ATT device when connected directly to one of the pfsense interfaces pushed through ATT static publc IP address. And if I try to set the IP address manually it doesn't behave correctly- says offline

Looking at your picture, I see WAN, LAN and WAN2. So what is it that you are trying to do with the ATT modem now, connecting it to the fourth port? Are you trying to add a third WAN?

I don't understand the direction... If your VLAN is set up on pfsense, you make port 1 a TRUNK port as you said, but that means TAGGED 10. And the ports for any devices that should only belong to VLAN 10 need to be untagged and only members of VLAN 10. Currently all ports are also members of VLAN 1...

If you are trying to get an IP on port 4 on pfsense (igb3) from the ATT modem, you can simply make both ports 1 and 2 VLAN 10 UNTAGGED on the switch. Remove them from any other VLAN memberships.
This way you have created a "switch within the switch", where port 1 and 2 are connected but separate from the other ports. Pfsense doesn't need to know of any VLAN on igb3 for this to work...

@viragomann You have any idea why I still can't ping from DC to HQ LAN?

@Antibiotic get rid of that torrent client eventually it’s gonna break stuff if you keep using it. Trust me. Stop using it, think about how many ports you need open. It just takes one bad download

@stephenw10 I'm also noticing this behavior. I'm on pfSense version 24.03-RELEASE.

@jwt Definetly looking forward to it and be glad to test it out in first snapshots/betas that will have it. We can easily hook up an v6 only network in the lab (there should already be one) and give it a spin :)

@marcosm I've Lab time scheduled tomorrow for preparing a workshop next week so will definetly play it through first thing in the morning, just need a few hours sleep in between.

Will have the results by the morning your time :)

@stephenw10 said in SG-2220 finally got the bug:

It would have been 2014. Might have been some in 2013.

No worries.. I was just curious.. Decent little box.. I shall miss it. ;)

Same here. Does not seem to do any harm but it just feels not right, having so much errors on an interface and not knowing why...