Hmm, I've had issues with WoL in the past and it seems to require numerous pieces to work correctly. I have devices here that do work reliably with WoL and Ive done nothing special to make it work.

I would check for any available BIOS settings that might be available.

@Gamienator-0 High traffic web sites or content delivery networks will often rotate IP addresses sometimes every minute. That one has a very short TTL:

download.proxmox.com. 61 IN CNAME download.cdn.proxmox.com.
download.cdn.proxmox.com. 12 IN CNAME us.na.cdn.proxmox.com.
us.na.cdn.proxmox.com. 12 IN CNAME na.cdn.proxmox.com.
na.cdn.proxmox.com. 59 IN A 66.70.154.82

pfSense looks up the IP every 5 minutes by default. There will always be a chance the DNS lookup is not the same IP every time you check it, even if it is a few seconds later.

The pfBlocker package can create aliases from ASNs which are basically IP blocks you can look up by company name.

@Snailkhan said in WAN Gateway on Backup server in CARP shows down:

wan and lan has carp ip assgined

Just to be clear WAN and LAN should have their own unique IP addresses:

https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html#wan-addressing

Each router should be able to get to the Internet even without CARP set up. That way they can, for instance, update pfSense while the other router is the Master.

And then the shared CARP IP is used for outbound NAT if you're using NAT:

https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html#configure-outbound-nat-for-carp

Hmm, so like some process uses all the CPU cycles until it's rebooted. Yet nothing is logged.... 🤔

@KKKalle77 said in Netgate Device ID change after reboot:

I just do an easy reboot, like other time.

Maybe you can compare the output of "ifconfig -a" between working and not working?

@pfcharles said in issues upgrading Netgate 4100 from 23.09.1 to 24.03:

I do get an odd popup, which disappears after a few seconds...

You will see that if you log into the webgui as soon as it becomes available but before bootup has completed. As you are seeing it should disappear when bootup completes.

@Farh
Disabling reply-to on the accessed node - yeah, this could be a reason.
When enabled, replies are directed to the gateway, which is stated in the interface settings.

Disabling reply-to could lead into issues with multi-WAN setup, however.
To avoid this, you can add pass rules to the top of the WAN rule set only for the source of the WAN subnet and disable reply-to in the advanced options.

There can be only one mobile P1 at a time. You can either remove the old one and create a new one, or change the settings on the old one to match what you want it to be now.

Thank you very much for your help. It works now! I have just reinstalled the pfsense.

@johnpoz
How on earth did you come to these conclusions about my knowledge level?? Of course I know how to setup a CA in pfSense. I have a CA running just fine since years. Three hosts in my network use it's server certificates. I know how to run multiple services as virtual hosts on one machine. I'm actually doing this on multiple machines (BSD and Linux) in my network. Of course I do use RFC 1918 addresses (who doesn't) and I'm totally aware of how I can assign private addresses.

I just as well know how to configure a browsers to not use Doh. But I won't reconfigure other users' browsers.

You are correct in this assumption: I have no specific need for IPv6. Because I have as many public IP addresses as I need and I'm not forced to access any public services which are not available in IPv4. (I can't speak for my users of course.) This may however be the wrong mind set to look at IPv6 in general. This way IPv6 will probably never take the place it should have.

I WAS wrong about names mandatory for http protocol, thank's for correcting this.

I don't think I have misconfigured it, because the same configuration works fine on Ubuntu. So it should be a problem with pfsense. Does anyone have successful experience using DCO on pfsense?

@killmasta93
The freeRadius server would do this. Any employee sneaking in their personal laptop or tablet would not hookup because of the lack of certificates and access to the FreeRadius server.
The problem with my plan below is to create the static ARP list you have to have employees laptop and tablets network adapter MAC addresses - difficult to get.

Before you go forward, from my perspective you are would be using as much labor to implement the FreeRadius server as to use static ARP entries on the DHCP server.
Realistically, how many employees/workers are actually getting on the domain and access the internet inappropriately? It does not make sense to lock down everyone when the culprits are , 10%, 5%. Way easier, in my opinion, to assign a static ARP on your LAN for the few violators, develop an alias from this list and put a block list to the internet from the LAN.
As you catch other employees it is easy enough to add.

How many VLANs do you have? I think the ice driver includes support for hardware VLAN filtering and it has a limited number. It should switch to software filtering but fails.

Steve

It will probably work. The compatibility would all be down to the controller though the drive itself doesn't really matter.

You don't need anything like that for pfSense though. pfSense doesn't require a lot of storage or much by way of storage speed. And you can get an SSD new for less than that anyway.

Steve

@frijolierthnthou Were you able to solve this issue? I've been dealing with this same exact problem from the past 2 weeks

Take a look at the ipquery.io docs

One of my favorite pages on the Netgate Docs-
https://docs.netgate.com/pfsense/en/latest/recipes/index.html
Scroll down to DNS then click on redirecting client Dns.