No traffic shaping set yet.

A few weeks back I did try using CODEL for the second time but ran into problems after trying to disable it for testing. Caused the router and pfsense to become unresponsive. I had to reboot the router to get things up and running again. The first time I tried CODEL and then disabled it, it caused a lockup so bad that my pfsense router would not fully reboot and keyboard would not even work. The only solution was to reinstall pfsense and set everything back up again as I didn't save a recovery backup beforehand.

If anyone is interested (Or Searches for this in the future….)

Yes, it works. However, a few things I noted.

1. I couldn't get the PPPoE Server on pfSense to work as a VLAN interface. Instead, I had to set my management LAN to be a VLAN interface, and set the PPPoE Server as the untagged interface.

2. When you plug the router into the Mesh point, the Mesh point first sees if it can use the LAN to connect back to the controller, so will actually drop off the network temporarily. (So don't expect your router to make the PPPoE connection instantly)

3. When testing... use the aerials on the mesh points! I had them running without the aerials to begin with, and throughput was next to non existent!

So my setup is as follows -

System Lan - VLAN on Interface 1 (CloudKey lives here)
Mesh Lan - Untagged on Interface 1 (TCP Port 8080 - Inform & UDP Port 3478 - STUN open to CloudKey IP - No other rules. I.E. No internet access)

PPPoE set to run on the Mesh Lan.

With the later firmware(s) running on the CloudKey, you can cache firmware updates to the CloudKey, so the Mesh points don't need to see the internet directly.

Ad

I don't know. I assumed maybe PfBlocker put it in the BlockList Alias that I have, but I really don't know how fast I was hit or really when exactly it happened or really how it was put in the BlockList. That's kind of the idea behind having a notification. I never knew how or when it happened.

No I didn't mess with the cron job regarding sshlockouts, and never have. I've added cron jobs, like checking SMART and initiating a scrub, but that's it.

According to the IP description listed in the BlackList Alias they were added on 11-16. That's all I know, because I had no other notification.

On a side note!!! A resolution has been submitted by loonylion and has been submitted to an OP for submission to give a notification on the notification pop up and email (if applicable) upon a failed login.

As a side note, this will NOT create any additional noise if there isn't a problem and if no one is trying to log into your firewall.

So, No Noise (no login failures) = No notification
Failed Login = Notification of event

Solved: https://forum.pfsense.org/index.php?topic=144593.0

That's the frustrating part. Nothing, as the connection "freezes" briefly but doesn't close the session. I'm running pfSense (and Neorouter) in VMs. Hardware is kind of old by 2018 standards so I wonder if that has anything to do with it. I have a spare Hyper-V host with SSD storage that I should migrate the VMs to just to see if it makes a difference. I've considered OpenVPN too, which I might roll out for kicks, but I have like 40 hosts set up in NR and it worked so well up until October or so. I've been procrastinating doing anything about it as it's more of an irritant rather than a total loss of functionality. Maybe I should deploy a hardware pfsense install in the lab and see what happens. It's always nice to hope for a "change this value to X" and have a magical fix.

I had a similar success rate with NR for quite a while and would do the same kind of thing as you describe!

really hacky:
https://forum.pfsense.org/index.php?topic=65092.msg354840#msg354840

You should be able to change the tcpdump arguments for it to look for the frames you're interested in.

Same issue here. VM with 2.4.2-release-p1. No indication of shortage of RAM or HD space…

Or even a different IP on the same subnet ;)

Security reasons. Any script run like that should never have anything more than the trusted directories in its $PATH and those are by convention /sbin:/bin:/usr/sbin:/usr/bin. This means that when writing scripts the scripts should use full paths to executables located outside the trusted $PATH.

DDOS protection requires a certain level of expertise and specialization. You're going to need more info on the topic that what a general internet forum can provide. Unless you're working at my State Uni, which has over 1Tb/s of backbone connection, there's not much you can do.

My ISP has handled DDOS attacks by purchasing more bandwidth temporarily. I am not sure how large the attacks are, but even low end DDOS attacks are quire large these days.

OK - finally gave up on trying to solve this. Instead took an Alexandrian stroke and solved it like this:
We moved away from using unbound on pfsense and instead configured a VM running bind9 in the internal network.
Configured google's DNS:es as forwarders but added "edns no" statements for them:

server 8.8.8.8 {     edns no; };       server 8.8.4.4 {     edns no; };      

Why this works I don't know other than bind doesn't use EDNS at all. EDNS Buffer Size was set to 512 in unbound but this clearly didn't solve the problem.
DNSSEC is enabled in both configurations and we get AAAA responses from bind as well. For some reason the name resolution is now quicker in general.

@adoucette:

@Derelict:

reject TCP/UDP from any to any port 53

Unfortunately, that rule just stopped the other web browsers from working at all. (I put it after the DNS redirect rule)

OK then add a pass rule between those two rules that passes TCP/UDP from any to LAN address port 53.

Damn Invert match rules suck. Just say no.

Def not a browser issue….

So far to test, I tried using the SG1000 and worked with no issues w/ the same settings I have on my VM box (even isntalled a fresh copy)

Have a feeling its something between the VM ESXi and pfSense.

Once I restart the pfSense, everything works at first but once I am on the page surfing thru, it will get slower and slowe eventually timing out.... BUT if I go to another different website it will works but again same thing once I start either downloading or surfing through the pages after a few minutes it will slow down....

Try pinging that address and see if there's a response.  If so, check you ARP cache for the MAC address.  That address can then help to find the hardware.

Hey,

yes thats weird.

The Setup uses pfsense running bare metal on two Dell R330 (Intel Xeon CPU E3-1240 with intel server NICs) with a carp setup. Each R330 with 4 Interfaces trunked as LACP (2xWAN, 2x LAN) to the switching hardware. Here we use different juniper switches like ex2200.

In our testing we just had the server on the same switch as the pfsense but different VLAN as the client, Client is connected to another switch. Yes there is wifi but not involved in this issue, wifi is another vlan.

Already tried to disable all the offloading features.

Capture.PNG
Capture.PNG_thumb

Because a hop doesn't answer in a trace?  You assume they are broken?

Sorry but no… There are many a router on the net that does not answer a trace.. You could try using something other than windows, linux defaults to UDP vs icmp, and or you could use TCP in the trace, etc.  Sometimes that helps resolve a hop..

Good morning Folks,

this is the error message I was talking of:

An hour ago, just to be sure I wouldn't have any connection problems today, I did a restart via ssh –> 5) Reboot --> Y/y Normal reboot
Result: APU was stuck in boot screen, the last printed line was "BIOS Version 4.6.0". Resetted the box, normal boot went through. On the overview, no IP was assigned to the LAN interface.

Assign IP address --> 2) LAN Interface --> IP --> Netmask --> no Gateway --> no IPv6 --> DHCP --> revert to HTTP=no

ifa_maintain_loopback_route: insertion failed for interface igb1: 17

2nd try assigning an IP address was successful.

/var/log/system.log

Feb 27 06:00:01 pfSense xinetd[23787]: Starting reconfiguration Feb 27 06:00:01 pfSense xinetd[23787]: Swapping defaults Feb 27 06:00:01 pfSense xinetd[23787]: readjusting service check_mk Feb 27 06:00:01 pfSense xinetd[23787]: Reconfigured: new=0 old=1 dropped=0 (services) Feb 27 06:15:01 pfSense xinetd[23787]: Starting reconfiguration Feb 27 06:15:01 pfSense xinetd[23787]: Swapping defaults Feb 27 06:15:01 pfSense xinetd[23787]: readjusting service check_mk Feb 27 06:15:01 pfSense xinetd[23787]: Reconfigured: new=0 old=1 dropped=0 (services) Feb 27 06:15:39 pfSense sshd[28406]: Accepted keyboard-interactive/pam for root from 10.0.10.2 port 1668 ssh2 Feb 27 06:15:50 pfSense php-cgi: rc.initial.reboot: Stopping all packages. Feb 27 06:15:50 pfSense SnortStartup[56363]: Snort STOP for INTERNET(14697_pppoe1)... Feb 27 06:15:51 pfSense snort[75765]: *** Caught Term-Signal Feb 27 06:15:51 pfSense kernel: pppoe1: promiscuous mode disabled Feb 27 06:15:53 pfSense php-cgi: rc.initial.reboot: The command '/usr/bin/killall iperf' returned exit code '1', the output was 'No matching processes were found' Feb 27 06:15:54 pfSense kernel: pid 93610 (ntopng), uid 0: exited on signal 11 (core dumped) Feb 27 06:15:54 pfSense kernel: igb1: promiscuous mode disabled Feb 27 06:15:55 pfSense reboot: rebooted by root Feb 27 06:15:55 pfSense syslogd: exiting on signal 15 Feb 27 06:28:53 pfSense syslogd: kernel boot file is /boot/kernel/kernel Feb 27 06:28:53 pfSense kernel: Copyright (c) 1992-2017 The FreeBSD Project. Feb 27 06:28:53 pfSense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Feb 27 06:28:53 pfSense kernel: The Regents of the University of California. All rights reserved. Feb 27 06:28:53 pfSense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation. Feb 27 06:28:53 pfSense kernel: FreeBSD 11.1-RELEASE-p6 #8 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:51:24 CST 2017 Feb 27 06:28:53 pfSense kernel: root@buildbot2.netgate.com:/builder/ce-242/tmp/obj/builder/ce-242/tmp/FreeBSD-src/sys/pfSense amd64 Feb 27 06:28:53 pfSense kernel: FreeBSD clang version 4.0.0 (tags/RELEASE_400/final 297347) (based on LLVM 4.0.0) Feb 27 06:28:53 pfSense kernel: VT(vga): resolution 640x480 Feb 27 06:28:53 pfSense kernel: CPU: AMD GX-412TC SOC                                (998.15-MHz K8-class CPU) Feb 27 06:28:53 pfSense kernel: Origin="AuthenticAMD"  Id=0x730f01  Family=0x16  Model=0x30  Stepping=1 Feb 27 06:28:53 pfSense kernel: Features=0x178bfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>Feb 27 06:28:53 pfSense kernel: Features2=0x3ed8220b <sse3,pclmulqdq,mon,ssse3,cx16,sse4.1,sse4.2,movbe,popcnt,aesni,xsave,osxsave,avx,f16c>Feb 27 06:28:53 pfSense kernel: AMD Features=0x2e500800 <syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm>Feb 27 06:28:53 pfSense kernel: AMD Features2=0x1d4037ff <lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,osvw,ibs,skinit,wdt,topology,pnxc,dbe,ptsc,pl2i>Feb 27 06:28:53 pfSense kernel: Structured Extended Features=0x8 <bmi1>Feb 27 06:28:53 pfSense kernel: XSAVE Features=0x1 <xsaveopt>Feb 27 06:28:53 pfSense kernel: SVM: NP,NRIP,AFlush,DAssist,NAsids=8 Feb 27 06:28:53 pfSense kernel: TSC: P-state invariant, performance statistics Feb 27 06:28:53 pfSense kernel: real memory  = 5083496448 (4848 MB) Feb 27 06:28:53 pfSense kernel: avail memory = 4063031296 (3874 MB) Feb 27 06:28:53 pfSense kernel: Event timer "LAPIC" quality 100 Feb 27 06:28:53 pfSense kernel: ACPI APIC Table: <core  coreboot=""> Feb 27 06:28:53 pfSense kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs Feb 27 06:28:53 pfSense kernel: FreeBSD/SMP: 1 package(s) x 4 core(s) Feb 27 06:28:53 pfSense kernel: random: unblocking device. Feb 27 06:28:53 pfSense kernel: ioapic1: Changing APIC ID to 5 Feb 27 06:28:53 pfSense kernel: ioapic0 <version 2.1=""> irqs 0-23 on motherboard Feb 27 06:28:53 pfSense kernel: ioapic1 <version 2.1=""> irqs 24-55 on motherboard Feb 27 06:28:53 pfSense kernel: SMP: AP CPU #1 Launched! Feb 27 06:28:53 pfSense kernel: SMP: AP CPU #2 Launched! Feb 27 06:28:53 pfSense kernel: SMP: AP CPU #3 Launched! Feb 27 06:28:53 pfSense kernel: Timecounter "TSC" frequency 998148610 Hz quality 1000 Feb 27 06:28:53 pfSense kernel: random: entropy device external interface Feb 27 06:28:53 pfSense kernel: wlan: mac acl policy registered Feb 27 06:28:53 pfSense kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. Feb 27 06:28:53 pfSense kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff8065c5a0, 0) error 1 Feb 27 06:28:53 pfSense kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. Feb 27 06:28:53 pfSense kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff8065c650, 0) error 1 Feb 27 06:28:53 pfSense kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. Feb 27 06:28:53 pfSense kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff8065c700, 0) error 1 Feb 27 06:28:53 pfSense kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. Feb 27 06:28:53 pfSense kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80683360, 0) error 1 Feb 27 06:28:53 pfSense kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. Feb 27 06:28:53 pfSense kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80683410, 0) error 1 Feb 27 06:28:53 pfSense kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. Feb 27 06:28:53 pfSense kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff806834c0, 0) error 1 Feb 27 06:28:53 pfSense kernel: kbd0 at kbdmux0 Feb 27 06:28:53 pfSense kernel: netmap: loaded module Feb 27 06:28:53 pfSense kernel: module_register_init: MOD_LOAD (vesa, 0xffffffff81158310, 0) error 19 Feb 27 06:28:53 pfSense kernel: nexus0 Feb 27 06:28:53 pfSense kernel: vtvga0: <vt vga="" driver=""> on motherboard Feb 27 06:28:53 pfSense kernel: cryptosoft0: <software crypto=""> on motherboard Feb 27 06:28:53 pfSense kernel: padlock0: No ACE support. Feb 27 06:28:53 pfSense kernel: acpi0: <core coreboot=""> on motherboard Feb 27 06:28:53 pfSense kernel: acpi0: Power Button (fixed) Feb 27 06:28:53 pfSense kernel: cpu0: <acpi cpu=""> on acpi0 Feb 27 06:28:53 pfSense kernel: cpu1: <acpi cpu=""> on acpi0 Feb 27 06:28:53 pfSense kernel: cpu2: <acpi cpu=""> on acpi0 Feb 27 06:28:53 pfSense kernel: cpu3: <acpi cpu=""> on acpi0 Feb 27 06:28:53 pfSense kernel: atrtc0: <at realtime="" clock=""> port 0x70-0x71 irq 8 on acpi0 Feb 27 06:28:53 pfSense kernel: Event timer "RTC" frequency 32768 Hz quality 0 Feb 27 06:28:53 pfSense kernel: attimer0: <at timer=""> port 0x40-0x43 irq 0 on acpi0 Feb 27 06:28:53 pfSense kernel: Timecounter "i8254" frequency 1193182 Hz quality 0 Feb 27 06:28:53 pfSense kernel: Event timer "i8254" frequency 1193182 Hz quality 100 Feb 27 06:28:53 pfSense kernel: hpet0: <high precision="" event="" timer=""> iomem 0xfed00000-0xfed003ff on acpi0 Feb 27 06:28:53 pfSense kernel: Timecounter "HPET" frequency 14318180 Hz quality 950 Feb 27 06:28:53 pfSense kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850 Feb 27 06:28:53 pfSense kernel: acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0 Feb 27 06:28:53 pfSense kernel: acpi_button0: <power button=""> on acpi0 Feb 27 06:28:53 pfSense kernel: pcib0: <acpi host-pci="" bridge=""> port 0xcf8-0xcff on acpi0 Feb 27 06:28:53 pfSense kernel: pci0: <acpi pci="" bus=""> on pcib0 Feb 27 06:28:53 pfSense kernel: pcib1: <acpi pci-pci="" bridge=""> irq 25 at device 2.2 on pci0 Feb 27 06:28:53 pfSense kernel: pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff Feb 27 06:28:53 pfSense kernel: pci1: <acpi pci="" bus=""> on pcib1 Feb 27 06:28:53 pfSense kernel: igb0: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k=""> mem 0xf7a00000-0xf7a1ffff,0xf7a20000-0xf7a23fff irq 28 at device 0.0 on pci1 Feb 27 06:28:53 pfSense kernel: igb0: Using MSIX interrupts with 5 vectors Feb 27 06:28:53 pfSense kernel: igb0: Ethernet address: 00:0d:b9:48:92:10 Feb 27 06:28:53 pfSense kernel: igb0: Bound queue 0 to cpu 0 Feb 27 06:28:53 pfSense kernel: igb0: Bound queue 1 to cpu 1 Feb 27 06:28:53 pfSense kernel: igb0: Bound queue 2 to cpu 2 Feb 27 06:28:53 pfSense kernel: igb0: Bound queue 3 to cpu 3 Feb 27 06:28:53 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024 Feb 27 06:28:53 pfSense kernel: pcib2: <acpi pci-pci="" bridge=""> irq 26 at device 2.3 on pci0 Feb 27 06:28:53 pfSense kernel: pci2: <acpi pci="" bus=""> on pcib2 Feb 27 06:28:53 pfSense kernel: igb1: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k=""> port 0x2000-0x201f mem 0xf7b00000-0xf7b1ffff,0xf7b20000-0xf7b23fff irq 32 at device 0.0 on pci2 Feb 27 06:28:53 pfSense kernel: igb1: Using MSIX interrupts with 5 vectors Feb 27 06:28:53 pfSense kernel: igb1: Ethernet address: 00:0d:b9:48:92:11 Feb 27 06:28:53 pfSense kernel: igb1: Bound queue 0 to cpu 0 Feb 27 06:28:53 pfSense kernel: igb1: Bound queue 1 to cpu 1 Feb 27 06:28:53 pfSense kernel: igb1: Bound queue 2 to cpu 2 Feb 27 06:28:53 pfSense kernel: igb1: Bound queue 3 to cpu 3 Feb 27 06:28:53 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024 Feb 27 06:28:53 pfSense kernel: pcib3: <acpi pci-pci="" bridge=""> at device 2.4 on pci0 Feb 27 06:28:53 pfSense kernel: pci3: <acpi pci="" bus=""> on pcib3 Feb 27 06:28:53 pfSense kernel: igb2: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k=""> port 0x3000-0x301f mem 0xf7c00000-0xf7c1ffff,0xf7c20000-0xf7c23fff at device 0.0 on pci3 Feb 27 06:28:53 pfSense kernel: igb2: Using MSIX interrupts with 5 vectors Feb 27 06:28:53 pfSense kernel: igb2: Ethernet address: 00:0d:b9:48:92:12 Feb 27 06:28:53 pfSense kernel: igb2: Bound queue 0 to cpu 0 Feb 27 06:28:53 pfSense kernel: igb2: Bound queue 1 to cpu 1 Feb 27 06:28:53 pfSense kernel: igb2: Bound queue 2 to cpu 2 Feb 27 06:28:53 pfSense kernel: igb2: Bound queue 3 to cpu 3 Feb 27 06:28:53 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024 Feb 27 06:28:53 pfSense kernel: pci0: <encrypt decrypt=""> at device 8.0 (no driver attached) Feb 27 06:28:53 pfSense kernel: xhci0: <amd fch="" usb="" 3.0="" controller=""> mem 0xf7f22000-0xf7f23fff irq 18 at device 16.0 on pci0 Feb 27 06:28:53 pfSense kernel: xhci0: 32 bytes context size, 64-bit DMA Feb 27 06:28:53 pfSense kernel: xhci0: Unable to map MSI-X table Feb 27 06:28:53 pfSense kernel: usbus0 on xhci0 Feb 27 06:28:53 pfSense kernel: usbus0: 5.0Gbps Super Speed USB v3.0 Feb 27 06:28:53 pfSense kernel: ahci0: <amd hudson-2="" ahci="" sata="" controller=""> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xf7f25000-0xf7f253ff at device 17.0 on pci0 Feb 27 06:28:53 pfSense kernel: ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS Feb 27 06:28:53 pfSense kernel: ahcich0: <ahci channel=""> at channel 0 on ahci0 Feb 27 06:28:53 pfSense kernel: ahcich1: <ahci channel=""> at channel 1 on ahci0 Feb 27 06:28:53 pfSense kernel: ehci0: <amd fch="" usb="" 2.0="" controller=""> mem 0xf7f26000-0xf7f260ff irq 18 at device 19.0 on pci0 Feb 27 06:28:53 pfSense kernel: usbus1: EHCI version 1.0 Feb 27 06:28:53 pfSense kernel: usbus1 on ehci0 Feb 27 06:28:53 pfSense kernel: usbus1: 480Mbps High Speed USB v2.0 Feb 27 06:28:53 pfSense kernel: isab0: <pci-isa bridge=""> at device 20.3 on pci0 Feb 27 06:28:53 pfSense kernel: isa0: <isa bus=""> on isab0 Feb 27 06:28:53 pfSense kernel: sdhci_pci0: <generic sd="" hci=""> mem 0xf7f27000-0xf7f270ff at device 20.7 on pci0 Feb 27 06:28:53 pfSense kernel: sdhci_pci0: 1 slot(s) allocated Feb 27 06:28:53 pfSense kernel: orm0: <isa option="" rom=""> at iomem 0xef000-0xeffff on isa0 Feb 27 06:28:53 pfSense kernel: ppc0: cannot reserve I/O port range Feb 27 06:28:53 pfSense kernel: uart0: <16550 or compatible> at port 0x3f8 irq 4 flags 0x10 on isa0 Feb 27 06:28:53 pfSense kernel: uart0: console (115200,n,8,1) Feb 27 06:28:53 pfSense kernel: uart1: <16550 or compatible> at port 0x2f8 irq 3 on isa0 Feb 27 06:28:53 pfSense kernel: hwpstate0: <cool`n'quiet 2.0=""> on cpu0 Feb 27 06:28:53 pfSense kernel: ZFS NOTICE: Prefetch is disabled by default if less than 4GB of RAM is present; Feb 27 06:28:53 pfSense kernel: to enable, add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf. Feb 27 06:28:53 pfSense kernel: ZFS filesystem version: 5 Feb 27 06:28:53 pfSense kernel: ZFS storage pool version: features support (5000) Feb 27 06:28:53 pfSense kernel: Timecounters tick every 1.000 msec Feb 27 06:28:53 pfSense kernel: nvme cam probe device init Feb 27 06:28:53 pfSense kernel: ugen0.1: <0x1022 XHCI root HUB> at usbus0 Feb 27 06:28:53 pfSense kernel: ugen1.1: <amd ehci="" root="" hub=""> at usbus1 Feb 27 06:28:53 pfSense kernel: uhub0: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0 Feb 27 06:28:53 pfSense kernel: uhub1: <amd 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus1 Feb 27 06:28:53 pfSense kernel: uhub0: 4 ports with 4 removable, self powered Feb 27 06:28:53 pfSense kernel: uhub1: 2 ports with 2 removable, self powered Feb 27 06:28:53 pfSense kernel: ugen1.2: <vendor 0x0438="" product="" 0x7900=""> at usbus1 Feb 27 06:28:53 pfSense kernel: uhub2 on uhub1 Feb 27 06:28:53 pfSense kernel: uhub2: <vendor 2="" 9="" 0x0438="" product="" 0x7900,="" class="" 0,="" rev="" 2.00="" 0.18,="" addr=""> on usbus1 Feb 27 06:28:53 pfSense kernel: uhub2: 4 ports with 4 removable, self powered Feb 27 06:28:53 pfSense kernel: ada0 at ahcich0 bus 0 scbus0 target 0 lun 0 Feb 27 06:28:53 pfSense kernel: ada0: <sata ssd="" sbfm01.0=""> ACS-4 ATA SATA 3.x device Feb 27 06:28:53 pfSense kernel: ada0: Serial Number A46207780BBF00118119 Feb 27 06:28:53 pfSense kernel: ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes) Feb 27 06:28:53 pfSense kernel: ada0: Command Queueing enabled Feb 27 06:28:53 pfSense kernel: ada0: 15272MB (31277232 512 byte sectors) Feb 27 06:28:53 pfSense kernel: Trying to mount root from zfs:zroot/ROOT/default []... Feb 27 06:28:53 pfSense kernel: padlock0: No ACE support. Feb 27 06:28:53 pfSense kernel: aesni0: <aes-cbc,aes-xts,aes-gcm,aes-icm> on motherboard Feb 27 06:28:53 pfSense kernel: amdtemp0: <amd cpu="" on-die="" thermal="" sensors=""> on hostb5 Feb 27 06:28:53 pfSense kernel: vlan0: changing name to 'igb0.7' Feb 27 06:28:53 pfSense kernel: ng0: changing name to 'pppoe1' Feb 27 06:28:53 pfSense kernel: igb0: link state changed to UP Feb 27 06:28:53 pfSense kernel: igb0.7: link state changed to UP Feb 27 06:28:53 pfSense kernel: igb1: link state changed to UP Feb 27 06:28:53 pfSense kernel: pflog0: promiscuous mode enabled Feb 27 06:28:53 pfSense kernel: DUMMYNET 0 with IPv6 initialized (100409) Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched FIFO loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched QFQ loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched RR loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched WF2Q+ loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched PRIO loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched FQ_CODEL loaded Feb 27 06:28:53 pfSense kernel: load_dn_sched dn_sched FQ_PIE loaded Feb 27 06:28:53 pfSense kernel: load_dn_aqm dn_aqm CODEL loaded Feb 27 06:28:53 pfSense kernel: load_dn_aqm dn_aqm PIE loaded Feb 27 06:28:53 pfSense kernel: ifa_maintain_loopback_route: insertion failed for interface igb1: 17 Feb 27 06:28:53 pfSense kernel: tun1: changing name to 'ovpns1' Feb 27 06:28:53 pfSense kernel: ovpns1: link state changed to UP Feb 27 06:28:53 pfSense kernel: pppoe1: promiscuous mode enabled Feb 27 06:28:53 pfSense kernel: igb1: promiscuous mode enabled Feb 27 06:28:53 pfSense kernel: ifa_maintain_loopback_route: insertion failed for interface igb1: 17 Feb 27 06:29:51 pfSense login: login on ttyu0 as root Feb 27 06:29:51 pfSense sshlockout[15463]: sshlockout/webConfigurator v3.0 starting up Feb 27 06:29:58 pfSense sshd[18134]: Accepted keyboard-interactive/pam for root from x.x.x.x port 53707 ssh2 Feb 27 06:30:01 pfSense xinetd[14996]: Starting reconfiguration Feb 27 06:30:01 pfSense xinetd[14996]: Swapping defaults Feb 27 06:30:01 pfSense xinetd[14996]: readjusting service check_mk Feb 27 06:30:01 pfSense xinetd[14996]: Reconfigured: new=0 old=1 dropped=0 (services)</amd></aes-cbc,aes-xts,aes-gcm,aes-icm></sata></vendor></vendor></amd></amd></cool`n'quiet></isa></generic></isa></pci-isa></amd></ahci></ahci></amd></amd></encrypt></intel(r)></acpi></acpi></intel(r)></acpi></acpi></intel(r)></acpi></acpi></acpi></acpi></power></high></at></at></acpi></acpi></acpi></acpi></core></software></vt></version></version></core ></xsaveopt></bmi1></lahf,cmp,svm,extapic,cr8,abm,sse4a,mas,prefetch,osvw,ibs,skinit,wdt,topology,pnxc,dbe,ptsc,pl2i></syscall,nx,mmx+,ffxsr,page1gb,rdtscp,lm></sse3,pclmulqdq,mon,ssse3,cx16,sse4.1,sse4.2,movbe,popcnt,aesni,xsave,osxsave,avx,f16c></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>

Output of the serial console:

FreeBSD/amd64 (pfSense.home) (ttyu0) pfSense - Netgate Device ID: 32d773046f502a8401b8 *** Welcome to pfSense 2.4.2-RELEASE-p1 (amd64) on pfSense *** INTERNET (wan)  -> pppoe1    -> v4/PPPoE: x.x.x.x/32 LAN (lan)      -> igb1      -> 0) Logout (SSH only)                  9) pfTop 1) Assign Interfaces                10) Filter Logs 2) Set interface(s) IP address      11) Restart webConfigurator 3) Reset webConfigurator password    12) PHP shell + pfSense tools 4) Reset to factory defaults        13) Update from console 5) Reboot system                    14) Disable Secure Shell (sshd) 6) Halt system                      15) Restore recent configuration 7) Ping host                        16) Restart PHP-FPM 8) Shell Enter an option: 2 2 Available interfaces: 1 - INTERNET (pppoe1) 2 - LAN (igb1 - static) Enter the number of the interface you wish to configure: Enter the new LAN IPv4 address.  Press <enter>for none: > x.x.x.x Subnet masks are entered as bit counts (as in CIDR notation) in pfSense. e.g. 255.255.255.0 = 24     255.255.0.0  = 16     255.0.0.0    = 8 Enter the new LAN IPv4 subnet bit count (1 to 31): > 17 For a WAN, enter the new LAN IPv4 upstream gateway address. For a LAN, press <enter>for none: > Enter the new LAN IPv6 address.  Press <enter>for none: > Do you want to enable the DHCP server on LAN? (y/n) y Enter the start address of the IPv4 client address range: x.x.x.200 Enter the end address of the IPv4 client address range: x.x.x.250 Do you want to revert to HTTP as the webConfigurator protocol? (y/n) n Please wait while the changes are saved to LAN...ifa_maintain_loopback_route: insertion failed for interface igb1: 17 Reloading filter... Reloading routing configuration... DHCPD... The IPv4 LAN address has been set to x.x.x.x/17 You can now access the webConfigurator by opening the following URL in your webbrowser:                 https://x.x.x.x/ Press <enter>to continue.</enter></enter></enter></enter>

You can locate a partner in your area and ask there  https://www.netgate.com/partners/locator.html
or get a Gold Membership and start reading. Shouldn't be too hard if you know Cisco routers already.