Do you have an old router with a switch in it you could use as a test perhaps?

Or maybe you could put the WAN through a VLAN on another switch so it's already linked?

The registration token? No. Once a device has been registered the token is expired and not used anywhere.

Mmm, Realtek NICs can cause problems but link delays are not usually one of them. If Intel NICs work though stick with them. Intel NICs are almost always the best choice.

Cool, if that works for you I would expect any issues. Since you're exporting all the logs you don't need them locally.

The problem was solved with this Patch

Thanks to the pfsense Team! (@jimp )

Have a fine Day,
fireodo

So clients are unable to resolve anything when this happpens but pfSense itself can? In Diag > DNS Lookup?

I've installed a fresh 2.7 and the issue is gone now. Can be closed. Thank you

So rotate logs on a schedule rather than a maximum size? And copy the log files out before doing that?

There's nothing built in to do that. You'd probably want to write your own newsyslog conf file and call it from cron.

SOLVED

I discovered that if I put the config (both in the root and in \config) on my boot installer, which had the 64MB PFSENSE FAT32 partition, the ECL worked correctly.

So, I reformatted the USB drive I was working with as a 64MB FAT32 partition (named PFSENSE) and wala, success!

Previously, the USB drive was formatted to use the entire drive of 4 GB. No idea why reformatting it to a smaller size matters... But, in case anyone else runs across the same problem...

Yup, those devices are probably not trying to resolve .local addresses using DNS servers at all. They assume they are mDNS and try to find them locally.

As no one official has acknowledged the bug yet - just wanted to report it running like this on a customer's box that needed it urgently and since implementing the fix 2 days ago, it still works without anything bad breaking or anything.

@stephenw10 said in 23.05.01 can't normal boot:

23.05.1

The pf v23.05.1 version will have this problem when the system starts. Other pf versions do not have this problem when the system starts. For other pf versions, this problem will occur after the system has been running for a period of time

@NollipfSense I will do the clean install. THANKS!

@yjd said in Lan's ip is 254, and the web page cannot be accessed:

reason is that I believe too much in the privacy mode of the browser, so I did not try to change ie and firefox for testing.

Strange. We use different info sources then. I would prefer Firefos far over edge or the chrome thing. The last two have just one main mission : transmit everything you do to their creator. Showing a web page is their second role 😊

@yjd said in Lan's ip is 254, and the web page cannot be accessed:

disable and re-enable the network card during the test

Always check afterwards your DNS/gateway IP.
You can stop checking as soon as you're done designing your network.

@yjd said in Lan's ip is 254, and the web page cannot be accessed:

I usually give priority to clearing the cache and testing again. . .

If you visit a web page on 192.168.1.1 (so 192.168.1.1 is the URL) - and then you visit a device at 192.168.1.254, then there will be no cache involved, as it is not the same device neither the same web server (in theory - this time it is, as you've changed the IP of the web server device).

@yjd said in Lan's ip is 254, and the web page cannot be accessed:

to clearing the cache

Remember this one :

@Yet_learningPFSense said in There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table:

@rcoleman-netgate It was about two months ago that I set up PFSense myself, using version 2.6.0 of PFSense and installing pfBlocker about a month ago (I didn't note down the version). There might have been some issues due to the version mismatch.

I am currently using the latest version of PFSense, which is 2.7.0.

@stephenw10 yes correct, not an apu2. :-) We do have experience with pcengines tho. Since the alix!

BIOS Vendor: American Megatrends International, LLC.
CPU Type Intel(R) Pentium(R) Silver N6005 @ 2.00GHz
Current: 1148 MHz, Max: 1996 MHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Memory 16GB
4 x Intel(R) Ethernet Controller I226-V

It pulls in available updates to some pkgs when pfSense-upgrade is run which it is when it runs the update check on the dashboard. The pkg package itself is one of those in order to allow updates to other newer pkgs. This isn't a problem for existing installs because everything there uses pkg-static and hence the correct version for the install. But, as you found, can be confusing if you are running pkg commands manually.

Steve

Yeah, it doesn't seem like a bug since it does it in every version I've checked, so not a regression. More like a missing feature.

You can open bug reports a feature requests here: https://redmine.pfsense.org/

I just upgraded my "Test Box" from 2.6.0 to 2.7.0 , wo. uninstalling packages 👷

1:
Did a reboot

2:
SSH to box , and (13) upgrade

3:
Box auto upgrade reboot

After a short while it began to answer pings (via OVPN L2L tunnel) , and i tried to connect to the Gui .. Nothing happened.
Did a SSH , and a restart web interface , and then it answered.
I think i might have been a bit to fast in trying to connect to the GUI, i gave it max 3..5 minutes (i3-7120U)

All in all SUCCESS , all packages (even zabbix) installed wo probs.

Well i had these messages (Squid), that i only use occationallyl, to debug some proxy stuff.
309c6e32-9dfd-4f9a-8e3c-dcf466b470dd-image.png

I did a reinstall of squid , and a reboot. No messages was shown after the reboot.

Thank you Netgate - Job well done 👍

Edit:
2.7 is running FreeBSD 14+ (As 23.xx plus) , and newer CPU's are using Speed Shift , not the "Old Speed Step". You need to tune it via System --> Advanced --> System Tunables.
See
https://forum.netgate.com/post/1108902

My i3-7130U was running a bit hot (IMHO)
So i have set a value of 75 for each "Core ... HT counts as cores) - NB: The recommended value seems to be 80 , but i like 75 (a bit cooler)

04ab6f18-7139-427f-8c99-4a1b900653e9-image.png

The (near idle) CPU went from 2400MHz to 800MHz 😊

Well i ended on the recommended value of 80 ... Let's see how it behaves with that setting

/Bingo

@soulmaster179 have you looked at your NAT setting for lan to wan is that set to default? Has your firewall ever worked? Can you ping anything internally on the LAN from the firewall? Do you have port 53 or 853 in use for DNS to allow that traffic on your ACLs?