@JonathanLee said in IPv6 HE tunnel broker and Netflix quick fix idea:

This fixed my issues 100% anyone else parse AAAA and A dns records like this?

That issue is very old.

Hit the search button - its just above :

979fea0f-8b0a-4338-afa4-9be21a3aeefa-image.png

The issue has even a pfBlockerng solution made for it :

99d7ab85-cb14-44e3-958e-e48648d7256f-image.png

Check the check box.
Add all the host names that should not be resolved to AAAA.
Done.

@gertjan Pfsense uses 127.0.0.1 as it's nameserver (it was displayed then using the pfSense dns lookup tool). I checked all settings on my win10 client and even captured the packets with wireshark: The packets were definitly sent to pfsense and were processed there (i saw the specific lookup request I made in the unbound logs). Good idea to check the resolution with the cli, thx.

However in the meantime, it seems like it's working:
I have noticed that I didn't upgrade my pfSense for more than 3 months. Therefore I checked for updates and saw that the version 2.6.0 was available. I installed it and as of know, the problems are gone.
Don't know if this was a bug in the previous version or what, but it was definitly strange...

@johnpoz @Gertjan @SteveITS Thanks for all the help :)

Your rules force all traffic out the gateway.

rules.png

And the rules below that make no sense, because rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

So your rule sending traffic out your gateway is any any.. When would there be traffic that does trigger that rules.

When would there be traffic to ! private, that does not match the rule above it any any?

If you want your clients to talk to pfsense IP.. Where do you allow that? You block talking to pfsense on 443, then your next rule says go out the vpn.. How does vpn have access to pfsense vlan30 interface for example?

Damn that’s encouraging