@Bob.Dig what's the right place?

Ooo, missed this. You are just adding that section to the custom Kea json config? Edit: Yup

@azalea You can read more about the specific notation you're asking about, the zone index, in this Wikipedia subsection of the "IPv6 address" article.

This is what I observe in the system logs when this event occurs: not letting me post the logs here due to ant spam filter you can see it on my post on reddit here in the reply's: https://www.reddit.com/r/PFSENSE/comments/1mrqwg3/wireguard_tunnel_disconnectreconnect_events_cause/

@SteveITS Tool tips say the following: green: Current Boot Environment yellow: Boot Verification Failed black: Upgrading Boot Environment

@Rico Ich glaube jetzt hab ich es, das System bootet automatisch vom Stick und über die Serielle Verbindung kann ich die Installation auch starten (xterm war das Mittel der Wahl bei der Konsole, für mich) und werde durch die Installation geführt. Ich hoffe ich kann mein Backup dann auch wieder einspielen

@malindsay Your welcome, and I would say stay back a version, or switch to Legacy BIOS mode, either works. Was going to give you a thumbs up, but apparently my reputation isn't good enough here yet.. LOL Trying to remember how many years I have been around this place, just not always active.. -Howard

Just as a followup, I have been unable to solve this issue, and it happens with two different 2100’s. So the workaround for now is to use mvneta0 as the uplink to the switch carrying multiple VLANs in a 802.1q trunk (leaves the builtin 5 port switch out of the inter VALN routing). At some point I will try with another managed switch model to see if it’s the specific Switch/SG-2100 combination only, or a general issue.

@girkers said in Best way to set up and maintain a cold spare for pfSense 2.8.0 CE: How do others handle maintaining a cold spare so it’s ready to go at short notice? On my cold spare I load the current version of pfsense (and maintain it in the current series so configuration import is compatible) Load the configuration from the main unit. Most easily done via the GUI so interface reassignment can be easily seen. This is do both so plug and play will probably work but also as a dry run in-case a newer configuration has to be loaded in a hurry. Back up the main units configuration to a location accessible without a functioning pfsense router (to enable use during an emergency restore). I actually use my cold spare for other things when not needed as a router by running pfsense under Proxmox but configuring dual boot would achieve similar functionality

Yup, seeing that here. Likely related to the upstream firmware API issue. But those drivers shouldn't need to load anything without the hardware present anyway.

Yup, that's fixed in current versions.

Hmm. Well if you can replicate the WAN failure after upgrade it would be good to grab a status_output file to check. I've not seen that on an 1100 here.

Well you obviously you shouldn't need to so I'd hope to see some error logged that tells us what's happening. But I would try installing it as UFS if it still fails with ZFS. That will rewrite the partition tables. If that does work then try installing ZFS again.

@viragomann Can you possibly elaborate on this? A floating rule on the client pf? both instances? (active and stby?)

@rocaembole aca las URL, puertos e IP requeridas para filtrar, siempre y cuando creen sus reglas correctamente. https://developers.facebook.com/docs/whatsapp/guides/network-requirements

@Cloufish there is a difference between traffic that would go out your wan interface to get somewhere, and wan address as your destination. It would rare that a client would actually ever try to go to your specific wan address. Your wan address is just that the IP address on your wan interface, say 1.2.3.4 if public. your wan net is just the network 1.2.3.0/24 that your wan is on.. Some client to go to an Ip on the internet say 5.6.7.8 or 8.8.8.8 would never have your wan address or wan network as the destination. The destination would be those 5.6.7.8 or 8.8.8.8 Ips

It is in 2.8: [2.8.0-RELEASE][admin@t70.stevew.lan]/root: kldstat -v | grep bnxt 94 pci/bnxt 93 bnxt_mgmt I've never tested that NIC though.

@Gertjan @stephenw10 Thank you for the explanations. I will start a new thread.

(Hice un post pero lo elimine ya que han cambiado ciertos asuntos, este es un post actualizado) Hola, seré breve Tengo el router ISP que va conectado a un switch el cual se encarga de separar en vlans el router ISP del pfSense, ya que mi idea era separar la red ISP de la mia para montarme mi homelab, pero manteniendo la red ISP, o sea estoy en doble NAT Tengo suricata y pfBlockerNG, pero pfBlockerNG ahora no lo utilizo Deshabilité IPv6 por completo, en caso de que hubiera un conflicto, y después de hacerlo, comenzó a resolver consultas con DNS externo, pero daba "Respuesta no autoritativa" [image: 1756816982004-consulta-a-dns-externa.png] Si hago un nslookup normal a google.com (por ejemplo) utilizando una DNS externa como 8.8.8.8 reconoce la dirección pero el servidor no [image: 1756817020179-consulta.png] Y si hago un nslookup directo a pfSense con google.com, reconoce el servidor pero termina dando error [image: 1756817525833-consulta-directa-a-pfsense.png] Aquí están mis ajustes del unbound: [image: 1756817739983-captura-de-pantalla-2025-09-02-145314.png] [image: 1756817880184-captura-de-pantalla-2025-09-02-145329.png] No se que puede estar pasando Supongo yo que es por este problema por el que no cargan las páginas y demás aunque en el cliente luego me pone que hay acceso a internet Gracias de antemano