@johnpoz Thanks. I wasn't fully aware of the usefulness of alias before. Indeed, blocking RFC1918 is a more convenient way. I've reconfigured my firewall and it's running well.

Also thanks to @SteveITS

@lnguyen @stephenw10 that did the trick, thanks much for helping me out, it was GE25 on which pfsense upstream cable was in.

[Solution]

There were some outgoing port rules in the VMWare Esxi firewall (outgoing ports) that prevented traffic on ports 80 and 443.

I disabled these rules and updating Windows and Linux worked, as well as accessing the http sites.

Thanks.

@defunct78 Adding more details to my post.

tcpdump on the inside shows the ServFail as stated. Enabling TLS causes these errors. Again, DNSSEC has always been disabled.

13:48:47.739211 IP (tos 0x0, ttl 64, id 57751, offset 0, flags [none], proto UDP (17), length 59, bad cksum 0 (->dab3)!) 192.168.X.254.53 > 192.168.X.24.63104: [bad udp cksum 0xbe9f -> 0xb98a!] 11684 ServFail q: AAAA? i.ebayimg.com. 0/0/0 (31)

and IPv6

13:32:22.688367 IP6 (hlim 64, next-header UDP (17) payload length: 41) XXX:XXX:XXX:30::1.53 > XXX:XXX:XXX:30:f470:14f5:f634:1308.55800: [udp sum ok] 5238 ServFail q: AAAA? ssl.gstatic.com. 0/0/0 (33)

I am not seeing errors on the WAN side, though that data is encrypted so it is a bit harder to see the content. I have tried Quad9 and Cloudflare both. Also disabled IPv6 on the client side just to isolate the issue, none of these seemed to have changed the behavior.

@mrewers I had a similar problem with one of mine. Put in a ticket; tech support had me send it in. They pulled it apart and verified everything, reinstalled the software and I'm not sure what else and returned it. Zero problems after that.

I suggest you contact them.

@steveits These are APU2 units. Probably 3 years old. I know a restore just puts the xml back into place but this happened on 2 units back to back. I find it hard to believe both drives crapped out together, you know? Something must have happened but I've no clue. Now I'm trying to figure out what was affected so I can determine what was done. So far I've created a bootable USB and can get into the recovery on it.

In df I can see listings for /zroot/var, zroot/tmp, zroot, and zroot/ROOT/default. Each of them show Size=106G and Avail=106G. They are essentially all mounted under /tmp/mnt_recovery in different folders. If I navigate to /tmp/mnt_recovery and run the entire folder is only 1.8M in size. It seems like the whole drive was wiped and I'm trying to determine how this was done. All they are telling me is they went into the Backup&Restore, selected the xml, and clicked Restore. If they did something other than that and managed to wipe the drive I need to know how they did it so I can stop it from happening again. I'm lucky this is done on units being pulled and not on production units.

@netgate1100guy See https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems/. The repos for 22.05 are turned off for those models due to a serious problem updating older devices. Once they are happy with the revised update script and enable it again, you can upgrade (or set the update branch to previous/22.05 and stay there), or if you don't want to wait you can manually install 23.01 and go from there. I think the update looks more complicated than it is...it just copies the image to the 1100's drive.

@mauro-tridici while you could setup a proxy on pfsense with haproxy, I really wouldn't go that route. If you want remote users to look like they come from your corp network. I would vpn them into your network, and route whatever traffic you want to come from a corp IP to something out the internet through the vpn.

@elmo1943
Go to the IP tab and configure your inbound and outbound interfaces.

@dschmitz Steve's already pointed you at a way to have the UI show lower memory use, but I wanted to reinforce the point that what your 'top' screenshot shows is not a problem.

It does show that the majority of RAM is in use, but if you look one line lower you can see that 13 out of the 14 GB of wired memory is used by the ARC (ZFS's buffer cache).
That's a good thing. It means that the memory you paid for is doing stuff, rather than sitting around burning electrons for nothing. Once memory is needed for other things (such as pf states, or installing packages or any of the thousands of other things the system does) the ARC will release that memory.

As a general rule, memory usage on modern operating systems is much more complicated than you think it is, even if you take this rule into account.

@dchiang1987 said in SG-3100 upgraded storage to M.2 but disk is still reading eMMC storage:

I tried changing m2dev to 1 and that worked. I modified your second line to run m2boot. Thanks for the tip!

Great =)
Good to know that its working, I remember when that happened to me and it was baddd, hehe.

@terryzb The ARM device install copies the image to disk, overwriting it. Just restore your saved config file afterwards.

Edit: for pfB it will restore whatever is in the config file.

@terryzb said in Console display missing letters 'u' and 'l':

The SiLab driver notes list several bug fix

I will have to take a look see if I am behind in driver version - even though have never seen that issue, I like to be up to date with everything ;)

edit: I was a couple releases behind, was on 11.0 now on 11.2..

@viragomann If i re-run the installer from Clients export in pfsense, then it installs the PCKS12 file i need and in the certificate store. OpenVPN config file is generated to automatically to look at the trust store. So thats what i have been doing to test.
User Cert + 2FA, and no admin rights on this workers laptop...Im happy.

@octopuss That's what I was vaguely remembering...someone that had enabled it then disabled IPv6, or similar. I don't really recall the details.

I suppose another option would be to edit it out of the config .xml file and restore.

By the time a patch makes it into the "Recommended" list it's usually either already included in a newer release or it's been well tested internally and confirmed to solve the problem in question.

A quick update. Today I tried the upgrade again and now IPTV/IGMP is working fine. Upon checking the igmp package I can see that the working version (0.3_1,1) is installed automatically. Always nice to wait a little before upgrade. Thanks and another happy upgrade running here.