I have to agree with johnpoz. You have something going on with your DNS configuration. Have you checked your DNS settings to make sure you have a DNS server configured? Can you successfully look up A records for sites like www.pfsense.org and files00.netgate.com. If you can't do A record lookups you certainly aren't going to be able to do SRV record lookups.
There is an option under 'System -> General Setup -> DNS Server Settings' that allows your ISP DHCP settings to override the local DNS server settings. If you are using DHCP from your ISP and using their DNS servers make sure this is checked. This should not be unchecked unless you have your own DNS servers, you want to use different DNS servers (like google), or your ISP doesn't provide DNS via DHCP. If the box is unchecked you have to manually configure DNS servers.
If your box has Internet access to google's DNS servers you can test by using 220.127.116.11 as a DNS Server, uncheck 'DNS Server Override" and check the "Disable DNS Forwarder'. This will skip using the pfSense box for DNS and go directly to Google's DNS server. If this works then either your ISP isn't providing a DNS server via DHCP and you need to configure a DNS server manually or your own DNS server is filtering what you are allowed to resolve.
Hope this helps.
So is there still no "official" way to have all files in the disk to be included with the 2-copies scheme of set (when "zfs set copies=2 zroot" is set) after installation? I can't find anything in the Internet that answers this.
If your gateway monitoring isn't working post-2.3 upgrade, it's likely one of two things.
Verify advanced options are sane
Browse to System>Routing and edit the gateway that's down. Then click Save. That will trigger the input validation that makes sure the configuration is valid, especially the advanced options. You may have had options set for apinger that are not valid for dpinger. If you get any errors upon saving, fix them, save, and apply changes.
Set ping payload size
Some modems have a bug that makes them drop pings with 0 byte payloads. dpinger uses a 0 byte payload by default because there isn't a need to include one and unnecessarily chew up bandwidth. If you have such a buggy upstream device, you'll need to set the payload to something greater than 0. System>Routing, edit the gateway, go to Advanced, and set payload to 1. Save and apply changes.
Yes, it works again ;D
On install of OS you have options to recover config.xml from previous install before format drive.
FYI: now you can auto backup config for free out of box to netgate servers in encrypted way. Or if you have paranoid you can use curl script to download backups on another unix-based machine internally.
I completed the install with pfSense-CE-memstick-2.4.4-RELEASE-p3-amd64.img
I put the Allied Telesis 2711FX back in and it goes back into a panic.
Seems others have run into no support for this card in freebsd.
@NogBadTheBad said in random sources feed: rs_read for hardware device 'intel secure' key ring" returned no entropy:
Anything in the BIOS that can be switched off for the Intel secure key ring / random number generator ?
You may be better looking in the FreeBSD forums, I'm not sure if pfSense even uses the Intel RNG maybe @jimp or someone else from @netgate
@biggsy said in odd issue with ram?:
Thanks for the link. I think I get what it's all about. Just found it strange that both topics seemed to be about memory shortage under two different hypervisors.
I found precious little information about that specific error. In fact, practically nothing. I did see SRAT issues mentioned for ESXi and Hyper-V, though. It might take looking into some hypervisor source code to see what the error really means. Hopefully such code is commented enough that you could discern what might be up.
there are 3 LED related functions in the Check Point kernel ...
janus_pld_red_led_set (Bit 0x01)
janus_pld_yellow_led_set (Bit 0x02)
janus_pld_green_led_set (Bit 0x08)
they write to port 0x348 ... this seems to be the Altera MAX II chip (PLD) next to the diag display
btw: the PLD also monitors powersupply status
... and there are 4 LED related functions for 'Phalanx PLD' ...
this might be the explanation for the 'missing' led on the frontpanel PCB (Bit 0x04 is assume)
hope this helps - sorry for the late reply ;)
@Renat hello sir thanks for this thread it help me a lot. I have to observed this machine if error still exists. Thumbs up! ;)
AMD A6-6400K APU with Radeon(tm) HD Graphics
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: Yes (inactive)
I have 1 NIC card attached on my machine. Winyao E350T4 PCI-E X1 Quad Port 10/100/1000Mbps Gigabit Ethernet Network Card Server Adapter LAN I350-T4 NIC This is the specs the NIC card having 4 ports. I hope that the error be fixed. ;)
"Truncated ELF file" => standard OS commands are unreadable.
Leave the disk as is.
Reboot using a install device and install from scratch.
When you are asked to format the destination drive, do no go for quick one, but chose the non-default total format with check (I didn't re install pfSense on a physical disk, mine just wont die after nearly 10 years ...)
Thanks for the reply, but I think I got it all set and figured out.
After reading about the XG-7100's setup, I created VLANs for each of my LANs with the one LAGG, and then reassigned the interfaces to the new VLANs. Everything is all good now.
@kiokoman said in Locked out of WebGUI:
from the console using option 15
15) Restore recent configuration
or you can try
pkg delete pfSense-pkg-darkstat-3.1.3_4
you probably have to manually delete all reference to darkstat from the xml config later
Thanks for your help.
I actually had tried that but only tried reinstalling the backup prior to installing Darkstat. What I didn't notice was that it had, for some reason, installed Darkstat about 4 times in a row. So I restored a configuration from last week and it worked and let me have access to the WebGUI. This seems like a weird happening.
I then restored a local backup and everything appears to be working again. I installed Darkstat again it appears to be working as well.
uhm 1.7.11 was my doing, a trivial patch to permit uppercase name for the tabs on status monitoring
idk but i don't think it can't be that
I just ran the same commands on my 2.4.4-p3 and i had same results of @Gertjan. so all fine here
@stephenw10 That is a perfect temporary solution for us! Now I can at least get back into my LDAPS and user configs. Thanks! I'm going to do some testing in our non production environment and see if I get get things syncing again. Thanks for your help with this
You need more than 4GB RAM in order to enjoy zfs's file caching. I have three pfSense boxes running with zfs and M.2 stripes. No problems so far. I think the greatest advantage of zfs is that you don't have to think about how you want to partition the drive.
In case of heavy storms, one cannot exclude the risks due to induction damages caused by lightning...
Not at all, this is a preproduction test environment, but it does have other users, that kind of test things so uptime during business hours is still as important, but not critical. Most individuals test environments are virtual, so this issue hand not being picked up due to it being hardware based.
With HPA you can hide memory from your operating system to over-provision the memory and increase its lifetime.
It looks to me that your SSD indeed got bricked. Even if you can get it to work again (e.g. reflash its firmware if that is even possible with that specific drive) I would not use it again for anything critical like a router.
I do not believe this happened due to a bug in pfsense. Updates are just very "hard" on disks compared to normal routing operation, so it could really just be a coincidence it broke during the update.
Have you unlocked the modem or replaced it's firmware? The second Ethernet port is not normally active on Openreach modems.
Is it still running in modem mode?
The only way you could connect two pfSense devices to the modem is if it's running as a router. In the default modem mode you use a PPPoE session from pfSense and you can't create two PPPoE sessions.
You should use just one pfSense box behind the modem connected via PPPoE and have two subnets on separate interfaces behind that. You can that have them fully isolated or allow connectivity between them as required.
This guide will get you going on how to create the VLANs you want.
You can then create firewall rules on each interface to restrict access outbound. By default, only the LAN interface gets a Default Allow rule that passes all traffic from LAN to anywhere. All other interfaces, ie your VLANs, will require at least one rule added in order for them to talk.
I would stick with pfB instead of pihole as you then only have one device to worry about, and if pfSense goes down then you have bigger fish to fry then adblocking, ha!
Bandwidth monitoring can be done with ntop or lightsquid, depending on if you want all traffic or just http/s.
You can do scheduling with pfSense but the interface is a little clunky, and you're limited to 15 minute intervals IIRC. You create a schedule and then create a firewall rule and link to it.
No idea at this point. I would check for firmware/BIOS updates for your board if you haven't already done so.
Also, you might want to check out pfSense 2.5-devel which is based on FreeBSD 12 I believe. Not for production use, but seems to work pretty well.
@davidthomas said in 2.2.6 to 2.4.4:
Sorry it was implicit for me.
The other way for me : never worked with "LDAP" ....
But : important your settings, thena debug / test drive with the help of te https://docs.netgate.com/pfsense/en/latest/usermanager/ldap-troubleshooting.html and there is also a video about Netgate => pfSense on Youtube.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.