Installation and Upgrades

• B

  Pkg.pfsense.org appears to be dead
  • basic612  

  15
  0
  Votes
  15
  Posts
  13933
  Views

  P

  bonnie222, I have to agree with johnpoz.  You have something going on with your DNS configuration.  Have you checked your DNS settings to make sure you have a DNS server configured?  Can you successfully look up A records for sites like www.pfsense.org and files00.netgate.com.  If you can't do A record lookups you certainly aren't going to be able to do SRV record lookups. There is an option under 'System -> General Setup -> DNS Server Settings' that allows your ISP DHCP settings to override the local DNS server settings.  If you are using DHCP from your ISP and using their DNS servers make sure this is checked. This should not be unchecked unless you have your own DNS servers, you want to use different DNS servers (like google), or your ISP doesn't provide DNS via DHCP.  If the box is unchecked you have to manually configure DNS servers. If your box has Internet access to google's DNS servers you can test by using 8.8.8.8  as a DNS Server, uncheck 'DNS Server Override" and check the "Disable DNS Forwarder'.  This will skip using the pfSense box for DNS and go directly to Google's DNS server.  If this works then either your ISP isn't providing a DNS server via DHCP and you need to configure a DNS server manually or your own DNS server is filtering what you are allowed to resolve. Hope this helps.
• P

  HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive
  • pfBasic  

  42
  0
  Votes
  42
  Posts
  26501
  Views

  K

  So is there still no "official" way to have all files in the disk to be included with the 2-copies scheme of set (when "zfs set copies=2 zroot" is set) after installation? I can't find anything in the Internet that answers this.
• 

  2.3.x "Unable to check for updates"/"Unable to retrieve package information"
  • jimp  

  3
  0
  Votes
  3
  Posts
  11317
  Views

  

  Please do not post other update failures to this thread, as they are highly unlikely to be related. Start new threads for different errors.
• C

  Gateway monitoring not working post-2.3 upgrade? Read here
  • cmb  

  20
  0
  Votes
  20
  Posts
  16547
  Views

  

  @dotdash I must admit that you are absolutely right. I am a very impatient person. ;) A couple of minutes ago I finally changed the Payload of the ping (I did it not right at the beginning). Also I inserted a monitoring IP on the interfaces. Now it seems to work but I have absolutely no clue why.
• 

  Issues updating from 2.3-RC (or older 2.3 installs) to 2.3-RELEASE
  • jimp  

  65
  0
  Votes
  65
  Posts
  67962
  Views

  W

  please check your pfsense date and time .
• 

  Stuck at booting after upgrade to version 2.5.0 development snapshot
  • rogercwb  

  3
  0
  Votes
  3
  Posts
  82
  Views

  

  The switch issue appears to be a general problem on 2.5.0 right now, at least on the 3100.
• P

  New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14
  • peterfranca  

  43
  0
  Votes
  43
  Posts
  1850
  Views

  J

  Yes we do. There are dozens of vlan used.
• R

  Installing mSATA on APU board
  • robina80  

  6
  0
  Votes
  6
  Posts
  2891
  Views

  S

  @robina80 said in Installing mSATA on APU board: i have succesfully done it downloaded and put the image on my usb stick using "win32 disk imager" inserted it in free usb port connected serial cable to laptop, opened up putty and changed baud rate to "115200" to see the boot menu and boot of the usb closed/opened putty again and changed the baud rate to "9600" so i can install and follow the on screen instructions once done i changed my boot order so the first option was my mSATA once i could log back in the webgui i restored my settings so it was like how i had it before Hi ! I faced up to a BIG trouble while upgrading to the latest version of pfSense (2.4.4-RELEASE (Patch 3) ) : unable to boot, something to do with CPU microcode update ? # service microcode_update start If the CPU requires a microcode update, a console message such as the following will appear: Updating CPU Microcode... /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl0 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl2 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl4 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl6 from rev 0x17 to rev 0x22... done. Done. >>> Setting vital flag on pfSense... done. External config loader 1.0 is now starting... ada0s1 ada0s1a ada0s1b Launching the init system...Updating CPU Microcode... Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x800e29000 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff81189dde stack pointer = 0x28:0xfffffe0035f2a940 frame pointer = 0x28:0xfffffe0035f2a940 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 608 (logger) I proceeded like robina80 explained, booting from USB with "pfSense-CE-memstick-serial-2.4.4-RELEASE-p3-amd64" version, USB keyboard attached, Serial port to 115200 ==> Everything went back, pfSense is now able to boot ;-)
• Y

  UPgrade from 2.4.4 to 2.4.4_3: not squidguard
  • yosoypako  

  4
  0
  Votes
  4
  Posts
  65
  Views

  Y

  Hello. I have re-installed the squidguard package and re-booted the firewall. Now I can see squidguard on the services menu. And I have not lost the previous configuration for the service. Next step: play with the ssl url filtering. Thanks for your help.
• C

  having trouble with configuration
  • csf2618  

  4
  0
  Votes
  4
  Posts
  46
  Views

  C

  basically my routers are aging and instead of going with expensive home network crap i want to build my own network solution out of my old workstation why because find me a router with a 3.2GHz core 2 quad 8GB ram and i was originally goig to use x86 ddwrt but then i found pfsense and saw how much i could improve my network security and how i could seperate my server and home network
• A

  filter_reload_status filling /var/run directory
  • AguianldoSilva  

  9
  0
  Votes
  9
  Posts
  124
  Views

  C

  I know this topic is quite old, but did anyone resolve this issue? I am running into the same thing. [2.4.4-RELEASE][root@att.com]/var/run: ls -l total 144 drwxrwxr-x 2 root operator 512 Sep 29 03:08 .snap srw-rw-rw- 1 root wheel 0 Sep 29 03:08 check_reload_status -rw------- 1 root wheel 3 Sep 29 03:08 cron.pid -rw------- 1 root wheel 3 Sep 29 03:08 devd.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:08 devd.pipe srw-rw-rw- 1 root wheel 0 Sep 29 03:08 devd.seqpacket.pipe lrwxr-xr-x 1 root wheel 19 Sep 29 03:08 dmesg.boot -> /var/log/dmesg.boot -rw-r--r-- 1 root wheel 5 Sep 29 03:09 dpinger_WAN2GWv6~2001:1890:c03:960::11e5:95e2~2001:1890:0c03:0960:0000:0000:eee5:95e2.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:09 dpinger_WAN2GWv6~2001:1890:c03:960::11e5:95e2~2001:1890:0c03:0960:0000:0000:eee5:95e2.sock -rw-r--r-- 1 root wheel 5 Sep 29 03:09 dpinger_WAN2GW~206.121.142.210~206.121.142.209.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:09 dpinger_WAN2GW~206.121.142.210~206.121.142.209.sock -rw-r--r-- 1 root wheel 6 Sep 29 03:09 expire_accounts.pid -rw-r--r-- 1 root wheel 25478 Nov 5 14:18 filter_reload_status -rw-r--r-- 1 root wheel 6 Sep 29 03:09 filterdns.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 filterlog.pid -rw-r--r-- 1 root wheel 6 Nov 5 14:20 haproxy.pid -r--r--r-- 1 root wheel 230 Sep 29 03:13 ld-elf.so.hints -r--r--r-- 1 root wheel 129 Sep 29 03:13 ld-elf32.so.hints srw-rw-rw- 1 root wheel 0 Sep 29 03:09 log srw------- 1 root wheel 0 Sep 29 03:09 logpriv -rw-r--r-- 1 root wheel 6 Sep 29 03:09 nginx-webConfigurator.pid -rw-r--r-- 1 root wheel 5 Sep 29 03:09 ntpd.pid -rw-r--r-- 1 root wheel 6 Sep 29 04:19 openvpn_server1.pid -rw-r--r-- 1 root wheel 5 Oct 14 11:17 pfSense-upgrade-GUI.pid -rw------- 1 root wheel 25 Nov 11 11:46 pfSense_version -rw-r--r-- 1 root wheel 1 Nov 11 11:46 pfSense_version.rc -rw-r--r-- 1 root wheel 3 Sep 29 03:08 php-fpm.pid srw------- 1 root wheel 0 Sep 29 03:08 php-fpm.socket -rw-r--r-- 1 root wheel 6 Sep 29 03:09 ping_hosts.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 radvd.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:08 sshd.pid drwx--x--x 3 root wheel 512 Oct 14 11:17 sudo -rw------- 1 root wheel 5 Sep 29 03:09 syslog.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 unbound.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 update_alias_url_data.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 updaterrd.sh.pid -rw-r--r-- 1 root wheel 0 Sep 29 03:08 utmp -rw-r--r-- 1 root wheel 394 Nov 11 11:47 utx.active -rw-r--r-- 1 root wheel 6 Sep 29 03:09 xinetd.pid drwxr-xr-x 2 zabbix zabbix 512 Oct 14 11:17 zabbix-agent I am also having an issue with the /var/run folder getting filled up due to Zabbix. I have to uninstall Zabbix from pfSense and the file goes from being really small to about 3 megs in a week. [2.4.4-RELEASE][root@att.com]/var/run: cd sudo [2.4.4-RELEASE][root@att.com]/var/run/sudo: ls -l total 4 drwx------ 2 root wheel 512 Oct 14 11:17 ts [2.4.4-RELEASE][root@att.com]/var/run/sudo: cd ts [2.4.4-RELEASE][root@att.com]/var/run/sudo/ts: ls -l total 3168 -rw------- 1 root wheel 3211264 Nov 11 11:53 zabbix [2.4.4-RELEASE][root@att.com]/var/run/sudo/ts: I was not having this issue until I updated pfSense to 2.4.4 release p3 about 2 months ago. Thank you for any help you can provide.
• I

  HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile
  • ibysmalls  

  17
  1
  Votes
  17
  Posts
  1025
  Views

  

  @pragalbh said in HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile: Go To System >> Advance >> System Tunables >> add new Tunables : if_qlxgb_load Value: YES That won't work there, it's a loader varialble you need to put it in /boot/loader.conf.local as @dotdash described above. The system tunables section there is for sysctls, it equates to sysctl.conf in FreeBSD. Steve
• M

  Install pfSense from USB does not load kernel??
  • MasterAdde  

  28
  0
  Votes
  28
  Posts
  108
  Views

  M

  @Gertjan I used "diskpart" also to wipe the usb before flashing to pfsense.......strange Tried rufus. etcher and win32manager, all failed :( everyone of them wiped in diskpart I have not failed befor when using rufus or etcher to flash pfsense just this version...can be a bad img as well, I dont really know way..... /Adde
• V

  Install ntopng conflict
  • Varnish  

  23
  0
  Votes
  23
  Posts
  66
  Views

  V

  @stephenw10 ntopng is the only thing's broken i think
• G

  Mini pc installation issues
  • geekydaddy  

  2
  0
  Votes
  2
  Posts
  70
  Views

  

  Bad drive maybe? Can you drop to the command line and check dmesg for errors?
• O

  Pfsense lan on proxmox
  • openaspace  

  5
  0
  Votes
  5
  Posts
  44
  Views

  O

  the big mystery part is that the wan is always online and only the virtual lan go off.
• M

  Pfsense in ovirt installation
  • matmilan  

  8
  0
  Votes
  8
  Posts
  44
  Views

  M

  Solved! I reinstalled and all work!
• H

  unable update package
  • hamed_forum  

  3
  0
  Votes
  3
  Posts
  63
  Views

  

  Hi, The subject is known. Bad WAN, bad files system, broken DNS, etc. Use a the magic keyword "repo-pfSense-core.sqlite" and put it in here :
• A

  One interface loses internet access and I could get it back only after reboot the pfsense
  • ady2  

  39
  0
  Votes
  39
  Posts
  754
  Views

  A

  @bjohe Yes, since I have setup my WAN as default gateway I didn't have any internet dropout. In your case did you consider a hardware failure? Trying to debug my issue I have bought another (actually 2 other relatively cheap used LAN cards from ebay) and added to my setup trying to exclude the lan card failure, but in my case it was not the card.
• H

  Upgrade from 2.3.5 device to newer 2.4 device
  • hulleyrob  

  3
  0
  Votes
  3
  Posts
  54
  Views

  H

  Oh cool thank I was hoping that would work but wasn't sure. I remember something about when I tried to upgrade the current device I had to remove all packages or something. I never got it working well on 2.4 it was just too slow once it was upgrade so ive built a low power pc to replace it. Yeah all the network cards are different and there are more now, shouldnt be a big issue from what you've said. Many thanks will give it a go as soon as I get chance. Regards Rob
• G

  Do I need to update the FreeBSD OS, that pfSense sits upon?
  • Giraffe794  

  3
  0
  Votes
  3
  Posts
  124
  Views

  G

  Indeed! Searching this site with the CVE identifier (CVE-2019-11043), I found this: https://forum.netgate.com/topic/147590/cve-2019-11043/5 I just had the feeling that the updates to pfSense are not frequent enough (I have it installed a couple of months now and I got no updates to the main software yet, only some packages). So, I was wondering if I was missing some critical maintenance action... I guess I can chill now... Thanks.
• T

  Package manager and support not working
  • tomasz1919  

  8
  0
  Votes
  8
  Posts
  129
  Views

  T

  As in Rico above link, Bios and system time check this first please
• K

  pfSense 2.4.4-p3 Unable to retrieve package information
  squidguard installation radius package manager • • kenj05  

  1
  0
  Votes
  1
  Posts
  38
  Views

  No one has replied

• T

  No console on SG-4860 after pfsense 2.4.4 install
  no console • • ThreeEyedFish  

  2
  0
  Votes
  2
  Posts
  43
  Views

  T

  Don't know what I did, but managed to get it to boot properly. Restored backed up config and GO !!
• D

  I can't enter the pfsense web environment
  • dsanchez  

  2
  0
  Votes
  2
  Posts
  58
  Views

  

  https://docs.netgate.com/pfsense/en/latest/usermanager/locked-out-of-the-webgui.html
• 

  [Solved] Pfsense getting stuck at coretemps,
  • manjotsc  

  9
  0
  Votes
  9
  Posts
  79
  Views

  

  Thanks, all up and running now.
• 

  Mirrors de ISOs fpsense
  • calitzin  

  4
  0
  Votes
  4
  Posts
  52
  Views

  

  Perhaps the better solution would be to upgrade both to p3 if you're able to?
• T

  Squid User Reports Export!!
  • thekpoper  

  2
  0
  Votes
  2
  Posts
  34
  Views

  

  i'm sending all the logs to an external syslog server actually for squid you need to add in the "Custom Option" section something like access_log udp://ipserversyslog:514
• G

  Installing pfSense on Sophos XG 105 rev. 2
  • Garo  

  3
  0
  Votes
  3
  Posts
  1379
  Views

  V

  If anyone is trying this and have the same issue, I followed the post from @CCPFLDN and found that I only needed to do point 2 and then only needed to enter the set kern.vty="sc" command to get the OS to boot and install. After the installation and first boot I edited the /boot/loader.conf file and added kern.vty="sc" at the bottom of the file, saved it and it is booting fine every time.
• I

  China- The first country to scan my IPv6 range.!!
  • iguanagomes  

  2
  0
  Votes
  2
  Posts
  194
  Views

  N

  @iguanagomes said in China- The first country to scan my IPv6 range.!!: hen I see a host in 240e::/18 range scanning one of my /64's. Like, LOTS and LOTS of them. Random IP's being hit in that /64 looking for VNC/Spice (5901). Heads up, China, nothing is open on that /64. I love IPv6, makes it easier to block an entire country or ISP, or end user. All those quintillion+ of IP's are now perpetually blocked. Easy Rule Block to the rescue! Kinda futile to scan a /64, it makes WAY too much noise! Should I be surprised this is actually the first lot of IPv6 I've also blocked in 10 years.... Use pfBlocker and block the whole of China by GeoIP I've had 240e:f7:4f01:c::3 knocking on my /64 door for weeks now.
• T

  Multiple IPs 1-1 Azure
  • twistedstorm  

  1
  0
  Votes
  1
  Posts
  24
  Views

  No one has replied

• C

  pppoe wont store password, how to edit in cli
  • chrcoluk  

  4
  0
  Votes
  4
  Posts
  31
  Views

  V

  @chrcoluk The number of asterisks shown is no indicator for the real number of password characters.
• B

  Snort stops and wont start it service anymore
  • bokikay  

  5
  0
  Votes
  5
  Posts
  53
  Views

  B

  @bmeeks Thank you sir, for the recommendation. :)
• M

  No LAN internet...
  • mebelowsea  

  15
  0
  Votes
  15
  Posts
  103
  Views

  

  Ooops, missed that! Yeah if you disable pf in the advanced settings that disables NAT and you need outbound NAT for any connection to work from the internal private subnet. Steve
• J

  I need a copy of pfSense-netgate-memstick-ADI-2.4.4-RELEASE-p3-amd64.img.gz
  • johnhil31047  

  3
  0
  Votes
  3
  Posts
  100
  Views

  M

  You don't need to have purchased support to open a ticket. I just went thru this myself and they sent me a link for the download in less than 5 min...now if I could just get it working!!!
• T

  Install question
  • Tewodros  

  3
  0
  Votes
  3
  Posts
  96
  Views

  

  I edited your post as it was hard to read. I assume he means just in between two switches. Maybe as a layer 2 firewall? Steve
• 

  Issues with PFSense VMware installation, http connectivity, php error.
  • Yo  

  2
  0
  Votes
  2
  Posts
  42
  Views

  

  probably there is something wrong with your installation, a factory reset will only reset the config.xml to the default value but it will not correct errors on files. you need to reinstall
• B

  Content Encoding error
  • bokikay  

  2
  0
  Votes
  2
  Posts
  36
  Views

  

  there is only one little problem, we can't see the picture
• S

  Pfsense directly connected to fiber dsl (No modem)
  • samyboyz  

  3
  0
  Votes
  3
  Posts
  98
  Views

  A

  I have CenturyLink fiber, from outside it goes to their ONT that's in my office, then ethernet directly to my PC running pFsense. Centurylink uses PPoe, so I have to enter those credentials in pFsense as well as I needed to VLAN tag the WAN with what Centurylink uses (201). After that no problems. I get 940+ up and down on their gig line.
• 

  How Can I Tell if pfSense is "Seeing" XG-7100-1U Optional 4-Port NIC?
  • JSchenk  

  4
  0
  Votes
  4
  Posts
  67
  Views

  

  @stephenw10 Yes, I have them working now. Thanks.