@SpecGlasses check https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html. I think I’ve seen posts that if it’s read only it can behave like this due to ZFS caching.

Also if you have a usb stick in it it can pull that file: https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl

@milani90

Just a gateway or a default gateway. 'default' is the key word here. It would be nice if you actually show the routing table. :)

@johnpoz Actually, I have seen many routers, but they are very complicated to set up. I have never set up a site-to-site VPN in a short period of time, but with pfSense, it was so easy, and many advanced and secure methods are available. That's why I like pfSense.
Anyway, Thanks again!

Some sort of internal card reader maybe? That might be USB attached. You might be able to disable that in the BIOS.

Might be something in the UPS. Try reconnecting it after boot and see what's logged.

Make sure you're running the latest BIOS, that one has errors in the ACPI tables:

acpi0: <ALASKA A M I > Firmware Error (ACPI): Could not resolve symbol [\_SB.PC00.TXHC.RHUB.SS01], AE_NOT_FOUND (20221020/dswload2-315) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20221020/psobject-372) Firmware Error (ACPI): Could not resolve symbol [\_SB.PC00.TXHC.RHUB.SS02], AE_NOT_FOUND (20221020/dswload2-315) ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20221020/psobject-372)

Most places in the GUI simply display the interfaces in the order they are parsed in the config file. So changing them there would likely change it everywhere that counts.

Ok yes it looks like one of your USB Ethernet devices disconnected itself for some reason:

ugen0.4: <Realtek USB 10/100/1000 LAN> at usbus0 (disconnected) ure1: at uhub0, port 23, addr 3 (disconnected) rgephy2: detached miibus2: detached ure1: detached Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x458 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80cc0c9c stack pointer = 0x28:0xfffffe00d93a9800 frame pointer = 0x28:0xfffffe00d93a9880 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (netlink_socket (PID) rdi: fffff8000f6382e0 rsi: 0000000000000004 rdx: 0000000000000000 rcx: 000018575745e64c r8: fffffe00dd54b8c0 r9: fffffe00d93aa000 rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00d93a9880 r10: 0000000000001388 r11: 000000008055c23d r12: fffffe00d93a9820 r13: fffffe00dd54b3a0 r14: 0000000000000000 r15: fffff8000f6382e0 trap number = 12 panic: page fault cpuid = 0 time = 1710642139 KDB: enter: panic

And the backtrace does indeed show the issue is in the ure driver:

db:0:kdb.enter.default> bt Tracing pid 0 tid 102948 td 0xfffffe00dd54b3a0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe00d93a94e0 vpanic() at vpanic+0x163/frame 0xfffffe00d93a9610 panic() at panic+0x43/frame 0xfffffe00d93a9670 trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00d93a96d0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00d93a9730 calltrap() at calltrap+0x8/frame 0xfffffe00d93a9730 --- trap 0xc, rip = 0xffffffff80cc0c9c, rsp = 0xfffffe00d93a9800, rbp = 0xfffffe00d93a9880 --- __mtx_lock_sleep() at __mtx_lock_sleep+0xbc/frame 0xfffffe00d93a9880 usbd_do_request_flags() at usbd_do_request_flags+0x75b/frame 0xfffffe00d93a9900 usbd_do_request_proc() at usbd_do_request_proc+0x5e/frame 0xfffffe00d93a9960 ure_miibus_readreg() at ure_miibus_readreg+0x185/frame 0xfffffe00d93a99d0 rgephy_status() at rgephy_status+0x7b/frame 0xfffffe00d93a9a10 rgephy_service() at rgephy_service+0x329/frame 0xfffffe00d93a9a60 mii_pollstat() at mii_pollstat+0x57/frame 0xfffffe00d93a9a90 ure_ifmedia_sts() at ure_ifmedia_sts+0x190/frame 0xfffffe00d93a9ae0 ifmedia_ioctl() at ifmedia_ioctl+0x163/frame 0xfffffe00d93a9b10 dump_iface() at dump_iface+0x145/frame 0xfffffe00d93a9bc0 rtnl_handle_getlink() at rtnl_handle_getlink+0x2a3/frame 0xfffffe00d93a9ca0 rtnl_handle_message() at rtnl_handle_message+0x195/frame 0xfffffe00d93a9d00 nl_taskqueue_handler() at nl_taskqueue_handler+0x79b/frame 0xfffffe00d93a9e40 taskqueue_run_locked() at taskqueue_run_locked+0x182/frame 0xfffffe00d93a9ec0 taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe00d93a9ef0 fork_exit() at fork_exit+0x7f/frame 0xfffffe00d93a9f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00d93a9f30 --- trap 0xc, rip = 0x828ed73ea, rsp = 0x85dd21ca8, rbp = 0x85dd21cc0 ---

Which is expected if it did disconnect unexpectedly.

Avoid USB Ethernet if at all possible.

If a crash report exists on the other device it would be in /var/crash.

@BassT said in switch from HAProxy Manager to pfsense haproxy:

basst@Kubuntu-VM:~$ curl pfsense.home
curl: (6) Could not resolve host: pfsense.home

In that case, the pfsense is the domain (eg, pfsense.com and the home is the TLD (top level domain, eg .com). In order for that to work, you would need to set a domain of pfsense.home:
0da662dd-1610-4958-8157-d3a268ae3cf9-image.png

Don't forget to mark as solved!

So in the package manager page? What pfSense version was that in?

Steve

@musthafa said in New Installation - No internet on LAN:

@JonathanLee said in New Installation - No internet on LAN:

Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ?

No. I'm new to pfSense. please guide me on it

https://docs.netgate.com/pfsense/en/latest/services/dns/index.html

Netgate has a docs page that’s amazing. I recommend you look at a configuration recipe. They have some configuration instructions like it’s a cookbook with terminology “recipe”

Do you restrict the number of states allowed on some connections? I noticed once I said for example 1 state allowed at a time for GUI it start to speed up a lot. Some I added expire timers on like my VPNs etc.

ACL for the HA proxy system should only have how many states??? Maybe just one as it is linked to the other proxy.

Screenshot 2024-03-15 at 13.15.33.png

I don't know if that helps, but some cookies kept creating multiple states for some weird reason and slowing everything down. But that was just me this fixed it for me with KEA use also.

If your ISP is offering some sort of translation to v6 upstream then you may be able to use that. Or potentially you could host your own translation node to do that. But it would still be easier to just tunnel or encapsulate the v6 to something you host.

The interfaces in the widget are simply parsed in the order they appear in the config. The only options there are to hide interfaces. You could potentially reorder the interfaces in the config if it's really important to you.

@stephenw10

Looks like just a reboot has done it. I have a backup negate box that I swapped over with the same config, so I could work on the said problem box, interestingly when SSH'd onto the unit, it was not loading the menu, but it did allow me to send the reboot command to it and after it came back up it behaved as normal - I swapped it back into the production network and all looks good. No recurrence of the error so far. Hopefully now OK.

Thanks for your help :)

@stephenw10 Unfortunately, no. It only seems to show up at startup fortunately. If I catch it again I'll screenshot it.

@stephenw10

Thank you So Much

Will nice in near future will all some options to manage the fw & nat rules. over command line.

right now pfsense start be used very large scale in datacenter for secure layer apps.

can be i game changer for pfsense to be massive deploy a large scale.

thank you

have a nice time.

Hmm, I was going to recommend disabling the audio hardware in the BIOS:

hdacc0: <Realtek ALC897 HDA CODEC> at cad 0 on hdac0 hdaa0: <Realtek ALC897 Audio Function Group> at nid 1 on hdacc0 pcm0: <Realtek ALC897 (Right Analog)> at nid 20 and 24 on hdaa0 hdacc1: <Intel Kaby Lake HDA CODEC> at cad 2 on hdac0 hdaa1: <Intel Kaby Lake Audio Function Group> at nid 1 on hdacc1 pcm1: <Intel Kaby Lake (HDMI/DP 8ch)> at nid 3 on hdaa1

But you probably can't do that in Coreboot.

You can see in your output though that it is booting with Video as the primary console:
Dual Console: Video Primary, Serial Secondary

If you have a serial connection I recommend setting serial as the primary console if only because it's much easier to log and copy and output from a serial terminal.

Since you changed nothing on pfSense (at least directly), I would go looking for the root cause in the Nutanix Cluster update process. My first guess would be during the move from node to node the Nutanix process changed something about the VNICs (could have been a MAC address, could have been something related to VLAN IDs if used, etc.). Changes to the VNIC could leave pfSense "confused" about which interface is LAN and which is WAN, for example.

@stephenw10
It is too early to tell but my internet fell-over today so multiple disconnects and re-connection attempts...

...and the router didn't crash.

There is hope.

☕️

@stephenw10

Hey there, sorry for the late reply, had some personal issues and I wasn't available. I'm gonna try again and update as soon as I can. ISP is sadly still pretty unresponsive...

Thanks again.