@ameinild said in Kea client logs:

I get no logging from the kea-dhcp4 service for client DCHP logs, only from the dhclient for the WAN interface.

Well ... this is FreeBSD/( and Linux) classic log behavior : no news is good news.

In general, as my friend said, seven troubles - one reset. The situation was corrected by reinstalling the system and restoring the configuration. This can be written down as a solution to the problem.

Does it reconnect as expected using the old mpd5/netgraph?

Is it failing at both IPv4 and IPv6?

If you disable IPv6 does it then reconnect correctly?

We have seen one other report from an A&A user but that failed to connect after reboot.
https://forum.netgate.com/topic/198027/if_pppoe-problems-with-php-fpm-causing-loops-resolved

Hmm, yeah I'd expect it to only be resolving leases that were present before that change. Like if you add a new static dhcp lease on that interface I'd expect that to fail to resolve.

@detox you should be able to edit your first post and edit title with [solved] in the title, add tag.. If you can not - let me know and can do it for you. There might be some restrictions on rep ports or something - but you have 6, I would think that enough?

@stephenw10

Thanks for the response.

In reviewing your response and looking through my configurations, this one firewall did NOT have a valid Client name set and was missed from my template configuration when the firewall went into service.

I apologize for taking up yours and anyone else's time. I feel like a Newby today.

Does it report the memory usage in both Proxmox and pfSense?

Can you see what's using it in the output of top or ps?

@stephenw10

Thank you, that was what I was not doing and really appreciate the guidance and support here. Thanks

@rasputinthegreatest see my edit about devices sending it out even when they have an IP on the network - my directv appliance does that.. But once you have a mac should allow you to track it down. Especially if you have a smart switch and its wired. Where you can look at the mac address table.

If everything is working and you just don't like the noise in the logs, you can turn those off, either in log settings - I believe new 2.8 allows for not logging link local. Or you could setup a rule not to log it.

@stephenw10 Eventually I was able to read the a cloned disk from a side FreeBSD I setup, then I edited the config.xml to include the correct source IP, replaced the original disk with the cloned-now-edited disk and that how I got my access back and then I enabled the console. Thank you.

@ameinild Yes, I just confirmed at home that it is still working. I had some icon error right after install, but this seems to be fixed now. 👍

@viragomann banally ho quest problem, per riassumere
If you download your pc from the lan dove and install the pfsense with opnvpn site to site client, pingo i server windows o i pc della lan pfsense server, invece dalla parte server non pingo nessun pc, nemmeno il pfsense client. Invece dal ping di pfsense pinggo calmly. What can you control that the server does not function?

@ahole4sure
Maybe the routing table brings dissociation.

However, I'm not familiar with Tailscale. Don't know, what it does.

@dennypage, @maximushugus, @louis2, @jeffscott

Good news!

I have the PIMD version I did compile yesterday working !!
Including the related pfSense gui.

Not I think I can make it running the way it should in the coming week(??).

Note that at this moment I still have the following issues:

The warnings at compile time. Surely NOT OK!
=> I do not have the knowledge to fix this. but it does not be blocking. The man directory issue.
=> I have no idea how to solve that. My actual work around is removing the manual files from package definitions (NOT OK) Pimd does not run using the GUI.
=> At this moment I have to start pimd from the command line in debug mode and restart pimd after each config change. However pimd is running and I can access my media server.
pimd -n -f /var/etc/pimd/pimd.conf --disable-vifs -l debug=all the firewall rules are not yet as they should be, for the test I just opened too much.

So I have to sort out things in the coming week/weeks. But I have good hope that I can solve points 3 and 4.

If someone can solve points 1 and 2, it would be highly appreciated!!

Update auf 2.8 hat jetzt auch funktioniert, danke

Gruß

@JonathanLee said in Seeking Insight on IPV6 Suricata Alerts – "Excessive Retransmissions" and "Wrong Direction First Data":

SURICATA Applayer Wrong direction first Data

Here is the link in the Suricata docs for this stream rule alert: https://docs.suricata.io/en/latest/rules/app-layer.html#applayer-wrong-direction-first-data.

The short version of the story is that even today, after several attempted fixes within Suricata, the coders of client/server software apps seem to still be able via crappy coding to craft network flows that trip up the Suricata parser. This is basically a harmless error.

As @SteveITS said, the best thing is to disable all the Suricata stream event rules. They are informational anyway and don't necessarily indicate malicious traffic.

Yup, what I missed here is that whilst it's not hitting the default block rule it's in fact also not hitting your custom rules. It's actually the hidden block all v6 rules that are added when you unset 'allow IPv6'.