Yes that's correct. The 1100 has only one NIC (mvneta0) and an internal switch with VLANs to separate the ports. But, as I said, you shouldn't need to make any changes there it's detected and set automatically for any Netgate device.

@Gertjan shame on me! Didn't see that ... thanks a lot!

@tman222 said in Upgrading Unbound version for latest pfSense Plus release?:

(I didn't see it listed in the 25.07 release notes when I looked earlier).

A couple of days (weeks ?) one of the latest pfSense Plus Beta or RC already included 1.23. That's the version I use right now.
Since February 2025, 1.22.x was used, that's according my own release notes (I always log the upgrade process, executed form console, option 13, to a file. I don't use the GUI upgrader as that one tend to hide the obfuscate the interesting stuff.)

If the newest unbound version, 1.23.1, concerns the 'pfSense' version of unbound, then 1.23.1 will probably be included soon.

edit :
@w0w => 👍

We can actually check :

[25.07-RC][root@pfSense.bhf.tld]/root: unbound -V Version 1.23.0 Configure line: --with-libexpat=/usr/local --with-libnghttp2 --with-ssl=/usr --enable-dnscrypt --disable-dnstap --with-dynlibmodule --enable-ecdsa --enable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd15.0 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 3.0.16 11 Feb 2025 Linked modules: dns64 python dynlib respip validator iterator DNSCrypt feature available BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

so the CVE deosn't apply.

@AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

You've found a reason to use a VPN.

@tinfoilmatt said in Netgate Documentation on DNS over TLS and NOT using DNSSEC:

I've never encountered any problems

And what have you gained by asking for something that has already been done.. You mention you leave 0x20 off for performance - but want to do a bunch of queries for dnssec that make no matter?

@stephenw10 Unfortunately I am going to have to wait till I can bring down the network to test. If I take it down now and it doesn't come back up I will be having some hell to pay from the family...lol. 😃

@bmeeks Thank you.

Your points are excellent. I believe I will back off from adding more supplemental apps. Adguard Home works with OPNsense as a 3rd party add-on without complaint so I will leave that alone for now. But I will also keep an eye out for issues with that configuration.

Worst case is a reinstall of pfSense and a restore of the backup configuration. My Windows Adguard Home servers are available if needed.

For 25.07 RC, this worked for me (run sh first)

[25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4

@Wolfgangthegreat
...and to @comet424

I wasn't able to perform the 2.8.0 update this weekend, but when I got to the school this morning, it worked perfectly!

I appreciate the support from both of you, and from Netgate.

The backup/standby pfSense instance is back in place and ready in case I have a hardware failure, or a failure of the gray matter between my ears!

My best to all of you.

Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

Nice. Weird though. 😕

@NickJH
Not clear, what you intend to achieve with this, but the Directory container in Apache is meant to be used for local paths. "/" might not be correct here.

If you need to describe a virtual path use "Location".

@Wolfgangthegreat For example (this is checked by default):
8544523b-d69b-4088-b221-d2532912455c-image.png

There was a backend issue that's now fixed.

@lbeard said in Dynamic dns don't work with carp ip:

Done => https://redmine.pfsense.org/issues/16326

Great, thanks 👍 👍

@johnytb said in Gtek 2.5G (Intel I225 Controller) PCI-E x1 Network Card not recognized by the pfsense:

can you explain to me what exactly is this interface that you show here ?

That's pfSense most important interface 😊
The one that works when even all your NICs don't work.

Its called : the console, which could be a serial connection, or, if you have VGA/HDMI build in, it could be that and a (USB) keyboard.
Or : If the LAN NIC is working, you 'ssh' into your pfSense using a SSH client like putty or classic 'ssh'.

Keep in mind : what happens when you have a disk drive issue ?
=> pfSense can't boot.
=> Network interfaces will all by down ...
You the the console (serial or VG/HDMI/Keyboard) access.

For command line commands I use the ... command line = console (or SSH) access.

@Gertjan said in Does not have a public address and is behind NAT:

Managed to solve the problem.

You need to enter any fictitious name and your external IP in DNS Resolver. I entered both my pfsense on one and the second pfsense.Снимок экрана 2025-07-21 в 15.38.01.png In phase 1 you need to register.
Снимок экрана 2025-07-21 в 15.39.32.png
After which everything started working.

Ah OK I see, the names threw me!

Hi @SteveITS.

That was an excellent tip, I had missed the "self" target completely. This allowed me to get rid of all of my firewall aliases I needed earlier.

Thanks!

@stephenw10 I don't have enough points to upvote, so I'll just say thank you Stephen 👍 !

Now, if the seller agrees to selling me that M570, I should be good to tackle this thanks to all the good info supplied by the community in this thread :)