@stephenw10
I figured it out, (I figured out what fixed it, not sure what caused it. I have been dealing with this for 2 days ugh)

I have debug window in browser open, disabled cache and the pages loaded. removed the check mark and they load fine. Not sure why the problem started on those two pages.
3bc3be4a-0fe1-442a-932a-ce736a6f49b2-image.png

Yeah if you only need bash just install bash and avoid this issue entirely.

@stephenw10 i test your command on my "backup" pfsense and it's worked, got a 1Go file vmcore.0
So we just have to wait now...

@Hyperion said in Using certificate on 2 Firewalls?:

how do I get/obtain a certificate for a firewall example pfSense to install on the hardware?

A 'certificate ' for what usage ?
You can make your own. If you trust the certificate you just created yourself, and you install it into the browser and other app that use these certificate(s), you'll be fine.
If you want a certificate that everybody and everyone trusts out of the box, you need to have a domain name, one you've paid for, like "123456-just-for-me.com".

@Hyperion said in Using certificate on 2 Firewalls?:

can I install an existing certificate on a 2nd firewall and use the 2nd firewall as a replacement if the 1st firewall has a hardware defect?

44a583c8-2ac1-40e9-9f22-ab84a32ac49e-image.png

The third certificate : I 'own' (rent !) the domain name (example) "my-local-network-net" and I use the pfSense package acme to handle the (re)newal of the certificate.
When done, every 60 days or so, I export them to my NAS, printers and other APs : everybody that has a GUI port 433 (https) access.

@Hyperion said in Using certificate on 2 Firewalls?:

can I install an existing certificate on a 2nd firewall and use the 2nd firewall as a replacement if the 1st firewall has a hardware defect?

of course.
You can even automate this setup : if one fails, the other one takes over you doing nothing but drinking beer.
See the pfSense documentation, or one of the many video's about the subject.

@Hyperion said in Using certificate on 2 Firewalls?:

if I export an complete existing pfSense Firewall setting, will this export contain the certificate as well?

All pfSense settings are in the file you export.
Example : the hard disk of your firewall does what they all do : it dies.
No problem : you have your daily backup of the config, so :
Put a new drive in place.
Get the latest copy of pfSense : = download or contact pfSense tech support - TAC.
Put the firmware on an USB key - see pfSense Documentation "How to use Etcher to create a USB boot drive for pfSense).
Install pfSense.
As soon as the GUI is up, import your config.
Reboot.
Done.

The most difficult step was probably :

Put a new drive in place.

Btw : VMs are even more easier ...

@Hyperion said in Using certificate on 2 Firewalls?:

given by ChatGPT:

A forum member ?
Must be anew one then.

Normally, the old answer is used : RTFM ^^
As very soon you will have hundreds (more probably) questions. (and that's a good sign !)
And you really don't want to type them all.
An nobody here likes to copy past the same answers here 😊

edit : pfSense Documentation
and also : the Youtube Netgate Channel.

edit : Don't be bothered with the RTF.. word : if you have a question : post.
We have all several things in common : born without knowing what a firewall is.
"Fire" and "wall" came in early (for me) but the two combined, buried in a small box with a lot of cables, that one needs to be learned the old fashioned way, mostly by trial and error (for me, that is) ;)

@Alena-Cantillo said in Pfsense is unreachable after reboot.:

Have you find any solution about that? I mean when the pfsense doesn't reload

Can't tell.
Only the admin in front of the device can discover that.
By using the console cable he would be able to see pfSense booting, and if there was an issue, it will be shown on the console screen.

@stephenw10 said in Reboot using R/r (Reroot): Does not restart pfBlockerNG (DNSBL, firewall filter) and others:

So they do restart as expected?

Yes, I should have include I have Airvpn configured and using all three available connections as a Gateway Group along with balancing, so it takes a moment or two to get going...

Just want to say I appreciate the replies. There is documentation from the vendor on URLs and IPs to whitelist so that’s a win. IPs and Ports

@stephenw10

Yes, that appeared to have fixed it.

Thanks again for your prompt help.

Mmm, that's not an issue I'm aware of. Hard to see what might cause that. I assume you can make other changes to the config successfully still?

You would still see version updates available if a vulnerability was discovered that warranted a pfSense Plus release. Same as an other pfSense Plus install.

It will automatically be set to 1492. If you run ifconfig you can see what the ppp interface and it's parent are using for MTU.

If your WAN/ISP supports it you may be able to set the parent NIC to 1508 in order to get the full 1500B across PPPoE.

Steve

What's the existing load on the 1Gig connection at peak times ? If it's below 100%, then there's your required bandwidth. If it's often maxed out, then you need the 10G link before confirming PfSense hardware.

@stephenw10

Yes, I see the BGP session opening sates via IPv4 but not IPv6.

@SteveITS I ended up with another TAC license - but thanks anyway 👍

@stephenw10
excellent. Solved my issue with missing packages.
Up to this point I was getting:

DBG(1)[97341]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[97341]> PkgRepo: verifying update for pfSense-core DBG(1)[97341]> PkgRepo: need forced update of pfSense-core DBG(1)[97341]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[97341]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf DBG(1)[97341]> curl_open DBG(1)[97341]> Fetch: fetcher used: pkg+https DBG(1)[97341]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf DBG(1)[97341]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults * Trying 208.123.73.207:443... * Connected to pkg00-atx.netgate.com (208.123.73.207) port 443 * ALPN: curl offers http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * SSL certificate problem: self-signed certificate in certificate chain * Closing connection DBG(1)[97341]> CURL> attempting to fetch from , left retry 2

After the rehash, this was fixed and the packages re-appeared in the GUI.
Many thanks.

it seems to be stable on OpenVPN... no reboots/crash at the moment.

The only setup difference with the IPSec configuration is that on IPSec I had to manually enter the default route (route -6 add default <tunnel endpoint>) because for some strange reason it was not set automatically (even if I selected the gateway as default in the routing menu).

I'll write if it happens again, but I would say that the problem only seems to be present on IPSec.

Yup VLANs are treated like any other interface in pfSense. The firewall rules on the interfaces apply to all traffic entering them and are stateful by default.

It's possible to create stateless rules there if you need to for some obscure reason but you have to try hard. 😉

@Limrick08 not stupid by any means.

Seeing root logins would peak my interest as well to understand what they are ;)

The internal NIC, mvneta1, sees traffic from the switch on port 5 exactly as if it was an external switch.

So an interface assigned as mvneta1 directly (as LAN is by default) will see untagged traffic.

You would create VLAN interfaces on mvneta1 and assign them to see the tagged traffic arriving on each VLAN.
Since it's working I assume that's what you have done.

Steve

@davidylau Sometimes the anti spam triggers, especially for accounts without upvotes.