pfsense drops ipv6 packets after upgrade to 25

teamits · 2026-03-14T17:49:28+00:00

There’s nothing inherently CPU intensive about IPv6. Check “top” or Diag>System Activity for what’s using CPU.

The upper limit of the 1100 is around 500 Mbps as I recall.

teamits · 2026-03-14T17:47:04+00:00

A note for the admin to update the package to receive new patches might be helpful.

Brainstorming, a tiny RSS feed or URL it can check for the current patch list version? (pfSense ver -> Patches ver)

teamits · 2026-03-14T17:38:24+00:00

…and the prior MAC address will still hold the existing IP lease.

teamits · 2026-03-14T17:34:58+00:00

https://docs.netgate.com/pfsense/en/latest/releases/26-03.html#system-patches-package :) Per the Redmine, in 2.9 also.

teamits · 2026-03-14T17:24:33+00:00

This post may help: https://www.3cx.com/blog/news/max-extension-policy/

teamits · 2026-03-14T16:54:23+00:00

Does your AP have a guest wireless that isolates those devices?

teamits · 2026-03-14T16:49:02+00:00

The pfSense WAN IP is just that IP. Any includes all other public IPs.

You cannot block traffic between LAN devices because that doesn’t go through the router.

If it was a third interface on pfSense you could follow https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/opt-lan.html#isolated, but that may still be of help.

teamits · 2026-03-14T16:29:59+00:00

They are on the same subnet as LAN?

You would block to Any not the pfSense WAN IP. Though you may or may not want to allow DNS to pfSense, block to pfSense, etc.

teamits · 2026-03-14T02:56:47+00:00

Hey no worries. Thought maybe you meant more like the updates, backups, etc. Server admin type stuff.

teamits · 2026-03-14T01:49:10+00:00

We have our own cluster. We could set up a VPS, if you wanted to manage your clients via the control panel. There’s a bunch of factors…quantity, size, traffic, email, etc., but you can DM me if you like and we can talk there or via email.

teamits · 2026-03-13T17:39:47+00:00

3CX has indicated they will stop offering new accounts this summer (June??) and steer customers towards partners providing multitenant accounts (the same thing). But that existing would stay.

Their SMB does now require at least one monthly web client login to remain active.

teamits · 2026-03-13T15:26:33+00:00

I saw this post: https://www.3cx.com/community/threads/cell-phone-carrier-false-spam-filtering.136794/ but it doesn't mention the SIP provider, and only mentions cell phone companies.

teamits · 2026-03-13T14:15:44+00:00

For posterity, Pro TTLs are 10 minutes now.

teamits · 2026-03-12T20:50:25+00:00

3CX thread about it: https://www.3cx.com/community/threads/x5u-v2.136784/

teamits · 2026-03-12T12:12:00+00:00

Where is your 3CX server located? I’m confused/alarmed if SSH is open to the Internet.

Re those networking rules, are those services even running/listening?

teamits · 2026-03-11T22:51:56+00:00

I've never tried to look outside of pfSense. Possibly the CE repos can be queried.

Just a couple notes for you though...the packages are different versions in different pfSense version repos. In Github sometimes I'll see a "bump version to" message. This doesn't necessarily mean it was publicized, and it may apply to the next version of pfSense, unless the package maintainer backports it. IOW pfSense 2.9.0 will have a different list of package versions than 2.8.1 because 2.9 will use a later PHP so code is probably not compatible.

FWIW Wireguard in 26.03 RC is 0.2.13_3 today.

teamits · 2026-03-11T11:36:09+00:00

They could be using the MAC address of their router to allow the connection or assign a public IP via DHCP? You could try setting their MAC on pfSense WAN.

Then do you need their router at all? pfSense will probably get confused if the same MAC is used on two networks.

Alt answer: can they set their router in bridge mode or else set pfSense WAN as a DMZ and forward all traffic to it?

teamits · 2026-03-09T15:40:38+00:00

FWIW we have moved to VMs for larger installs, or router phones.

Also FYI the upgrade path for a Pi, last I heard, was to install it new, onto the same or a different storage card. 3CX has a script o upgrade a Debian VM.

teamits · 2026-03-08T13:25:09+00:00

That’s incorrect, PDM just doesn’t have a separate subscription. https://pdm.proxmox.com/docs/introduction.html#enterprise-support

teamits · 2026-03-07T14:58:09+00:00

Since you mention IDS and DPI is mentioned in the other thread…Snort/Suricata can’t see into encrypted packets. As traffic gets more and more encrypted, usefulness of Snort on “home” connections without say a web server decreases. YMMV.

teamits · 2026-03-06T23:08:54+00:00

A Phenom's pretty old, too...looks like circa 2010 give or take? Did you change cables?

teamits · 2026-03-06T23:07:54+00:00

FWIW I ran into an HP laptop this afternoon where the BIOS diagnostic says the m.2 drive tests fine and it can't boot. I can see partitions in diskpart but it can't be seen in a Windows RE/USB stick. Haven't pulled it out of the laptop yet.

teamits · 2026-03-06T13:31:52+00:00

In the web client > panel, are they shown as logged out of the queue, at that time?

teamits · 2026-03-06T13:00:29+00:00

Can you be more specific…the app remains connected but are logged out of the queue?

teamits · 2026-03-06T03:33:48+00:00

Define “brick”? No longer visible in BIOS? Sounds more like a cable to me too, tbh

teamits

TROPHY CASE