On my side, as soon you try to do an install with a different ip or a different sub. it result into a 404 Not found -nginx error page. if leave and touch nothing and just put the psw.. look ok, but even after try to change the ip and it fail. Doing the exact same process as 2.4.5 or 2.5. So .. no 2.5 is the last working version.

Hello all,

My issue went away for quite awhile. Now lately I upgraded to newest version and after that reboot I have issues again.

The internet on the OPT1 is dying intermittently and that feeds my upstairs managed switches. I cannot figure it out, but when the issue occurs it cannot reach the router. Everything on the switch is fine and can be reached.

Once I hot plug the wire from the router to the managed switch the network comes back up. What is this doing that isn't happening automatically in the router? There isn't ANYthing in the logs until I hotplug the ethernet cable.

Yeah just delete all those hybrids you have.. No idea why any guide would say you need those.. Especially those with specific ports 1024:65k

What guide did you follow?

Also the other thing pretty much every vpn service guide I have looked at wants you to route everything through them.. When most likely you don't want that.. Don't pull routes in your client config, and then just policy route what "you" want to send down the vpn. Which could be all if you want, but ntp down a vpn is going to be a horrible setup.

@AKEGEC thanks for the reply. I have opened a ticket with CyberGhost but they do not offer support for pfSense only dd-wrt routers offer a guide. pfSense / Netgate want a $399 yearly fee for support which I cannot afford.

I couldn’t find any decent videos that explained the config on YouTube. Do you have a link to one?

Thanks in Advance for your help 👍

@akegec Since memory size was reduced pfsense was restarted multiple times and the server was powered off, the glitch still exists even after update from 2.5 to 2.5.1.

Encrypted Configuration files
The GUI can automatically determine the correct decryption method when restoring an encrypted configuration backup file, whether it’s from a current version or an older version. When restoring an encrypted configuration file, check Configuration file is encrypted then enter the password in the Password field, and restore as usual from there.

Encrypted configuration files can be manually decrypted using the correct password for offline inspection.

The method used to encrypt configuration files changed in version 2.5.0, so use the method appropriate for the version which generated the encrypted configuration file. In either case, replace <PASSWORD> with the appropriate password string, and change the filenames as needed.

2.5.0 and later:

grep -v "config.xml" config-encrypted.xml | base64 -d | \ openssl enc -d -aes-256-cbc -out dencryptedfile.xml \ -pass pass:<PASSWORD> -salt -md sha256 -pbkdf2

Older versions:

grep -v "config.xml" config-encrypted.xml | base64 -d | \ openssl enc -d -aes-256-cbc -out dencryptedfile.xml \ -pass pass:<PASSWORD> -salt -md md5

In my case, I changed pass pass:<PASSWORD> to pass file:<PASSFILE>.

@stephenw10
Thank you for your advise.
I am not aware of such setting. I will study it and give it a try.

Thanks very much ! Based on the thread, my upgrade went perfectly. I'm up and running with no downtime at all.

Keith

@nollipfsense said in Pfsense with rj45 to USB:

If I were you, I would get a managed switch to use VLAN with that tiny one Ethernet port.

The problem with that is it effectively limits him to 500 Mb and he's got a 900 Mb connection. When you use a VLAN over a single port, a packet has to pass through the same port twice, so a Gb port effectively becomes 500 Mb.

Six year old post but your research saved me tons of time. I've been scratching my head for days, contacting both Netgate and several syslog server software vendors to see why their viewer won't show messages actually showing up in Wireshark just fine. I got nothing until I found a simple workaround, just changing the listening port of the syslog server and making the device send to that port instead.

@thewismit
could this be it?
https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots

I'm always setting my ACPI power state on to "Power on"
That way i'm sure my Fwall is starting after an AC (mains) failure

Edit:
You will like to try that by "pulling the AC or 12v plug" ....
If the disk don't survive (UFS) , you i''l also know why ZFS is preferred ...

/Bingo

An update to this - there has been no change/improvement to this with 2.5.0 nor 2.5.1.

@virgiliomi said in Unbound stop working on 127.0.0.1 after 2.5.1 upgrade:

the Status > DNS Resolver page showed no statistics or data

Changing the DNS settings restart the Resolver, clearing all stats and cache.
That normal.

@tgimagine
Make sure no one has plugged the same cable into 2 ports on the switch or under a desk, try unplugging about half your computers/printers and see if the problem remains. If yes, plug the first half back in and unplug the second. APs, too. Process of elimination.

Also, on the off chance it is the SG, take it off the net. Maybe bad NIC out of box.

@virgiliomi My problem seems different. Removing 127.0.0.1 from General | DNS Server and rebooting doesn't fix the issue.

Stop pfBlockerNG and NTP peers show up.

running 21.02.2 on SG-1100

@gertjan @mods

Gertjan, thanks for the advice on not registering hosts. I'm trying it now, hope it helps.

@pfnow I don't think pimd is required for chromecast. It uses mDns for discovery so only avahi is required.

On the Samsung multicast side of things, i still don't have it working. Changing SSDP to ttl=2 has resulted in the tv receiving the ssdp m-search query.

Device spy is seeing data coming back too. Though something is missing as it fails to add the tv to the list of found devices.

One of the things i have noticed is that many of the urls advertised by the tv throw a 401 unauthorized error when accessed from the wrong vlan.

I don't yet know if the 401 error is due to some form of upnp authorization mechanism that is failing or if it is blanket 401 erroring as the ip.src network is a different /24.

The other thing of note is that the tv does send messages to 224.0.0.7 with ttl=1. I don't know at this stage whether further ttl mangling is required or this is acceptable. I do see the tv ip as a registered source in pimd status page.

Hello,
I didn't consider it relevant but two of my potentially "problematic" systems, dc0 and dc1 (see original problem description) also run on vmware.

Doing research I obviously stumbled upon the asymmetric routing problem but I honestly can not immagine how it could be unless it is internal pfsense routing. My setup has worked fine on 2.4.5 and 2.5 and I think also 2.4.4?

I also think the underlying bug might be the same as https://redmine.pfsense.org/issues/11805

@eznightbringer

????

I have never heard of anything like that. Fibre has an incredible amount of bandwidth and the equipment connected to it shouldn't be doing anything like that. What happens if you connect a computer directly, without going through pfsense? What does speedtest show? What does your ISP say?

@johnpoz I want to say it was like 2-3 weeks. I wasn't keeping an accurate timeline. I can tell you that you must send the initial request via snail mail. I tried faxing my initial request and never seemed to get anywhere.

Your answer will come via an email from NIST that will have you log into an HTTPS site (an Accellion appliance) to download your keys.

@lilang-maseng what happens when you test the authentication in Diagnostics > authentication

@bmeeks your point is most valid

If anyone has had this issue - updating to the release version of 21.02.2 seems to have fixed it! I think it's related to this reported ticket: Regression #11436

Will report back if I see any further related glitches.

@pfgate said in pfSense 2.5.1 Announcement, Release Notes, Installation Instructions:

I see that 2.5.1 is available in the GUI. I've poked around a little and can't find an announcement, any release notes, or installation instructions. I'm new here so I'm likely not looking in the right places.

RedMine now shows 2.6.0 items on the roadmap page. Are 2.5.1 items now on a different page? Wonder if the News and Documents pages in RedMine might be a place to publish announcements, release notes, and installation notes.

https://redmine.pfsense.org/projects/pfsense/roadmap

I have 2.5.0 and have set up two WireGuard peers, with pre-shared keys. I think I read that I'd have to delete/disable the WireGuard server before upgrading to 2.5.1. That correct?

Hi, maybe this is the right pace :)

https://www.netgate.com/blog/pfsense-plus-21-02-2-release-and-pfsense-ce-2-5-1-release-now-available.html

@jimp OK, thanks for letting me know, I know you guys must be busy at the moment sifting through any possible bugs being reported.

Thanks for the speedy point release, you guys must have been working hard, wasn't expecting to see it so quickly.

@gertjan said in Troubleshooting new pfsense 2.5.0 installation:

the x.x.x.10 and x.x.x.20 are switch together

Yes, both are switched together

@danielino1981 said in Multiple LAN on Pf Sense:

I don't want the VLANs

If you don't want to use VLANs, you'll need a separate interface for each LAN. The Qotom comptuer I use has 4 Ethernet ports, so I could have 3 LANs without using VLANs.

@gertjan Thanks

if you run status > filter reload does it fix it?

i have had that issue consistently on 2 different Netgate products

@72zoea said in Button to turn off internet for a group of devices:

to quickly turn off internet

Login to pfSense.
Goto Firewall => Rules => LAN.
Click on the
70e8a4ea-e703-4545-91ec-563f181862c5-image.png
symbol, and then the green Apply.

so, 5 or 6 clicks ..... as pfSense uses a GUI.

You have to create a firewall rules that uses an alias as a source. The alias should contain the IP(s) to be block.
Enabling or disabling this rule will do what you want.

Btw, I do recall that there are other ways to learn how to clean up after tea. I was a kid before ^^
( and there was no Internet during the vast majority of existence of mankind )

@nibblet said in New installation and packages.netgate.com issues:

@teamits Ahh, thanks for that, that helps a lot, altho now I am left with an interesting pickle on how to solve this, as I don't believe the proxy server is clever enough to look up a SRV (it only sees the http request) record and there is no external DNS.

However, I could probably setup an internal 'dummy' netgate.com domain with SRV records mimicking what's outside which may be enough to poke the firewall to pickup the right domain, the issue would be somehow keeping this up to date.

At least I know why its not working now :-)

how you solve this problem? thanks