@DjJoakim yeah so stuff using other than your IP will be redirected, and stuff using the pfsense IP will be allowed.

@Nerd2600 All set. I needed to expunge the meta data on the mSata.

ok, further digging, looks like with the Kea DHCP; forwarding of hostnames is ignored: https://www.netgate.com/blog/netgate-adds-kea-dhcp-to-pfsense-plus-software-version-23.09-1

guess all my issues are solved then. thanks!

@marcosm after applying the patch IPv6 as the second interface address is up and running again.

Thanks you and have a great weekend.

I'm nearly positive its an issue with the bearing in the fan. Fortunately, I found a replacement to order.

For those interested its this Delta Fan. Model number is KFB0612HAFDB.

It is available at Mouser and Digikey.

Quick update:

c941ae86-6ebb-40bb-a5e5-7ce0c05a60ce-image.png

Had to reboot once because auf updates, but since than rock solid no incidence. Enabled all extra IP-Lists and Suricata and so again.

@maitops Just disable all energy saving features of the nic or select high performance power profile in windows for a test.

It must be the power state switching or the system tunables I did im my last update post.

@tknospdr Where are you running ./discourse-setup, on something outside your network?

Have you gone through https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html ?

When the installer fails it should drop to a command prompt. Try running: geom disk list

Since you are booted from USB it should show da0 and da1 where one of those is the eMMC device (which is USB connected internally). If it doesn't you may have a bad eMMC.

Is it still in warranty? Open a ticket: https://www.netgate.com/tac-support-request

If not you can always fit an NVMe drive: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/m-2-nvme-installation.html

Vielen Dank an @JeGr für die Hinweise !!!

Die Telefonie funktioniert nur und das Hauptproblem hatte nichts mit der pfsense und deren Konfiguration zu tun.

Entscheidend war mein Nachtrag von gestern Abend, nämlich dass die Diagnostics -> States für die 192.168.0.4 ausschließlich Verbindungen zu 5060 anzeigten, aber keine zu den STUN- oder RTP-Portts.

Voreingestellt im C430A GO sind die RTP-Portts 5004 - 5020.

Bei 1&1-Verstate gibt es auch eine Konfigurationsanleitung für das C430A GO, in dem diese Prots so eingetragen sind wie von mir bis jetzt verwendet. Das 1&1-Hilfecenter schweigt sich zur RTP-Konfiguration gleich komplett aus.

Dennoch hat mich das RTP-Problem nicht losgelassen. Den entscheidenden Hinweis fand ich im Tutorial: 1und1 VoIP mit Fritz!Box HINTER opnSense aus dem OPNsense Forum
Dort findet sich prominent der Hinweis auf die von 1und1 genutzten RTP-Ports 5070 - 5079. Damit nun funktioniert die Telefonie einwandfrei.

Was bleibt ist ein extrem schaler Beigeschmack hinsichtlich des Supports von 1&1 und deren Tochtergesellschaften wie Drillisch. Man will die Privatkunden offenbar mit aller Macht zur Nutzung von FritzBoxen zwingen. Informationen zur korrekten Konfiguration sowohl von DSL- wie Glasfaser-Internet und der Konfiguration der 1&1 Telefonie-Verbindungen gibt es ausschließlich für Fritten. Auch telefonisch erhält man lediglich die Auskunft: "wir supporten NUR FritzBoxen". Für 4,99 Miete/Monat senden die einem aber gerne eine 7510 (Kaufpreis ab rund € 100) zu ...

@pietsnot56

I imagine your OpenVPN server is se up using IPv4 :

d207714c-b89e-4e6c-9bf0-a18d798ab751-image.png

and this implies you have to use IPv4 to contact the WAN IP of your pfSense.

But .... your phone, does it have it's own IPv4 ?
I can image, since there are no more IPv4 to give to everybody (there are more Internet capable devices on the planet as there are aIPv4 addresses) that your phone has only a IPv6 ..... and that sucks, as you need to use IPv4.
So, your phone, does it have a IPv4 - your phone data carrier gave it an IPv4 (it did give an IPv6, I'm sure) ?

Fast solution : on the pfSense side, it's time to activate the "dual stack", which means your pfSense can use = will be accessible over IPv4 and IPv6.
When that works, change the OpenVPN server so it can be accessed over IPv4 and IPv4, or just IPv6 :

0e90f8c3-50c0-432e-a46b-03419bb424e1-image.png

and you'll be fine.

Btw : I'm presuming a lot as you didn't gave a lot of info.

@SteveITS said in Can't ping the same IP from multiple devices:

I think you are right

I tried it with both Senses and with FreshTomato, without any special OutboundNAT, the outcome was every time the same.

@Gertjan

will do, thank you very much for your help

Yes, I'd like to see that. I'd also particularly like to see the configuration history after it fails. The only thing I can imagine so far is that is fails to detect ena1 and somehow assigns all interfaces to the only remaining NIC.

But if that did happen it should drop to the interfaces assign prompt because the config contains interfaces no longer in the system.

In the config you uploaded though both WAN and LAN are assigned as ena0 and that shouldn't be possible.

@viragomann
Thank you, I was assuming this would be under Gateway Groups, time to do some reading now!

@Uglybrian The /29 was to try and get the range of IP's for both of the systems and their docks (2 Docks hardwired, and then the WiFi of each unit).

I think I actually managed to track this down to an issue with the WireGuard instance I had running for my phone to VPN back with, as once I disabled that my connections were fixed, getting NAT B and was able to play online for quite awhile without incident.

The fact it's in HA makes it more difficult. You would probably have to swap it on both nodes.

In the 1541 the ix NICs are in the SoC so I would not expect overheating to be an issue if the CPU is still within limits. But possibly some other component like a PHY. Certainly check the fans and sensor readings between the two nodes.

I have a laptop with a mapping for both the wired and wireless MAC, but when it gets a lease, instead of, for example, "laptop" as the client ID, it is "laptop." and gets a pool address instead, even though the MAC matches the reservation. Very annoying.

The servers should still be accessible.

But I would just reinstall 2.7.2 and restore your config.