@breusshe I ended up finding a setting that was different between my old vpn setup and the vpn company setup for 2.5. I changed that and everything suddenly worked.
I still can't really explain why though. The entire time my VPN would connect but it did not appear to route traffic. No log entries that I could find that told me what was happening on that end either.
To answer @johnpoz question:
Do a normal install using the USB stick and select ZFS. At the end of the process, it will ask if you want to make changes to the system installed. The fault answer is "NO". Select "YES" and you will get to the shell.
In the sell you can edit /boot/default.conf using vi and add the line to it.
If vi is not a tool you like than the following should do the same:
echo 'zfs_load="YES"' >> /boot/loader.conf
I confirm that running this command in the shell at the end of the installation worked well for me, and enabled me to perform a clean install of 21.02-p1 with ZFS on my SG-5100.
I'm assuming you've tried it a couple times by now. No idea what hardware you're running, but you might want to take a peek in the BIOS to see if there is anything ... frisky ... that needs to be disabled.
I know I've had to disable a few oddball and unnecessary CPU power save features, any kind of 'auto' support that is supposed to help windows load on a machine, etc.
You may need to inch forward on your restore using the selective restore options on the "Backup & Restore" page. Take what you need, leave the rest. Then install packages manually from the new install.
Thank you for all the input.
"Network is unreachable" got me thinking of the GW settings. The FW have dual WAN with policy-based routing and the default GW was set to "Automatic".
After I manually selected a WAN interface as the default gateway, the FW managed to get information about the new 2.5 version.
You couldn't have, one of a couple things must have happened:
The USB stick didn't actually get written with 2.5.0 for one reason or another
Your disk, if it's an SSD or similar media, has failed into a read-only mode and the writes from the installation didn't actually happen on the disk, so it's still running the previous version.
The second reason could also explain why the upgrade failed.
There are other potential causes but they all center around the hardware in the unit, not the installation image itself.
@bmeeks This thread sounds like the issue you ran into in the (unrelated to this) Redmine update you just posted.
Yeah, sounds similar. I'm only working with my SG-1100 to help Netgate sort out a weird bug with Snort and Suricata on ARM hardware (specifically the SG-3100, but it may apply to the SG-1100 as well, so that's what I'm going to test with).
👻 This new version is now working and appears to be stable. I can now use pfBlockerNG without getting frequent Google Chrome certificate errors. And the Amazon app on my phone no longer crashes when pfBlockerNG is enabled. I had some initial issues out of the gate with NordVPN with this new upgrade. However, it was quickly resolved after a clean install of 2.5/ restored 2.4.5 config in 2.5 and unchecked "enable data encryption negotiation." in openvpn. I'm now with glee...Thanks Netgate for this new upgrade!!😁 😍 👻
The ntpd section is missing from the config.xml in 2.5.
Browse to Services -> NTP and hit the Save button at the bottom. You dont need to change any settings. This should create the ntpd config and it will start showing up in the Status -> Services list as long as the service is enabled.
Two instances of unbound - the same process, that's a bad sign.
unbound was asked to show stats without resetting them. Takes a milli second on my system, as it just spits out some variables.
Yours blocks doing that, stays in memory, eating up resources. That's not normal at all.
I advise you to ditch packages right away. And be sure your settings are default - especially the DNS ones.
Then, ok to change settings, but look closely and a long time to system behaviour between changes.
Indeed there is no auto-update for firmware in pfSense.
The only thing that does is the pfSense-upgrade and pkg packages in order to show you an updated repo list. That might happen if you open dashboard and have the firmware check enable.
It will still just offer the upgrade though, it doesn't do anything until you click it.
And, yes you can install as ZFS currently if you want.
For me it stopped after it terminated all processes after upgrade, as in it should have rebooted after but didn't and was stuck in limbo for like an hour. I simply restarted it manually it was fine afterwards.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.