It's not a bug because that's the expected behaviour. You could consider it a missing feature if you need to make changes there. Open a feature request: https://redmine.pfsense.org/

This is the first time I've seen anyone ask about it in 10 years though so it's clearly not a huge problem.

You could just patch the file to create the config with the values you need then carry that as a custom patch in the patches package.

Currently nothing I'm aware of but going forward some functions will likely be written in go and hence in the Nexus package. Obviously that assumes the Nexus package is always present so it is automatically re-installed at upgrade.

@stephenw10 Confirmed fixed ty kindly sir.

@MacUsers said in Kea DHCP stops working:

all of pfSense are v24.11-RELEASE (amd64); as far as I can see now, KEA actually never worked for me since I migrated from ISC, regardless of the pfSense version.

There is a 99,99 % solution avaible now.
Right now, this one :

05190dbc-0f5c-445e-ba66-8104c93aae78-image.png

is available.
An RC version is identical to the final Release.
It stays RC so very minor issues let GUI text can get corrected.
Major changes, like 'kea not working' won't be corrected anymore.

I'm pretty sure (tens of thousands) use "25.07"(RC) right now, and they 'all' use kea.
No issues afaik.
So .... even if 25.07 won't solve your issue, you'll be sure for 99,99 % that the issue is ... on your side.
Or, you are using pfSense (hea DHCP) in a very special way, and no one else is using it that way so we can't know what your issue is ?
Do you have any details about why your 'pfSense' (DHCP kea settings) are so different that it 'break's ?
Do use an edge case scenario where things were possible with ISC DHCP, but not anymore with kea ?

Btw : we all have iMac, IPads iPhone and other iStuff in our networks, they all behave fine with kea, using classic DHCP leases, or static MAC leases.

@Qinn Thank you, I just turned it back on and it is working!

Yup the issue definitely exists. I have no fix for it yet, none of the things I tried made any difference.

For anyone interested in the exciting conclusions... it worked fine in the 16x slot for 2 weeks and is still in there now
I put an I340-T4 in the 1x slot at the same time and left that running and that has been perfectly fine as well

It seems to be an incompatibility between the 1x slot and the I350 specifically but i'm not sure why. In either case, the issue seems to be resolved

It may be something specific to AM5 and the I350 in the 1x, or just the I350 and the 1x alone but if anyone else for some reason tries the same, at least you know what symptoms manifest and what the cause was

Thanks again for those that helped and commented

@Qinn said in Feed issue on SWC:

Got a reply from Dan and here it is solved.

Thanks for feedback!

@MacUsers

https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

edit: oh you prob out of luck

You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

I would agree. 18 hours in and everything continues to run smoothly. The issue related to image availability I believe is the valid answer and we can close this out as solved. Thanks everyone. -JD

Recently done four of them. Two upgrades from 2.7.2 and two net installed. All went ok & reinstalled packages after.

I agree an iso would be useful but I’ve managed without.

Next one will be an ESXI vm, so will try both methods on that.

@iggybuddy6 I'm just happy I could help. Today I went from thinking I knew everything about setting up wg on pfSense, to realising I did not, and that is a great reward in itself!

Hopefully your setup will remain stable going forward.

@johnpoz This even does this with the newest CE edition inside of UTM virtualized environment outside of the 2100s

Screenshot 2025-07-17 at 10.15.51.png

It is not just the 2100s this is set up for standard stuff everything else works with it just the status page

@Belcebu-Gdl

Hola.
Cuando ocurra el problema, yo revisaría desde el ordenador con cliente openvpn (en este caso desde el ordenador con openvpn connect) si hay conectividad al servidor openvpn (pfsense).
Aunque no es lo más común, yo tengo el servidor openvpn escuchando en tcp en lugar de udp. Si está en tcp, puedes desde el ordenador cliente comprobar si hay conectividad con el comando telnet a la ip y puerto del servidor openvpn. De esta manera puedes ir acotando el problema y ver si el problema es de servidor, de red o del cliente.
Un saludo.

@mav3rick said in OpenVPN on 2 pfsense instance with HA - service is running on both pfsense instances:

So setting openvpn to bind only to the CARP VIP works fine for me

Multi-WAN with HA there?
If so, it would be a better idea to run openVPN server on localhost instead.
This would allow it to receive connections from all WANs.

No need to select a VIP, just forward packets from the WANs VIPs to localhost.
You can use DNS, thus the client would connect to the WAN that is UP.
Or
You can use two remote entries in the .ovpn, with timeout lets say, 2 seconds.

Then, just create the NAT rule to access the firewall-2, using the SYNC address as previously mentioned.