@NickJH

Check this one :

0a2b3de4-9ed3-4396-9d83-12078a0f97fa-image.png

and hit the big bleu save button at the bottom of the page.
Worked for me ©

edit :
and we never believe a GUI as it nature is hiding all the info we're looking for :
a test !?!

Because I know I've entered this :

9d3fe825-15f5-4190-ad49-62c7c62fe8ec-image.png

This must work :

C:\Users\Gauche>nslookup bureau2 Serveur : pfSense.bhf.tld Address: 2a01:cb19:beef:a6eb:92ec:77ff:fe29:392c Nom : bureau2.bhf.net Addresses: 2a01:cb19:beef:a6eb::88 192.168.1.2

and this is correct ...
I'm also using static "IPv6 leases" because I really dont want to have to deal with IPv6 like '2a01:cb19:beef:a600:46d4:54ff:fe2a:36dc'.

My LAN IPv6 '2a01:cb19:beef:a6eb:92ec:77ff:fe29:392c' is already a horror. Gone are the day you can 'quickly' ping LAN using "192.168.1.1" 😵

@mhd353 Yeah you could do that. Or like I said earlier, just change the 3.1 to 30.1 and use it as the native on that port, you can then add vlans later if needed. I've done it where I name the physical port "Trunk" and had no native network on it. I've also read recently that the physical port doesn't even need to be enabled but I never did that and doesn't sound like something that would work to me. Maybe I'll try it sometime just to find out.

First, configure mvneta1 interface with an IP address in a MGMT network that you choose (not vlan). And use this same network in the switch and AP for management purposes.

Checking your screenshots, everything seems to be correct at the pfSense side.
Check your netgear, make sure the MGMT network is correct (untagged) and in the same network as mvneta1 in pfsense, check if this same port is configured to receive vlan20 and vlan30 tagged, and the downlink has the same configuration.

The port connecting pfSense to Netgear switch should be like this:
VLAN 1 Untagged (MGMT of the switch)
VLAN 20 Tagged
VLAN 30 Tagged

Netgear Switch to AP:
VLAN 1 Untagged (MGMT of the AP)
VLAN 20 Tagged
VLAN 30 tagged

Then, assign the wifi networks to use VLAN 20 and VLAN 30 respectively.

@Lace pfSense will do incoming and outgoing in much more detail and with more advanced filtering options than USG will ever do ;-)
If you use the assistance of pfBlockerNG, you can GEO block countries, lists of know offenders and what not in both inbound and outbound directions.

But sure you can use both - allthough it is a compliccated setup with more failure options.

Colors should convey some kind of meaning. Choosing a random color just to have it be a color seems like a bad idea.

The grey color already has a well-known intended meaning of something being inactive/disabled. I don't see the need to change it.

@hydrian
You can get it work with a single public IP, but probably not with a MAC lock. CARP uses certain MAC addresses, which cannot be spoofed as far as I know.

Final reply to this thread for anyone in the future who needs to setup something similar:

I've put the full solution, including the NodeRed flow here: https://gist.github.com/Slyke/7d5b290f1d5695fdd79f5e0a08837c93

@stephenw10 yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DHCP list with a couple entries thus causing hostname mix ups. That for one would be very hard to pinpoint. Moreover, we know the amount of hours system administrators work. It's a lot of hours. This would make PfSense have a ease of use software functionality built in. I assumed that if pfSense allowed multiple duplicate entries, it was done for a situation when two devices need to be swapped in and out and need the same IP address, in this mindset PfSense should still log the correct hostnames. Again, if that was the reason for PfSense allowing the GUI duplicate entries.

Weird thing to research, but the hostnames mixup was what I was after and or why
PfSense would allow the duplicate entries in the first place. Let's agree admins have monster static dhcp lists that are updated and changed all the time within a secure setting. This situation would want controls in place for hostnames. Finally, logs for the hostnames could get bonkered up and with a monster list and that would be hard to track down why hostnames are wrong. We know PfSense now has experimental layer 2 Ethernet filtering.

@bmeeks I solved it by copying both the curl and sh binaries into the chrooted folder and specifying the path to them directly:

mkdir -p /var/dhcpd/bin mkdir -p /var/dhcpd/usr/local/bin cp /bin/bash /var/dhcpd/bin/ cp /usr/local/bin/curl /var/dhcpd/usr/local/bin/

Then in my /var/dhcpd/etc/dhcp_update.sh script:

#!/bin/sh BASE_URL="http://your-web-server.com/your-endpoint" EVENT_TYPE="$1" IP_ADDRESS="$2" MAC_ADDRESS="$3" case "$EVENT_TYPE" in "1") ONLINE_STATE="online" ;; "2"|"3") ONLINE_STATE="offline" ;; *) ONLINE_STATE="unknown" ;; esac URL="${BASE_URL}?ip=${IP_ADDRESS}&mac=${MAC_ADDRESS}&state=${ONLINE_STATE}&event=${EVENT_TYPE}" echo "DHCP Announce: $URL" /usr/local/bin/curl -X GET "$URL"

It aborted with exit code 6, which means that cURL couldn't resolve the hostname (good news!). I still haven't tested this with my proper endpoint, but I think it will work now.

@Richard-1 said in No DHCP on proxmox:

On my Win11 VM I receive ip configuration from DHCP server, on my physical PC no DHCP configuration received, I need to enter ip, subnetmask, gateway, ... manually to connect to network.

It's the way you have it setup...please see here: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

Did you connect your physical PC to pfSense LAN? Nothing is wrong to connect manually though. You should consider amending your title as Proxmox doesn't do DHCP.

@JonathanLee sorry if I wasn't clear. No, one URL should be enough

@gertjan I think I've discovered the answer for my problem...

I came across a note about comcast blocking traffic which pings and the answer was to turn off monitoring on the gateway. Voila. That worked.

I tested it by turning monitoring back on and it still worked. That seems a little flaky to me and I suspect it will come back to haunt me... but for now i'm clad it's framed up pretty well.

I did create the 4084 vlan and assigned it to a default Interface OPT1. Then in the Interface settings I renamed the OPT1 to WAN2.

I also created a gateway for WAN2 manually and had to set a NAT in outbound for WAN2.

Thank you for your help.

@djdmx Good to hear!!
Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

@matthewfearnley said in DHCP server - allowing Static Mappings within pool range?:

This is something that is possible on Windows DHCP servers

Technically I think it's required on Windows...basically Windows does make it a reservation (they even call it that) and pfSense (ISC dhcpd) doesn't. And yes it is very handy for assigning an IP to, say, a printer that a printer tech set up as DHCP without asking us... 🙄