@citroklar said in How I set up prefix delegation to carve out /60 subnets from a /56 prefix: But as those /64 subnets cannot be split further, I wanted larger Prefix Delegations - /60s, for both of my internal networks to be precise. (A /56 can be split into 16 /60 subnets.) I couldn't find a way to do this in the gui, so please enlighten me if I missed something there. Take a look on the System / Routing / Gateways page.

If it is repeating you should try running the debug kernel to get more info from it: https://docs.netgate.com/pfsense/en/latest/troubleshooting/debug-kernel.html

You can open a feature request here: https://redmine.pfsense.org/ I don't see anything open matching that exactly. There is this: https://redmine.pfsense.org/issues/16097

@mpeterson0418 Be assured : my pfSense GUI is also only accessible from only the 'main' LAN, and not from the other non-trusted LANs which is a captive portal (I've a hotel here, that's worlds most none-trusted collection of network users ^^) and another LAN with 'other' stuff I don't trust like cameras and other "worse then Temu and Aliexpress"' combined stuff.

Well it will work fine but I won't fill an 8Gbps link. Which may not be a problem.

@Gertjan Thank you very much

Because traffic is routed to IPSec tunnel

@Dmc it doesn't have to be easy then...

@zapspar said in domain lookup - threats - Sucuri: case solved How, you didn't answered the question.

@Stonework4958 said in Issues with 25.11 latest patches and latest pfBlockerNG: being 1.1 million hosts Consider this : for every DNS request unbound receives from your network (pfSense, LANs), it has to parse these 1,1 million for a potential match. That's might no be a big deal if you have just a couple of LAN devices connected. Also : asking pfBLockerng to 'load, parse, sort, match, whitelist and handles stats' over a list with 1 million entries ... knowing that pfBlockerng is using world's worst data handling language ( also known as PHP **) can create unstable situations. I know, it's easy to 'click and select them all', but there will a a price to pay. My advise : give your pfSense (and thus yourself) a break ^^ ** PHP was meant to create web pages. Not massive data management. PHP is also very limited in its RAM usage, normally around 500 Mbytes on an average pfSense system, and your DNSBL file is more like 10 Million bytes or so (check it in the /var/unbound/ folder)

@stephenw10 thank you for the confirmation. At least now I know that it won't work in the current setup, "it's not me, it's you" :) Hopefully with further development of if_pppoe more legacy setup will be added. I the meantime I'll try to nag my ISP to move me to something more modern.

@joy786 said in High latency to gateway and ISP when multiple switches are connected – possible pfSense overload?: What’s strange is that everything becomes stable as soon as I disconnect any one of my access switches. It doesn’t matter which switch I unplug — the problem immediately disappears. Current behavior Ping to pfSense gateway becomes unstable and increases significantly Ping to public IP / first ISP hop also increases pfSense CPU usage goes high during the issue As soon as one switch is disconnected: CPU drops Ping stabilizes This sounds like you are introducing then removing a Layer 2 loop.

@Draco Did/do you have 'prefer IPv4' set in Sys > Adv > Networking? Otherwise it will try to use IPv6 if it's available.

@whanlon np - while it it seems to be only cosmetic, since it does send the reject.. I would think should be a simple fix.. But then again I might be just assuming its easy.. Lets hope it can make it into 25.11.1 or 26.03

The corresponding deSEC dynDNS update URL for IPv4, if for completeness' sake you also want to switch that dynDNS client to a custom script, so that the otherwise non-custom client doesn't fully wipe out your recently updated IPv6 information from your deSEC domain, would be: https://update.dedyn.io/?hostname=$yourDomainName&myipv4=%IP%&myipv6=preserve And everything else would be the same as for the IPv6 deSEC custom dynDNS client, i.e. username being your deSEC email address and "Result Match" being the literal keyword good. The only thing that'd be different is that, in this case, you might want to enable "Force IPv4 DNS Resolution".

A x4 PCIe 3.0 slot will pass 32Gbps. That shouldn't be a restriction.

Hallo micneu, WAN ist der Tipp. ich hatte mich auf LAN versteift. Aktuell sind 6x 10Gbe und 4x 1Gbe Schnittstellen verbaut. konfiguriert ist noch nichts. Erst mal updates und alle Pakete installieren. danke ré [image: 1768768329121-bildschirmfoto-2026-01-18-um-21.31.19.png]

@hsgajmer21 said in Bandwith Issue with netaget 8300: I did that but didn't help You checked for a mismatch and didn't find one? Or you found and corrected a mismatch and it didn't improve the upload speed?

@itandgeneral you might need to add some heat sinks because of heat build up too …[image: 1768754068320-img_3448.jpeg]