@rtorres https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html
https://docs.netgate.com/pfsense/en/latest/recipes/index.html#id1
:)

Looks like your webgui is open to the internet and those are drive-by connection attempts.

Make sure your WAN firewall rules are now passing traffic to the webgui.

Steve

@04CC40
Good update. 👍

Are you able to show the MySQL service in 2.6? It doesn't exist AFAIK. This could also just be terminology confusion.

@SteveITS

I have literally been laying in the closet for 3 whole days. Factory reseting things, changing settings until it breaks, and starting over. Thank you so much!

Was that after upgrading?

The de-install error is common across an upgrade because php gets upgraded before the deinstall script. That's normally not an issue.

The filter reload errors are because those pfBlocker aliases are not populated yet. That is usually resolved after the first boot.

If you clear those errors and they do not return it's unlikely to be a problem.

Steve

Thank you both for your help! I wanted to follow up and let you know that Option 2 worked like a charm. I installed pfSense 2.7 CE, moved the NIC over to the new system, upgraded to pfSense Plus 23.05.1, and then restored the 23.05.1 config from the old system. The whole process probably took less than 30 minutes and everything was working fine by the end of it.

I only ran into two minor issues:

After config restoration the udpbroadcastrelay package service refused to start. Disabling / Re-Enabling the package via its GUI configuration page solved the issue and the service started fine. I was greeted with a bunch of errors after the initial reboot that followed config restoration. These were mainly pfBlockerNG related. I use pfBlockerNG lists as aliases in firewall rules and these lists don't exist without the initial pfBlockerNG update (that downloads and creates them). Once I ran a manual pfBlockerNG update, the lists were created everything was fine going forward.

Overall I'm very impressed with how smoothly the hardware upgrade went - a big thank you to everyone at Netgate for making the installation and restoration process so seamless.

There is no change in 2.7. RSS still does not support it so it cannot be used by multiple queues and hence threads/cores.

Yup, the fix for this is non-trivial!

Steve

@stephenw10
I know. However, it's way more comfortable to have all functions integrated in a single box, and can control them all with a single remote.

And as my TV is in my IoT wifi, which neither does allow communications between the wifi clients nor to other local subnets, but only the isolated DLNA server, which is bridged to the IoT on pfSense, if have not much security concerns regarding this to be honest.

@stephenw10

I helped him to do a clean new install of ver 2.7.
All is working now.

You need to NICS....

One for WAN and one for LAN.

Add the VLAN's on the LAN parent interface.

That the way (best practice).

I'm not aware of a limit there. You might hit usability issues in the webgui eventually.

Mmm, unfortunately there isn't really any other options there. There are a lot of cases where more fine grained notification control would be useful. There's probably already a feature request open but if not you can add one: https://redmine.pfsense.org/

Like: https://redmine.pfsense.org/issues/12531

There isn't yet an Plus installer image for whitebox devices. We are currently working on it. You can now upgrade directly from 2.7 to 23.05.1 though.

@mohie25 said in Captive Portal client exemption:

have you found a solution for this problem

These :

3c4bf949-3894-4e6a-a5e1-bce4c480a6ad-image.png

are 3 IPs, my access points. These can access the Internet without being blocked by the portal while in the portal network.

My captive portal uses 192.168.2.0/24 - it's a dedicated network for my clients.

Special case ( ? ) discovered this week, I was shown a possible issue that if the 'french' (or another ?) language is used, the "Allowed IP Addresses" don't work.
Temporary solution : Use the default GUI language.

edit : in 2016, pfSEnse was completely different.
Issues form then (which wasn't an issue because it worked very well in 2016 ... that is, it does so since 2009 for me) don't make sense today.
That is, if you are not using pfSense 2.0.x

@gstlouis That is a configuration on the Firewall itself, Auto Power on when Failure, It is a setting in the BIOS, I have configured my Firewalls and Firewalls in other locations to Power on Automatically which is configured in the BIOS.

That's a drive issue:

sdhci_pci0-slot0: Controller timeout sdhci_pci0-slot0: ============== REGISTER DUMP ============== sdhci_pci0-slot0: Sys addr: 0x14366200 | Version: 0x00001002 sdhci_pci0-slot0: Blk size: 0x00000200 | Blk cnt: 0x00000000 sdhci_pci0-slot0: Argument: 0x000138b0 | Trn mode: 0x00000003 sdhci_pci0-slot0: Present: 0x1fff0000 | Host ctl: 0x00000025 sdhci_pci0-slot0: Power: 0x0000000b | Blk gap: 0x00000080 sdhci_pci0-slot0: Wake-up: 0x00000000 | Clock: 0x00000207 sdhci_pci0-slot0: Timeout: 0x0000000d | Int stat: 0x00000003 sdhci_pci0-slot0: Int enab: 0x01ff003b | Sig enab: 0x01ff003a sdhci_pci0-slot0: AC12 err: 0x00000000 | Host ctl2:0x0000000c sdhci_pci0-slot0: Caps: 0x546ec8b2 | Caps2: 0x80000007 sdhci_pci0-slot0: Max curr: 0x00000000 | ADMA err: 0x00000000 sdhci_pci0-slot0: ADMA addr:0x00000000 | Slot int: 0x00000001 sdhci_pci0-slot0: =========================================== mmcsd0: Error indicated: 1 Timeout

The actual crash shows a filesystem problem but that would be caused by the drive timeout and resulting reboot.

The logs are pretty much full on arp movement spam. If that's a known device you might want to disable logging it:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/logs-arp-moved.html

You are still running 2.4.4 which is an ancient release.

Steve