@gertjan Hey there! Thank you for taking the time to reply!
I figured out what happened after taking another stab at it. Manually assigning the ports did the trick. I was able to setup the router after that.

We have enabled that by default for 23.05: https://redmine.pfsense.org/issues/14002

@stephenw10 said in Pfsense as client and remote wireguard server:

You are running pfSense at both ends of this tunnel?

not running pfsense on both ends of the tunnel...
pfsense is running on my home network..
remote server(oracle) is not on pfsense.

@stephenw10 said in Pfsense as client and remote wireguard server:

You can set a static route the OracleCloud public IP via whichever WAN gateway you want.

will try it and update

@stephenw10 @Gertjan
Doh! User error. I always disable the default "admin" and create another admin user, hence why I was not able to ssh as root. This is probably why my NewAdmin is not in the "wheel" group but instead in the "nobody" group.

I can't add NewAdmin into wheel group due to

usermod: command not found

But now that I have "sudo" and I understand the cause for this workaround, I'm fine with it.

Yes, that would be a great test if you can do it.

Send me your NDI and the output pkg -d update in chat and I'll check it.

I would also check the Status > Monitoring graphs to see if there is some resource being obviously exhausted.

@stephenw10 said in Package list empty after CE upgrade to Plus 23.01:

https://redmine.pfsense.org/issues/14137

Outstanding. That fixed the issue. Packages are now listed.
Thank you very much! Excellent support...

@lparker thanks for the update.
In the past, at different $WORK places, phys for NICs can get weird.
Sometimes, if you set one side fixed, say 100M, Full but the other side is set to autonegotiate, the speed can get figured out but the duplex can't. It's the way the hardware works, so you wind up with one side Txing at 100M,Full the other side receiving at 100M, Half. That cuts your speed right in half easily. Most modern sw that lets you "fix" a port, actually winds up simply restricting the autoneg options.

If you add a switch in between the laptop and it works, then I would check things like "fixed" or "autoneg".
Cables could affect ability to autoneg, especially at the higher speeds.

Hmm, so where is the MTU change, packet re-assembly happening? If it is?

Does the other pfSense with the 10G NIC have larger frames enabled?

Are you able to test a different pfSense version a client?

Did you test a connection through pfSense but without HAProxy?

@gertjan
I think I just did the biggest brain fart ever. I feel like an idiot. I created the firewall rule but didn't create the NAT rule for the port forward. I got it figured out! THANK YOU EVERYONE!

@puneet1984 said in powerD only able to access one core:

$sysctl -a | grep -i cpu1
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel1: <Intel Speed Shift> on cpu1

You must have been running it when you took that sysctl output though?

Seems the PBR problem is part of a bigger one. The Alias, which has a list of entries that should be routed via PBR and is used in the ruleset as destination is miracously empty. I guess that's something to do with another patch but either way it is empty and thus routing doesn't work.

Edit: sigh It's FQDNs. All aliases with FQDNs won't get correctly repopulated and are simply empty thus not working. I thought we already had that taken down...
That seems very much like https://redmine.pfsense.org/issues/9296 again?
But it's weirder as it seems every change currently in aliases, NAT, rules won't get applied at all and I have to go manually to filter-reload every time for it to show up. Just checked, duplicating a FQDN alias and it didn't show up in the tables. Only after manually filter-reloading it was there but empty. What's going on?

Trying to reboot again after deleting all wireguard weirdness, hoping to get at least all other functions back.

...
Edit2: OK that third? fourth? reboot seemed to have helped repopulate any alias at boot time correctly including DNS aliases. That way the PBRs are working again, the VPN GWs are again found. Good. Still NUT going nuts about any small change in packages, interfaces etc. But hey. Main things are again working normally...'ish.

Funny enough, now that I deleted the Wireguard interface assignments and static routes, after the reboot the service is now in "started" mode again and seems to have started the tunnels (S2S and RAS) without their fixed interface binding again. Will have to see if I recreate the old settings or leave it running for now.

...
Edit3: What the fruck? After the latest reboot it seems the package repository failures have righted itself (or Netgate's team has fixed it's certificate?) Either way pkg update is running again now.

@stephenw10

yes i guess you are right regarding the wait time for modem to restart.

@youcangetholdofjules

fdd542f4-7e56-4ca0-b762-842b4e4a832a-image.png

If you have a solid "900 mbit" you will see no spreading what so ever when doing this test :
https://www.waveform.com/tools/bufferbloat

Or, I'll bet you will see some random spreading and even spikes while up and downloading.

@bootable said in pfsense-plus-pkg.netgate.com no DNS resolving:

the URL or FQDN pfsense-plus-pkg.netgate.com has not a DNS entry

It has.
There is more then A or AAAA 😊

See packages.netgate.com Has no A/AAAA Record

@senseivita

[23.01-RELEASE][admin@pfSense.dust.tld]/root: which rsync /usr/local/bin/rsync

rsync is pretty 'core'.

@senseivita said in Is rsync preinstalled in pfSense?:

My VM templates already have rsync but so they have the FreeBSD repos enabled

Classic Freebsd is not pfSense.

@senseivita said in Is rsync preinstalled in pfSense?:

whether to check the files in /usr/local/etc/pkg/repos as well, sed, awk, all that.

What about looking in the places where they live ?
All the /bin and /sbin folders, and their /usr/local/ equivalent.

@rcoleman-netgate, dear, 2.5.2 is just a stop on the way of trying to get an updated version to 2.6 functional for my scenario as 2.4 is at the moment, as you can see when upgrading to 2.6 the problem of accessing external hosts persists and yes, most likely there is something wrong in my configuration, I just want to know, if is possible, which direction to point to try to solve this issue

30da97f7-0ff8-491a-ae2c-e6683f5e996e-image.png

When were disabled DDNS and all IPV6 DNS servers as well on home router the problem is solved. Thanks to all for assistance!

@tman222 I cannot recommend a 1:1 clone of two different systems.
I killed my installation twice with the import of the clone from my APU2 onto my I226 based.
I had to crop quite a bunch of lines on the config until it worked.
I can recommend Notepad++ for editing.
There U also can edit the names of your interfaces like igb0-3 to igc0-4 like in my Case.

Yeah, that is a router. It might have a modem in it but if you're able to disconnect the WAN cable form there and it works in pfSense it probably doesn't. The actual modem is whatever's on the other end of that cable is the modem.

You are replacing that router with pfSense so you need a switch on the pfSense LAN side to connect other devices.

Steve

@viragomann RDP is allowed via the firewall. When enabling it, it seemed to do it automatically. Same issues on linux machines also.

I would highly suggest you use HA proxy and not use Squid for anything.

solved
All done from the web gui
Brand new install (with intel NICs)
Restore old configuration (Realtek NICs)
Pfsense will whinge that your interface assignments are incorrect.
DO NOT REBOOT at this stage

go to Interfaces | Assignments | PPPs
edit the Link Interface to the Intel NIC

repeat for VLANs
Now Pfsense will ask to reboot - do it - now it works!

@Gertjan
You wouldn't happen to have a Redmine account would you? 😁

@stephenw10 Thanks, Steve!

@jimp said in Editing Aliases open wrong aliases:

If you are on 23.01 and have applied the alias sort order fix patch in the System Patches package, then you'll need to update the system patches package again and apply one more fix from the list there.

See also:

https://redmine.pfsense.org/issues/14015 https://forum.netgate.com/topic/178813/problem-with-change-in-aliases-list-sorting-redmine-14015

You're a lifesaver :)

@viragomann You gem of a person!

Seriously, I need to take myself outside for a vigorous uppercut - I completely overlooked that parameter!

Thank you!!!!

@jimp My problem is that my customers are using pfSense internal user database and from my RADIUS server, there is no way to verify user’s password…

Having this issue as well, for about 30 days. Has persisted though reboots.

Right. If you have a virtual environment requirement that justifies larger hardware like that then it's an easy choice. 😉

@stephenw10
I appreciate the confirmation of the values. I’ll try again soon.

@michmoor said in [Negate 6100] No logging post 23.01 upgrade:

@stephenw10 Nope no error. I still think it’s package related perhaps.
Suricata alerts I get a syslog entry.
EVE json logs are not generated and not sent to pfsense syslog.

Probably just similar to this then but as you say that code will all be in the package. Better to open a new thread for that in the IDS/IPS section.