After fixing the backup node, i encounter the exact same issue on the master node... Snapshot before reboot to be able to recover the config file !

Using Spectrum as ISP and was pulling my hair out on why the Netgate sg-2100 wasn't getting a WAN ip address. After unplugging the modem and the Netgate for a few minutes, then plugging in the cable modem then the Netgate did it get a WAN IP address on the device, thanks!

@stephenw10 Thx! It works :-)

Thanks again for your replies. I enjoy playing around with all this networking and security stuff. Very exciting. And pfsense is the best! And a great support community - thank-you.

But like home, pro, server etc?

No that's not possible. And you really don't want to have that sort of service on a firewall anyway.

@dutsnekcirf said in Convert pfsense ova file to qcow2 fails with either virt-v2v or qemu-img: I'm wondering how well this works. Very well. All the config is in that file. It should restore and be identical. The only issue you will have are he interface names will probably be different (vmx vs vtnet) so they will need to be re-assigned when you import it. Steve

@Antibiotic get rid of that torrent client eventually it’s gonna break stuff if you keep using it. Trust me. Stop using it, think about how many ports you need open. It just takes one bad download

@stephenw10 I'm also noticing this behavior. I'm on pfSense version 24.03-RELEASE.

@stephenw10 Both really. My infrastructure segment is inaccessible unless you can either get on that vlan through a physical port on the switch, or via a VPN that the FW originates as the server to get on an administrative network. There are also client mode VPN connections to a commercial provider. Regardless of if the traffic is coming in via the admin VPN and then out WAN, or on the local segment and then routed over the client VPN out to the web it takes a big hit to throughput. It would be difficult to pin down if it affects traffic both ways given the huge imbalance in the down/up speeds. It does seem to be limited to traffic routed externally that has the issue though. Running a speed test from the admin net to a local server works as expected despite going through a vpn tunnel to get to that network. But anything either from the admin vpn or going over the external commercial vpn to an external site is heavily limited.

Thank you very much for your help. It works now! I have just reinstalled the pfsense.

Mmm, I'm not sure we can anything about that. The webgui handles that formatting fine. I believe that's actually the syslog version, which i9s part of the expected format.

If you created the VM in ESXi 8.0 then it's probably OK. But the VM version is separate to the ESXi version.

Yes it should do that anyway. If you renew the cert for example.

@jriofrio Just to corroborate your statement about (in my case) not need it to disable the hardware checksum with the intel x540. You are correct, I enable it back and reboot the firewall, tested the connection of OPT1 (2nd LAN) and all works good, no problems accessing websites. Also, I deleted the DoT rule for the 2nd LAN. All good.. I'm please with the results. PS: couldn't sleep , so i decided to do the changes now that no one is using the internet....

@kprovost Though my eye is untrained, I would agree that mine looks very similar. It has happened only once, so I will keep an eye on it and watch for when 24.11 goes GA. Thanks. --Larry

They will not give you even a carrier grade NAT IPv4 address? You should be able to access IPv6 sites from LAN OK as long as the ISP are sending you a fix delegation to use on internal interfaces? Are LAN clients receiving a routable IPv6 address? Steve

Yup you can't install a pkg for 2.6 into 2.7.0. If you managed to force that to happen it will likely break things. It should work fine in 2.7.2.

Hmm, so using Windows NPS your user is able to login directly in priviledge mode? How is that configured? Do you have logs from the switch? This probably isn't actually pfSense related if it's just between Freeradius and the switch.

The packages should be updated during the upgrade anyway. The new pkg system with dynamic repos makes accidentally pulling in packages from the wrong repo thankfully far more difficult. Since 23.09.1 you've had to opt in to the new repo when an update is available.