Ok 6.0.19 is pretty old (2023?) That's still in Proxmox 7 I assume. You should upgrade that IMO.

This is almost certainly that bug though which is not a pfSense issue.

If it ain't broke....

For reference:
https://redmine.pfsense.org/issues/16156

@webdawg said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":

Sorry to necrobump, but I am a long term user of pfSense. I really feel strongly that this thread has been cr*apped on.
[ . . . ]
You are breaking things in one market segment, and then being rude to your users when they jump on your forums.

Your post seems to be directed at Netgate. But I count only two official Netgate replies (from the same poster) up until this point—and both are empathetic and respectful.

As one of the 'crappers' on the thread, I feel obligated to point out that the rest of us here are merely users like you, who may simply disagree with some of the points you and others are making.

@townsenk64 Same here, no issues since I put the debug version.
Maybe a leftover glitch from the upgrades?

The CSC seems to work when assigning a specific tunnel IP to the client.

But it seems not to work for setting (all) the routes, and for limiting the access:

The wish would be to set only one IP for the client to be routed etc

I solved it for now by adding fw-rules on the OpenVPN-interface on the server side:

allow traffic from tunnel-IP x.y to server-VM a.b.c reject traffic from tunnel-subnet to rest of server-LAN

Seems to work right now, suggestions welcome ;-)

HAProxy is restarted? Does it log an error when it stops?

Did you set static source ports on the outbound rule?

I would probably test a rule that just matches the one internal IP trying to connect and all ports to be sure.

Then check what states it's opening when it fails. Or succeeds!

@netblues And UPnP is also port forward.. just automagic. But as I said, never got it to work behind private IP using STUN. There is a feature request active to get a setting to allow UPnP to accept WAN with private IP though...

@fly_tagart Bonjour,

Pourriez-vous expliquer un peu plus en détails votre solutions ?
Car je suis confronté au même problème.

C'est-à-dire que en LDAP, je n'ai aucun soucis tout fonctionne correctement. Mais dés que je passe en LDAPS, rien ne va.

J'ai tenter de :

Créer le certificats depuis le pfsense (complètement) Créer une CA sur l'AD et l'importer sur le pfsense

Rien ne fonctionne. En analysant les paquets avec Wireshark je vois "CA unknown"

Merci a vous
Bonne journée

@jeffry-maynard said in Kea server is down:

let me know if you have figured out a fix

You are using ... 2.7.2 ?
Afaik, there was a small patch avaible since the beginning to solve this situation.
Or, even better : 2.8.0 beta is out now for several weeks, and it look very promising,

@RickyBaker I think it was the modem!!!
680decb1-9933-4198-9eee-eb55e04c7910-image.png

I'm not convinced this isn't just temporary. Some of the settings of the Modem seem wrong. for one passthrough didn't seem to work and DHCP is enabled on the router. I'd like to enable the protocol in that link i posted above (https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html) but for the time being i'm happy to have snappy internet back! Thanks everyone!

This seems......ok? not sure what I should expect over wifi with gigabit fiber:

f8a26daf-94ec-416e-a4cc-bfab1911feec-image.png

It's def faster than it was though...

Details and fix for the Kea error:
https://redmine.pfsense.org/issues/16154

Hi All,

For anyone who comes across this thread, here's what I've tried.

Worked with SNMP to no avail. If I had an MIB, I'd reapproach this.

Attempted to set up SMTP. The relay host only accepts IPs and not FQDNs. We configured an internal server, but were unable to relay messages off of it successfully. Next steps here would be to find a log to review or a packet capture. For now, I've set this aside.

Installed IPMItool on a Debian host and ran this command:
ipmitool -I lanplus -H x.x.x.x -U user -P password sensor list
(Substitute your IPMI IP for x.x.x.x and your IPMI user/password.)
Success... a list of all BMC-supported sensors:

After successfully implementing item 3, we pointed Zabix at the IPMI IP and can now view all the sensors. I'm still testing triggers in Zabix, but it seems to have found a path forward.

I'd love to hear what others are doing.

@johnymarconi You had mentioned it worked until you got new hardware. I was referring to with the old vs new configuration. That is when it worked with when it didn't.

@jimp

Ok. Yes, i had the patches package installed.

Thanks for the help.

What does the console show pfSense has as a WAN address?

If the upstream router/modem is passing it a 192.168.1.X address that would conflict with the default LAN subnet and one of them must be changed.

@elvisimprsntr Honestly, that’s a solid, old-school, reliable shell script. But it has a few weak points. It doesn’t stop on errors, so if something fails, the rest of the script will still run without warning. It also uses plain echo statements without logging to a file, which makes it harder to track issues later. The USB device path is hardcoded, which isn’t very flexible if the device name changes. There’s no error handling for the scp commands either. if copying to the NAS fails, you won’t know unless you’re watching the console. It might also be a good idea to move the NAS address and backup path into a config file for easier updates. And while copying the config file locally is fine, it skips CSRF protection that the web interface uses, so it might miss some config details or protections in certain setups. Overall, it’s a good base but could be improved with safer practices and a bit more flexibility.

@bmeeks

Makes sense.

Auto-updates are def working as expected now. To your point I adjusted my frequency to weekly, every Saturday at 4am. I think Maxmind pushes updates every Tuesday & Friday.

cffaed5b-4c49-4cff-aca1-34032b216f29-image.png