Installation and Upgrades

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

Pkg.pfsense.org appears to be dead
• basic612

15

0
Votes

15
Posts

13675
Views

P

bonnie222, I have to agree with johnpoz. You have something going on with your DNS configuration. Have you checked your DNS settings to make sure you have a DNS server configured? Can you successfully look up A records for sites like www.pfsense.org and files00.netgate.com. If you can't do A record lookups you certainly aren't going to be able to do SRV record lookups. There is an option under 'System -> General Setup -> DNS Server Settings' that allows your ISP DHCP settings to override the local DNS server settings. If you are using DHCP from your ISP and using their DNS servers make sure this is checked. This should not be unchecked unless you have your own DNS servers, you want to use different DNS servers (like google), or your ISP doesn't provide DNS via DHCP. If the box is unchecked you have to manually configure DNS servers. If your box has Internet access to google's DNS servers you can test by using 8.8.8.8 as a DNS Server, uncheck 'DNS Server Override" and check the "Disable DNS Forwarder'. This will skip using the pfSense box for DNS and go directly to Google's DNS server. If this works then either your ISP isn't providing a DNS server via DHCP and you need to configure a DNS server manually or your own DNS server is filtering what you are allowed to resolve. Hope this helps.
P

HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive
• pfBasic

42

0
Votes

42
Posts

26140
Views

K

So is there still no "official" way to have all files in the disk to be included with the 2-copies scheme of set (when "zfs set copies=2 zroot" is set) after installation? I can't find anything in the Internet that answers this.
2.3.x "Unable to check for updates"/"Unable to retrieve package information"
• jimp

3

0
Votes

3
Posts

11269
Views

Please do not post other update failures to this thread, as they are highly unlikely to be related. Start new threads for different errors.
C

Gateway monitoring not working post-2.3 upgrade? Read here
• cmb

20

0
Votes

20
Posts

16495
Views

@dotdash I must admit that you are absolutely right. I am a very impatient person. ;) A couple of minutes ago I finally changed the Payload of the ping (I did it not right at the beginning). Also I inserted a monitoring IP on the interfaces. Now it seems to work but I have absolutely no clue why.
Issues updating from 2.3-RC (or older 2.3 installs) to 2.3-RELEASE
• jimp

65

0
Votes

65
Posts

67750
Views

W

please check your pfsense date and time .
M

Azure Instance: Why are NSG enforced?
• Morlock

1

0
Votes

1
Posts

12
Views

No one has replied
D

I can't enter the pfsense web environment
• dsanchez

2

0
Votes

2
Posts

28
Views

https://docs.netgate.com/pfsense/en/latest/usermanager/locked-out-of-the-webgui.html
P

New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14
• peterfranca

38

0
Votes

38
Posts

1672
Views

J

On day of testing my setup: 2xHPE DL360 with HPE NC562 SFP+ (Intel X710 DA2), 6core @3,4Ghz, 48 GB of RAM. I stressed the boxes with iperf3 because that was all I got at hand. Common tuning: - earlyshellcmd doing "ifconfig ixl -vlanhwtso" - tunable hw.intr_storm_threshold set at 0 - IXL cards are configured in two LAGGS configured in failover mode - each interface is a vlan tagged on one of those laggs - /boot/loader.conf.local with net.pf.source_nodes_hashsize="1048576" net.pf.states_hashsize="67108864" testing the box with 1.9.9-k driver (stock FreeSD 11.2): - iperf3 5 thread during 900s with pf enable: 6,13Gbit/s, peak at 4,25MPPS - iperf3 5 thread during 900s with pf disabled: 9,45Gbit/s - one "queue hung" on slave node at boot in dmesg but nothing after - no problem with CARP failover, going from master to slave and failing back as expected in a timely manner testing the box with 1.11.9 driver (lastest on Intel WebSite): - iperf3 5 thread during 900s with pf enable: 6,55Gbit/s, peak at 4,58MPPS - iperf3 5 thread during 900s with pf disabled: 9,45Gbit/s - some "queue hung" on slave node (mainly at boot) - problem with CARP failover, slave node stay Master randomly on different interfaces (IPv4 or IPV6) during few seconds to 10 minutes. A tcpdump on the slave node shows it can't see advertisements packet from master. A tcpdump on master shows both packet from master and slave ! to sumup, newest driver seems to improve a litlle the performance using pf. disabling TSO on vlans seems to have solved a lot of problem for me and I also gained arround 900mbit/s of throughput and 300KPPS I decided to stay on stock driver 1.9.9-k without LACP (see LLDP agent problem in Intel document) and with vlanhwtso disabled. I will continue stress testing that setup soon. Side note : for those struggling with IPV6 CARP not willing to configure (the file exists issue). The rule is to no use CAP in hexadecimal numbers and to remove leading zeroes. Ok, but that is not a always wining rule. if you have only one useless 0 in the adress, you should keep that zero. You will see in the shell that even you configured the adress using "::" in the UI, FreeBSD impose the 0. If you have more than one 0 you are good.
J

pfSense Bridge
• Jeevan.podduturi

1

0
Votes

1
Posts

25
Views

No one has replied
[Solved] Pfsense getting stuck at coretemps,
• manjotsc

9

0
Votes

9
Posts

62
Views

Thanks, all up and running now.
Mirrors de ISOs fpsense
• calitzin

4

0
Votes

4
Posts

32
Views

Perhaps the better solution would be to upgrade both to p3 if you're able to?
H

unable update package
• hamed_forum

1

0
Votes

1
Posts

21
Views

No one has replied
T

Squid User Reports Export!!
• thekpoper

2

0
Votes

2
Posts

28
Views

i'm sending all the logs to an external syslog server actually for squid you need to add in the "Custom Option" section something like access_log udp://ipserversyslog:514
T

Package manager and support not working
• tomasz1919

5

0
Votes

5
Posts

81
Views

T

It took mi some time of trying many things but reason was very simple , I had wrong system time with date 2018. Thank you all for help
G

Installing pfSense on Sophos XG 105 rev. 2
• Garo

3

0
Votes

3
Posts

1207
Views

V

If anyone is trying this and have the same issue, I followed the post from @CCPFLDN and found that I only needed to do point 2 and then only needed to enter the set kern.vty="sc" command to get the OS to boot and install. After the installation and first boot I edited the /boot/loader.conf file and added kern.vty="sc" at the bottom of the file, saved it and it is booting fine every time.
I

China- The first country to scan my IPv6 range.!!
• iguanagomes

2

0
Votes

2
Posts

109
Views

N

@iguanagomes said in China- The first country to scan my IPv6 range.!!: hen I see a host in 240e::/18 range scanning one of my /64's. Like, LOTS and LOTS of them. Random IP's being hit in that /64 looking for VNC/Spice (5901). Heads up, China, nothing is open on that /64. I love IPv6, makes it easier to block an entire country or ISP, or end user. All those quintillion+ of IP's are now perpetually blocked. Easy Rule Block to the rescue! Kinda futile to scan a /64, it makes WAY too much noise! Should I be surprised this is actually the first lot of IPv6 I've also blocked in 10 years.... Use pfBlocker and block the whole of China by GeoIP I've had 240e:f7:4f01:c::3 knocking on my /64 door for weeks now.
T

Multiple IPs 1-1 Azure
• twistedstorm

1

0
Votes

1
Posts

14
Views

No one has replied
C

pppoe wont store password, how to edit in cli
• chrcoluk

4

0
Votes

4
Posts

25
Views

V

@chrcoluk The number of asterisks shown is no indicator for the real number of password characters.
B

Snort stops and wont start it service anymore
• bokikay

5

0
Votes

5
Posts

43
Views

B

@bmeeks Thank you sir, for the recommendation. :)
M

No LAN internet...
• mebelowsea

15

0
Votes

15
Posts

85
Views

Ooops, missed that! Yeah if you disable pf in the advanced settings that disables NAT and you need outbound NAT for any connection to work from the internal private subnet. Steve
J

I need a copy of pfSense-netgate-memstick-ADI-2.4.4-RELEASE-p3-amd64.img.gz
• johnhil31047

3

0
Votes

3
Posts

77
Views

M

You don't need to have purchased support to open a ticket. I just went thru this myself and they sent me a link for the download in less than 5 min...now if I could just get it working!!!
T

Install question
• Tewodros

3

0
Votes

3
Posts

79
Views

I edited your post as it was hard to read. I assume he means just in between two switches. Maybe as a layer 2 firewall? Steve
Issues with PFSense VMware installation, http connectivity, php error.
• Yo

2

0
Votes

2
Posts

37
Views

probably there is something wrong with your installation, a factory reset will only reset the config.xml to the default value but it will not correct errors on files. you need to reinstall
B

Content Encoding error
• bokikay

2

0
Votes

2
Posts

29
Views

there is only one little problem, we can't see the picture
S

Pfsense directly connected to fiber dsl (No modem)
• samyboyz

3

0
Votes

3
Posts

77
Views

A

I have CenturyLink fiber, from outside it goes to their ONT that's in my office, then ethernet directly to my PC running pFsense. Centurylink uses PPoe, so I have to enter those credentials in pFsense as well as I needed to VLAN tag the WAN with what Centurylink uses (201). After that no problems. I get 940+ up and down on their gig line.
How Can I Tell if pfSense is "Seeing" XG-7100-1U Optional 4-Port NIC?
• JSchenk

4

0
Votes

4
Posts

60
Views

@stephenw10 Yes, I have them working now. Thanks.
A

One interface loses internet access and I could get it back only after reboot the pfsense
• ady2

37

0
Votes

37
Posts

587
Views

A

@stephenw10 Thanks a lot Steve for pointing to the right direction. Hope this fix will resolve my issue and will let me enjoy my pfsense firewall.
B

Zone: pf states limit reached?
• bokikay

14

0
Votes

14
Posts

45
Views

That is a lot of states. Does it make sense that those all exist in your environment?
Booting from different hardware: getting flooded of hashes (#)
• maxxer

2

0
Votes

2
Posts

37
Views

Probably a difference in the BIOS and how it expects to boot (MBR vs GPT, or BIOS vs UEFI). In most cases you can move a drive around, but at that point it mostly depends on the BIOS settings vs the disk boot layout/partitions.
O

Pfsense on proxmox no lan connection
• openaspace

1

0
Votes

1
Posts

21
Views

No one has replied
Package Manager Not Updating [Solved]
solved update package manager • • pfSenseTest

16

0
Votes

16
Posts

145
Views

Cool, thanks for confirming.
K

Upgrade from 2.4.4 -> 2.5 no networking
• kraduk

12

0
Votes

12
Posts

351
Views

C

Having the same trouble. After upgrading, the second re1 stopped working as soon as bsd loaded. I tried re-installing, but formatting re-installing didn't help because pfsense downloaded the latest version which disabled the second nic, again!. ifup re1 didn't work. I could see that I had a physical link, until bsd loaded and before the firewall software loaded up. The problem appears to be BSD and not pfsense. I can't install packages because 2.4.3 is looking for an upgrade and, frankly, I really don't want suffer the same trouble on a production system. Any help here would be appreciated. Not the way I wanted to spend my saturday afternoon. I ended up installing on a completely different system. Thanks
B

Bios update
• Bulldogg

3

0
Votes

3
Posts

90
Views

@Bulldogg said in Bios update: Apr 5 2014 That must be what we were selling as an APU4 right? Which is actually an APU1 with 4GB RAM. You will need to APU1 rom file if so. There is no real reason to update Coreboot on that I'm ware of though. See: https://forum.netgate.com/post/777287 Steve
T

Can Pfsense install in raspberry pi 4
• tmz

5

0
Votes

5
Posts

248
Views

there will be it one day? even without aes-ni ? afaik the crypto chip part was ripped off from the raspberry to save money but if someone have the will to make 2.4.4 work on it maybe ...
C

Pfsense no internet access on Esxi server
• craig121

27

0
Votes

27
Posts

121
Views

C

Hallelujah - its finally working and sorted - follow the OVH links for a server on OVH. I wish i had looked at the articles rather than following a youtube video where i shouldn't have configured pfSense by adding static routes etc. Plus the gateway was set incorrectly. Kom and Awebster - really appreciate your help.
B

pfsense restarts always
• bokikay

5

0
Votes

5
Posts

55
Views

B

@Gertjan thank you very much sir after I run the fsck -y command the reboot loop stop and it back to its normal operation. I hope i could not see crash report again..
S

High CPU usage after update from 2.3.4 to 2.4.0
• stevebaynet

5

0
Votes

5
Posts

86
Views

Probably this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215471 Try removing the virtual cd drive. Steve
C

Factory reset from Shell (Single User Mode)
• chrisarm

5

0
Votes

5
Posts

61
Views

On install of OS you have options to recover config.xml from previous install before format drive. FYI: now you can auto backup config for free out of box to netgate servers in encrypted way. Or if you have paranoid you can use curl script to download backups on another unix-based machine internally.
P

2.3.5 on HP T610 Plus
• Presbuteros

11

0
Votes

11
Posts

95
Views

P

I completed the install with pfSense-CE-memstick-2.4.4-RELEASE-p3-amd64.img I put the Allied Telesis 2711FX back in and it goes back into a panic. Seems others have run into no support for this card in freebsd. http://freebsd.1045724.x6.nabble.com/12-STABLE-CURRENT-Dell-PowerEdge-2950-Allied-Telesis-AT-2711FX-SC-100MBit-fibre-NIC-not-recognized-td6328982.html
O

random sources feed: rs_read for hardware device 'intel secure' key ring" returned no entropy
• ozlecz

8

0
Votes

8
Posts

32
Views

N

@NogBadTheBad said in random sources feed: rs_read for hardware device 'intel secure' key ring" returned no entropy: Anything in the BIOS that can be switched off for the Intel secure key ring / random number generator ? https://software.intel.com/en-us/blogs/2012/05/14/what-is-intelr-secure-key-technology You may be better looking in the FreeBSD forums, I'm not sure if pfSense even uses the Intel RNG maybe @jimp or someone else from @netgate

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 196

Pkg.pfsense.org appears to be dead • basic612

HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive • pfBasic

2.3.x "Unable to check for updates"/"Unable to retrieve package information" • jimp

Gateway monitoring not working post-2.3 upgrade? Read here • cmb

Issues updating from 2.3-RC (or older 2.3 installs) to 2.3-RELEASE • jimp

Azure Instance: Why are NSG enforced? • Morlock

I can't enter the pfsense web environment • dsanchez

New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14 • peterfranca

pfSense Bridge • Jeevan.podduturi

[Solved] Pfsense getting stuck at coretemps, • manjotsc

Mirrors de ISOs fpsense • calitzin

unable update package • hamed_forum

Squid User Reports Export!! • thekpoper

Package manager and support not working • tomasz1919

Installing pfSense on Sophos XG 105 rev. 2 • Garo

China- The first country to scan my IPv6 range.!! • iguanagomes

Multiple IPs 1-1 Azure • twistedstorm

pppoe wont store password, how to edit in cli • chrcoluk

Snort stops and wont start it service anymore • bokikay

No LAN internet... • mebelowsea

I need a copy of pfSense-netgate-memstick-ADI-2.4.4-RELEASE-p3-amd64.img.gz • johnhil31047

Install question • Tewodros

Issues with PFSense VMware installation, http connectivity, php error. • Yo

Content Encoding error • bokikay

Pfsense directly connected to fiber dsl (No modem) • samyboyz

How Can I Tell if pfSense is "Seeing" XG-7100-1U Optional 4-Port NIC? • JSchenk

One interface loses internet access and I could get it back only after reboot the pfsense • ady2

Zone: pf states limit reached? • bokikay

Booting from different hardware: getting flooded of hashes (#) • maxxer

Pfsense on proxmox no lan connection • openaspace

Package Manager Not Updating [Solved] solved update package manager • • pfSenseTest

Upgrade from 2.4.4 -> 2.5 no networking • kraduk

Bios update • Bulldogg

Can Pfsense install in raspberry pi 4 • tmz

Pfsense no internet access on Esxi server • craig121

pfsense restarts always • bokikay

High CPU usage after update from 2.3.4 to 2.4.0 • stevebaynet

Factory reset from Shell (Single User Mode) • chrisarm

2.3.5 on HP T610 Plus • Presbuteros

random sources feed: rs_read for hardware device 'intel secure' key ring" returned no entropy • ozlecz

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter

Pkg.pfsense.org appears to be dead
• basic612

HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive
• pfBasic

2.3.x "Unable to check for updates"/"Unable to retrieve package information"
• jimp

Gateway monitoring not working post-2.3 upgrade? Read here
• cmb

Issues updating from 2.3-RC (or older 2.3 installs) to 2.3-RELEASE
• jimp

Azure Instance: Why are NSG enforced?
• Morlock

I can't enter the pfsense web environment
• dsanchez

New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14
• peterfranca

pfSense Bridge
• Jeevan.podduturi

[Solved] Pfsense getting stuck at coretemps,
• manjotsc

Mirrors de ISOs fpsense
• calitzin

unable update package
• hamed_forum

Squid User Reports Export!!
• thekpoper

Package manager and support not working
• tomasz1919

Installing pfSense on Sophos XG 105 rev. 2
• Garo

China- The first country to scan my IPv6 range.!!
• iguanagomes

Multiple IPs 1-1 Azure
• twistedstorm

pppoe wont store password, how to edit in cli
• chrcoluk

Snort stops and wont start it service anymore
• bokikay

No LAN internet...
• mebelowsea

I need a copy of pfSense-netgate-memstick-ADI-2.4.4-RELEASE-p3-amd64.img.gz
• johnhil31047

Install question
• Tewodros

Issues with PFSense VMware installation, http connectivity, php error.
• Yo

Content Encoding error
• bokikay

Pfsense directly connected to fiber dsl (No modem)
• samyboyz

How Can I Tell if pfSense is "Seeing" XG-7100-1U Optional 4-Port NIC?
• JSchenk

One interface loses internet access and I could get it back only after reboot the pfsense
• ady2

Zone: pf states limit reached?
• bokikay

Booting from different hardware: getting flooded of hashes (#)
• maxxer

Pfsense on proxmox no lan connection
• openaspace

Package Manager Not Updating [Solved]
solved update package manager • • pfSenseTest

Upgrade from 2.4.4 -> 2.5 no networking
• kraduk

Bios update
• Bulldogg

Can Pfsense install in raspberry pi 4
• tmz

Pfsense no internet access on Esxi server
• craig121

pfsense restarts always
• bokikay

High CPU usage after update from 2.3.4 to 2.4.0
• stevebaynet

Factory reset from Shell (Single User Mode)
• chrisarm

2.3.5 on HP T610 Plus
• Presbuteros

random sources feed: rs_read for hardware device 'intel secure' key ring" returned no entropy
• ozlecz