Are you able to reproduce this, e.g. by rolling back the BE and trying the update again?

Hi @patient0, Already fixed :) reset and preformed a full new installation. The peer can connect and performed a successful Handshake, and ping pfsense, wireguard and lan servers. However psfsense and my Lan servers can't ping this peer even with the handshake performed. I know that ping can be misleading but don't now what else.

@Gertjan said in Not sure this is normal: stashed somewhere in an obscure registry key Not sure I would call obscure Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Squid can be configured externally, I would love a how to guide on how to do this correctly.

@johnpoz Does Netgate have a cook book recipe for configuring Squid externally, like the old one for internally? If I had this it would make it easy, I just wonder how to do this as it has to go into squid and back up to the internet etc, makes my brain hurt I only have done it inside pfsense

@IonutIT thanks

That's expected behavior on AWS when the CPU is maxed. See https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/instance-type-and-sizing.html You'll need to find the cause of the core maxing out.

@patient0 said in The service show not running but client can connect to wireguard server.: Oh, I see, I didn't realize that the same issue existed on CE. I would like to say, CE user stumbled at first about the issue... (to check above)

@Averlon Indeed. There are valid use cases for both options. Thanks for the feedback

@jogovogo what I forgot: what pfSense version are you using? There was an issue with changing rule orders in certain situations on pfSense+ 23 and 24. https://forum.netgate.com/topic/196601/rules-order-randomly-changes https://redmine.pfsense.org/issues/16076

@elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

It is working as of today, that was weird Safari Version 26.1 (21622.2.11.11.9) Tahoe 26.1 I just went back 3000 plus posts to find this https://web.archive.org/web/20240302055716/https://forum.it-monkey.net/index.php?topic=23.0 Yeah it is working thanks

@marcosm I just upgraded to the latest version, and the Wireguard service is now running.

@stephenw10 Thanks. I completely forgot about ZFS until this morning when I was a little more clear headed and I reverted back. I thought I would have to reinstall and restore everything. I meant to come back and delete the comment above but got side tracked and forgot. Thank you.

@TonyB972-0 said in WAN seems to be getting next hop IP address, not public IP address: 192.83.xxx.1 address that was not. 192.83 is public IP. Your maybe thinking of 192.168 which is rfc1918 btw - not sure where your using some 208.93.xxx.xxx, because your not talking to pfsense with that IP, nor does your history ever show you connecting with an IP that starts with those 2 octets.

Hmm, good to know. Interesting.

@Leksandr hi hope you are doing well.i read your post.pkease can you share your work as i have one such requirement. We will ask some info and use that . To give a demo I am ok if the information gathered from user is stored in the local file in pfsense. Much appreciated it

Yup, should be fixed now in the 2100 and 3100. Thanks for following up.

OK... I figured it out... I need a rule set on Firewall->NAT->Outbound. Set Mode to Manual and save. Add a rule set below [image: 1762981320073-nat.png]

@marcosm - I updated to the 11/11 beta and everything seems to have worked overnight. I am just rate limited on the one cert I was trying to manually renew.