Installation and Upgrades

• B

  Pkg.pfsense.org appears to be dead
  • basic612  

  15
  0
  Votes
  15
  Posts
  14106
  Views

  P

  bonnie222, I have to agree with johnpoz.  You have something going on with your DNS configuration.  Have you checked your DNS settings to make sure you have a DNS server configured?  Can you successfully look up A records for sites like www.pfsense.org and files00.netgate.com.  If you can't do A record lookups you certainly aren't going to be able to do SRV record lookups. There is an option under 'System -> General Setup -> DNS Server Settings' that allows your ISP DHCP settings to override the local DNS server settings.  If you are using DHCP from your ISP and using their DNS servers make sure this is checked. This should not be unchecked unless you have your own DNS servers, you want to use different DNS servers (like google), or your ISP doesn't provide DNS via DHCP.  If the box is unchecked you have to manually configure DNS servers. If your box has Internet access to google's DNS servers you can test by using 8.8.8.8  as a DNS Server, uncheck 'DNS Server Override" and check the "Disable DNS Forwarder'.  This will skip using the pfSense box for DNS and go directly to Google's DNS server.  If this works then either your ISP isn't providing a DNS server via DHCP and you need to configure a DNS server manually or your own DNS server is filtering what you are allowed to resolve. Hope this helps.
• P

  HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive
  • pfBasic  

  42
  0
  Votes
  42
  Posts
  26698
  Views

  K

  So is there still no "official" way to have all files in the disk to be included with the 2-copies scheme of set (when "zfs set copies=2 zroot" is set) after installation? I can't find anything in the Internet that answers this.
• 

  2.3.x "Unable to check for updates"/"Unable to retrieve package information"
  • jimp  

  3
  0
  Votes
  3
  Posts
  11345
  Views

  

  Please do not post other update failures to this thread, as they are highly unlikely to be related. Start new threads for different errors.
• C

  Gateway monitoring not working post-2.3 upgrade? Read here
  • cmb  

  20
  0
  Votes
  20
  Posts
  16580
  Views

  

  @dotdash I must admit that you are absolutely right. I am a very impatient person. ;) A couple of minutes ago I finally changed the Payload of the ping (I did it not right at the beginning). Also I inserted a monitoring IP on the interfaces. Now it seems to work but I have absolutely no clue why.
• 

  Issues updating from 2.3-RC (or older 2.3 installs) to 2.3-RELEASE
  • jimp  

  65
  0
  Votes
  65
  Posts
  68079
  Views

  W

  please check your pfsense date and time .
• B

  update page won't display
  • beatvjiking  

  3
  0
  Votes
  3
  Posts
  17
  Views

  

  I have occasionally seen that. That page is what shows when it is running a firmware upgrade since that is also pkg based. If you see that page it is because a pkg update is already running and it's trying to show you the output from that. When I have seen it it's because the process has stalled for some reason. I would expect a reboot to clear it or you can usually manually kill the existing update process and restart it. Steve
• C

  Error after restore backup
  • ColinDexter  

  2
  0
  Votes
  2
  Posts
  13
  Views

  

  That can happen immediately following a restore before pfBlocker has been able to download lists and update the aliases. If pfBlocker is updating correctly and you don't see it again if you reboot then it's not a problem. Steve
• P

  New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14
  • peterfranca  

  47
  0
  Votes
  47
  Posts
  1962
  Views

  J

  A quick FollowUP running 1.11.20 : 9 days uptime no error so far. throuhput is good, no issue we added 6 new vlan in the last 9 Days and everything works as expected for the moment. we did test multiple master/slave failover/failback, no issues I'll continue to keep you informed.
• S

  Up and running new user
  • Sumo  

  1
  1
  Votes
  1
  Posts
  26
  Views

  No one has replied

• M

  L2TP/IPsec VPN setup with WAN VIP
  • mfmsgk  

  2
  0
  Votes
  2
  Posts
  23
  Views

  M

  UP
• G

  No filtering when using bridge
  • graham1871  

  5
  0
  Votes
  5
  Posts
  43
  Views

  G

  Thank you for your help. It does seem to be up and running now! Thanks.
• A

  CVE-2019-19521 and PFSense
  • achtgm  

  4
  0
  Votes
  4
  Posts
  76
  Views

  

  @JeGr said in CVE-2019-19521 and PFSense: The CVE talks about OpenBSD, not FreeBSD. Hummm. Pretty good point ...
• B

  SG1100 - Messed up my switch and vlans.. Now I have no access..
  • billsecond  

  2
  0
  Votes
  2
  Posts
  28
  Views

  B

  I was able to log into the console and restore to a previous configuration (not a backup)
• O

  Setting Up without connecting to Wan or Lan.
  • oneclear  

  1
  0
  Votes
  1
  Posts
  22
  Views

  No one has replied

• B

  no routing after upgrade
  • brandonCS  

  1
  0
  Votes
  1
  Posts
  29
  Views

  No one has replied

• 

  PFSense KVM Guest: Partition X does not start on physical sector boundary
  • pitchfork  

  1
  0
  Votes
  1
  Posts
  7
  Views

  No one has replied

• D

  Crazy thing happened... HDD not recognized by bios after installing pfSense (NOT Detected, but "bootable").
  • DIY_Tony  

  4
  0
  Votes
  4
  Posts
  87
  Views

  

  Looks like that's probably pre-UEFI so I doubt that's a factor. Yeah there was some odd stuff when SATA first started to appear, like appearing as IDE devices... I would look at the device modes available in the BIOS for the SATA ports. Steve
• D

  Fresh installation / DHCP not handing out IPs on any other physical interfaces.
  • Dajinn  

  2
  0
  Votes
  2
  Posts
  22
  Views

  

  The first two interfaces would be igb0 and igb1, did you mean LAN is on igb1? The WAN should never hand out DHCP leases. It might itself be a dhcp client though. LAN is the only interface defined by default and the only interface configured for DHCP by default. Have you configured all 6 other NIC as interfaces and enabled DHCP on them? Steve
• V

  Can't reinstall on SG-3100
  • vlayote  

  2
  0
  Votes
  2
  Posts
  35
  Views

  V

  Aaaand, after some searching on the forum (not that I didn't look beforehand), I've found what I was looking for, after the fsck everything is good. " At the console press any key to interrupt the boot loader when you see: Hit [Enter] to boot immediately, or any other key for command prompt. At the prompt enter: boot -s That will boot in single user mode to a question asking for a path to the shell, just press return to reach the # prompt. At the # prompt run the following command: /sbin/fsck -y / Run the fsck command at least 6 times; Repeat the command until no errors are reported, even if fsck claims the filesystem has been marked "clean". Reboot by running: /sbin/rebootThe fastert way to get you back up and running is to re-install. " Thanks, Vlad
• 

  Python 3 Installation
  • jwsi  

  1
  0
  Votes
  1
  Posts
  37
  Views

  No one has replied

• A

  Installing pfSense on Silicom DNV-Nano
  • artnet  

  2
  0
  Votes
  2
  Posts
  38
  Views

  

  Yeah you should not use the ADI image for that the com ports are standard I imagine. What sort of bad performance are you seeing? Steve
• T

  Trying to install pfsense on Nexcom NSA5130-OS1 - just freezes.
  • Tenou  

  7
  0
  Votes
  7
  Posts
  73
  Views

  T

  I've tried disabling acpi in the bios and well - it seems to work now. Sometimes the solution is so easy you just don't think about it. Thank you for your help!
• G

  Installing pfSense on Sophos XG 105 rev. 2
  • Garo  

  6
  0
  Votes
  6
  Posts
  1532
  Views

  S

  PFSense on a Sophos SG-105W appliance is working fine with the instruction above. It would be create, if the WLAN-Modul would work too. In the Interface Menu: "no interface available"... Any idea how to fix this? Thanks
• B

  Draytek router to pfsense port forwarding
  • BillyNet  

  3
  0
  Votes
  3
  Posts
  25
  Views

  B

  Thanks Steve, Agreed double NATing is not whats wanted. The Draytek has a DMZ, I will give that a try. Mark
• L

  install of 2.4.4 fails, can't find NVME SSD?
  • lifespeed  

  5
  0
  Votes
  5
  Posts
  77
  Views

  L

  After switching to a modern USB 3.0 stick the interaction with the motherboard seemed better. The Corsair USB stick showed up in the BIOS as a USB hard drive. I was able to use only the new UEFI boot settings in the BIOS, boot and install pfSense 2.4.4 using ZFS file system to the NVME SSD, configure the 1Gbase-T WAN and 10Gb SFP+ LAN interfaces, connect the Netgear CM1000 DOCSIS 3.1 cable modem and Ubiquiti US-16-XG switch to pfSense and connect to the internet using a 10G/1Gbase-T port on the Ubiquiti switch connected to a 1Gbase-T laptop. So it works at a basic level without configuration of either pfSense or the Ubiquiti switch, including the 10Gb SFP+ fiber ports. Lots of configuration work to look forward to, especially the Comcast dynamic IP to IPV6 VLANs.
• T

  SG-1100 setup issues
  • troch  

  2
  0
  Votes
  2
  Posts
  29
  Views

  

  When you unboxed your 1100 it already contained the latest version. @troch said in SG-1100 setup issues: I changed the ports to the specified mvneta0.4090, etc. You mean : you edited the saved config.xml from your PC pfSense, and imported it like that into the SG-1100 ? True, editing a backed up config.xml file from system A using processor Y can be used on system B, processor Z. Note : processor in not important here ^^ Also : export an identical pfSense version. You could upgrade from an older pfSense version but then you should check out ( == read ) the upgrade noties. "What I would do" : Power up the new SG-1100 hooked up only to it birth-line : the micro-USB-serial cable. No Ethernet cables - nothing else. Just the console and the power. See how it boots. For example : check if both LAN and WAN are already assigned. Take a look at the config.xml file of the new SH-1100 (i will be small). Use the command line option, command "viconfig". You can always reset to "factory settings" with the console menu. You could hook up a LAN device, goto the Web GUI and import your original (from old PC° config.xml "as is". When done, use "reboot" from te console. When it comes up, the boot up process will ask you to assign interfaces, as drivers names for the NIC's changed. When these are setup up, it should finish booting, installing packages you used on the old PC pfSense etc (this could take some time). Basically, that's it. edit : what I don't know .... because I do not have hands on experiences with the SG-1100 : it could include 'other' hardware devices like build in switches that need settings in the config.xml - which will not exit any more when you copy over that file from another system. That's why I mentioned above : compare initial config.xml files first
• P

  how to install pfsense firewall on private network
  • poohzaza1234266  

  7
  0
  Votes
  7
  Posts
  54
  Views

  P

  magic!!!!!!!!!!! ti work !!!!!!!!!!!!!!!!!!!! thanks you so much for helping me
• S

  Importing config from the "other" freebsd firewall?
  • sporkme  

  4
  0
  Votes
  4
  Posts
  43
  Views

  S

  Hmmm, they are diverging, but migrating chunks is possible. Here's the opn format for aliases. Of note, it's nested within the firewall section. There is also a UUID attached, but that's simply ignored on input. Also "description" is "descr" and wrapped in CDATA tags, "content" needs to be combined to a single line and changed to "address", and the fields for "update frequency", "counter" and "enabled" can be removed: <Firewall> <Alias version="1.0.0"> <aliases> <alias uuid="e64c76f3-49bb-4b8c-8f77-440bbe964e61"> <enabled>1</enabled> <name>voip</name> <type>host</type> <proto/> <counters>0</counters> <updatefreq/> <content>10.3.2.19 10.3.2.20 10.3.2.21 10.3.2.51</content> <description>voip devices</description> </alias> </aliases> </Alias> </Firewall> And the same after some massaging: <aliases> <alias uuid="e64c76f3-49bb-4b8c-8f77-440bbe964e61"> <enabled>1</enabled> <name>voip</name> <type>host</type> <address>10.3.2.19 10.3.2.20 10.3.2.21 10.3.2.51</address> <descr><![CDATA[voip devices]]></descr> </alias> </aliases>
• H

  Upgrading to Intel I350v2 card
  • Hammer8  

  3
  0
  Votes
  3
  Posts
  66
  Views

  H

  Worked perfectly! Thank you!
• J

  Nano version greyed out for download?
  • jjevans  

  3
  0
  Votes
  3
  Posts
  47
  Views

  J

  Thank you Steve for the insight. That was very helpful.
• M

  first installation of PfSense ever: what hardware do you suggest?
  • mfran2002  

  3
  0
  Votes
  3
  Posts
  105
  Views

  M

  @kiokoman thanks!
• P

  "The unsigned image's hash is not allowed" during setup
  • PascalB41  

  2
  0
  Votes
  2
  Posts
  24
  Views

  

  That's a Hyper-V issue, not pfSense. Probably a boot option like "Secure Boot" you can disable to get past it.
• T

  Help with CAM status: Command Timeout
  • TubsAlwaysWins  

  13
  0
  Votes
  13
  Posts
  5853
  Views

  M

  @Nullity, I was facing the same problem, " CAM status: Command timeout" and your answer worked for me on pfsense 2.4.4 installation using a pendrive: I've add "set hw.ata.ata_dma=0" on boot options and install proceeded with no errors. Once pfsense installed, it was needed to edit the /boot/loader.conf file and add the same option so that persist it on next boot. Thanks.
• 

  Stuck at booting after upgrade to version 2.5.0 development snapshot
  • rogercwb  

  3
  0
  Votes
  3
  Posts
  123
  Views

  

  The switch issue appears to be a general problem on 2.5.0 right now, at least on the 3100.
• R

  Installing mSATA on APU board
  • robina80  

  6
  0
  Votes
  6
  Posts
  2909
  Views

  S

  @robina80 said in Installing mSATA on APU board: i have succesfully done it downloaded and put the image on my usb stick using "win32 disk imager" inserted it in free usb port connected serial cable to laptop, opened up putty and changed baud rate to "115200" to see the boot menu and boot of the usb closed/opened putty again and changed the baud rate to "9600" so i can install and follow the on screen instructions once done i changed my boot order so the first option was my mSATA once i could log back in the webgui i restored my settings so it was like how i had it before Hi ! I faced up to a BIG trouble while upgrading to the latest version of pfSense (2.4.4-RELEASE (Patch 3) ) : unable to boot, something to do with CPU microcode update ? # service microcode_update start If the CPU requires a microcode update, a console message such as the following will appear: Updating CPU Microcode... /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl0 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl2 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl4 from rev 0x17 to rev 0x22... done. /usr/local/share/cpucontrol/m32306c3_00000022.fw: updating cpu /dev/cpuctl6 from rev 0x17 to rev 0x22... done. Done. >>> Setting vital flag on pfSense... done. External config loader 1.0 is now starting... ada0s1 ada0s1a ada0s1b Launching the init system...Updating CPU Microcode... Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x800e29000 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff81189dde stack pointer = 0x28:0xfffffe0035f2a940 frame pointer = 0x28:0xfffffe0035f2a940 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 608 (logger) I proceeded like robina80 explained, booting from USB with "pfSense-CE-memstick-serial-2.4.4-RELEASE-p3-amd64" version, USB keyboard attached, Serial port to 115200 ==> Everything went back, pfSense is now able to boot ;-)
• Y

  UPgrade from 2.4.4 to 2.4.4_3: not squidguard
  • yosoypako  

  4
  0
  Votes
  4
  Posts
  77
  Views

  Y

  Hello. I have re-installed the squidguard package and re-booted the firewall. Now I can see squidguard on the services menu. And I have not lost the previous configuration for the service. Next step: play with the ssl url filtering. Thanks for your help.
• C

  having trouble with configuration
  • csf2618  

  4
  0
  Votes
  4
  Posts
  58
  Views

  C

  basically my routers are aging and instead of going with expensive home network crap i want to build my own network solution out of my old workstation why because find me a router with a 3.2GHz core 2 quad 8GB ram and i was originally goig to use x86 ddwrt but then i found pfsense and saw how much i could improve my network security and how i could seperate my server and home network
• A

  filter_reload_status filling /var/run directory
  • AguianldoSilva  

  9
  0
  Votes
  9
  Posts
  135
  Views

  C

  I know this topic is quite old, but did anyone resolve this issue? I am running into the same thing. [2.4.4-RELEASE][root@att.com]/var/run: ls -l total 144 drwxrwxr-x 2 root operator 512 Sep 29 03:08 .snap srw-rw-rw- 1 root wheel 0 Sep 29 03:08 check_reload_status -rw------- 1 root wheel 3 Sep 29 03:08 cron.pid -rw------- 1 root wheel 3 Sep 29 03:08 devd.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:08 devd.pipe srw-rw-rw- 1 root wheel 0 Sep 29 03:08 devd.seqpacket.pipe lrwxr-xr-x 1 root wheel 19 Sep 29 03:08 dmesg.boot -> /var/log/dmesg.boot -rw-r--r-- 1 root wheel 5 Sep 29 03:09 dpinger_WAN2GWv6~2001:1890:c03:960::11e5:95e2~2001:1890:0c03:0960:0000:0000:eee5:95e2.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:09 dpinger_WAN2GWv6~2001:1890:c03:960::11e5:95e2~2001:1890:0c03:0960:0000:0000:eee5:95e2.sock -rw-r--r-- 1 root wheel 5 Sep 29 03:09 dpinger_WAN2GW~206.121.142.210~206.121.142.209.pid srw-rw-rw- 1 root wheel 0 Sep 29 03:09 dpinger_WAN2GW~206.121.142.210~206.121.142.209.sock -rw-r--r-- 1 root wheel 6 Sep 29 03:09 expire_accounts.pid -rw-r--r-- 1 root wheel 25478 Nov 5 14:18 filter_reload_status -rw-r--r-- 1 root wheel 6 Sep 29 03:09 filterdns.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 filterlog.pid -rw-r--r-- 1 root wheel 6 Nov 5 14:20 haproxy.pid -r--r--r-- 1 root wheel 230 Sep 29 03:13 ld-elf.so.hints -r--r--r-- 1 root wheel 129 Sep 29 03:13 ld-elf32.so.hints srw-rw-rw- 1 root wheel 0 Sep 29 03:09 log srw------- 1 root wheel 0 Sep 29 03:09 logpriv -rw-r--r-- 1 root wheel 6 Sep 29 03:09 nginx-webConfigurator.pid -rw-r--r-- 1 root wheel 5 Sep 29 03:09 ntpd.pid -rw-r--r-- 1 root wheel 6 Sep 29 04:19 openvpn_server1.pid -rw-r--r-- 1 root wheel 5 Oct 14 11:17 pfSense-upgrade-GUI.pid -rw------- 1 root wheel 25 Nov 11 11:46 pfSense_version -rw-r--r-- 1 root wheel 1 Nov 11 11:46 pfSense_version.rc -rw-r--r-- 1 root wheel 3 Sep 29 03:08 php-fpm.pid srw------- 1 root wheel 0 Sep 29 03:08 php-fpm.socket -rw-r--r-- 1 root wheel 6 Sep 29 03:09 ping_hosts.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 radvd.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:08 sshd.pid drwx--x--x 3 root wheel 512 Oct 14 11:17 sudo -rw------- 1 root wheel 5 Sep 29 03:09 syslog.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 unbound.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 update_alias_url_data.pid -rw-r--r-- 1 root wheel 6 Sep 29 03:09 updaterrd.sh.pid -rw-r--r-- 1 root wheel 0 Sep 29 03:08 utmp -rw-r--r-- 1 root wheel 394 Nov 11 11:47 utx.active -rw-r--r-- 1 root wheel 6 Sep 29 03:09 xinetd.pid drwxr-xr-x 2 zabbix zabbix 512 Oct 14 11:17 zabbix-agent I am also having an issue with the /var/run folder getting filled up due to Zabbix. I have to uninstall Zabbix from pfSense and the file goes from being really small to about 3 megs in a week. [2.4.4-RELEASE][root@att.com]/var/run: cd sudo [2.4.4-RELEASE][root@att.com]/var/run/sudo: ls -l total 4 drwx------ 2 root wheel 512 Oct 14 11:17 ts [2.4.4-RELEASE][root@att.com]/var/run/sudo: cd ts [2.4.4-RELEASE][root@att.com]/var/run/sudo/ts: ls -l total 3168 -rw------- 1 root wheel 3211264 Nov 11 11:53 zabbix [2.4.4-RELEASE][root@att.com]/var/run/sudo/ts: I was not having this issue until I updated pfSense to 2.4.4 release p3 about 2 months ago. Thank you for any help you can provide.
• I

  HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile
  • ibysmalls  

  17
  1
  Votes
  17
  Posts
  1122
  Views

  

  @pragalbh said in HP Qlogic NC523SFP Driver install Freebsd 11 pfsense kernal recompile: Go To System >> Advance >> System Tunables >> add new Tunables : if_qlxgb_load Value: YES That won't work there, it's a loader varialble you need to put it in /boot/loader.conf.local as @dotdash described above. The system tunables section there is for sysctls, it equates to sysctl.conf in FreeBSD. Steve
• M

  Install pfSense from USB does not load kernel??
  • MasterAdde  

  28
  0
  Votes
  28
  Posts
  128
  Views

  M

  @Gertjan I used "diskpart" also to wipe the usb before flashing to pfsense.......strange Tried rufus. etcher and win32manager, all failed :( everyone of them wiped in diskpart I have not failed befor when using rufus or etcher to flash pfsense just this version...can be a bad img as well, I dont really know way..... /Adde