@cfbcfb said in Wan not coming up, fresh install.:

Connected to the router via wifi and my phone, got a "this network wants you to sign in" and when I clicked that, it brought up the comcast login

That's your OS / brower playing the captive portal detection mode !
That means your WAN is using a RFC1918 IP, and when you start your bowser it hits the GUI web server of the modem, because it's router part is redirecting the browser requests to it's internal Web GUI, where you have to login.

What about playing with these option on the WAN interface :

37b478df-9583-49cc-9cf0-9fd448fc633f-image.png

See manual - Advanced Configuration.

Thanks all for the suggestions. Of course, the tutorials all had one external physical port for WAN and the private for the LAN, then never really explained how to connect the LAN part to a physical port.

So if I have this right, I have TWO externals, one for WAN and one for LAN, set autostart on the vm (I think its set that way already as pfsense came up started after a reboot) and disable VMQ if its there. I did look at the hardware acceleration and saw IPSEC accel and something else (forget) which sounded helpful, but this is my first enterprise grade card.

Cheap on amazon right now, $32 "renewed" (server pull from a proliant. Look for hp four port enterprise to find it. Two intel Gb controllers, four ports.

I'll give it a go in the morning and report back how it went. If all else fails, I have an unfortunately large cube with an i5-6400, 8GB of ram and a small SSD. Love to have it on this always-on machine with the water cooled 6700K and 32GB, but if the vm/pfsense thing just keeps stymieing me, guess I'll run it dedicated and play with trying to get it working on the vm on the bigger machine.

Been in computers for 40 years, and this is my first VM and "make your own router/firewall" experiment. I already had a fun time using Windows Spaces (sort of a software raid capability with parity) with a mishmash of old 2GB drives, four of them made a 7.5GB parity fault tolerant array. Cool, the drives can even be different sizes and/or geometries, internal or external usb/esata and it still uses the whole thing, like JBOD but with parity. Plus 550MB/s reads and 250MB/s writes with 4 old 5400 rpm WD green drives of varying age.

Anyhow, I'll report back in tomorrow. Thanks for the support and understanding, you don't always get nice helpful folks on forums.

So the issue is smp

https://people.freebsd.org/~kuriyama/www/smp/index.html

smp in relation to "Safe Mode" was discussed here:
https://forums.freebsd.org/threads/pfsense-what-exactly-is-that-safe-mode.56524/

To resolve this issue, I went into pfsense admin. Go to Diagnostics / Edit File.

Find file: /boot/loader.conf

Add the following:

Reboot

Note: Disabling smp has some performance side-effects.

Issue resolved after attaching USB LAN card. Now I am getting full upload and download speed with MDS and SNORT enabled. It is stable for now lets see how it work for one week :)

All good sorry. No idea what happened

Today testing with rum USB WiFi adapter.
Removed previously used WiFi interface, reboot, install new settings, in most default settings.
Crashed only when I set Access Point mode for WiFi adapter.
On Client modes work w/o crash.

P.S. Early version of pfSense was ok on AP mode.

@jimp Since it's happened twice to me (and I only find a very few instances of anyone else having the issue), I'm assuming there must be something marginal about my SG-4860. Hopefully, that won't grow into anything worse. But, next time, I'll try to remember to watch it through the console.

Thanks for the reply.

@154218K2 FWIW, the system in my sig works fine on 2012R2. What server ver? Tried Gen 1? Yes, I did have the 2.4.5 CPU problem, but I had checkpointed before update so rollback was no issue. I'd probably create a fresh 2.4.5-p1 Gen 1 machine and restore your backed up config, and give it the same MACs as your previous machine so limited downtime if you have to turn one off and the other on. HTH

As a last resort, I have tried to install pfSense 2.4 using ZFS as the file system and it finally installed. ☺

However, I am seeing some error message after completing the boot. Here is what I am getting:

CAM status: Uncorrectable parity/CRC error
Retrying command
WRITE_FPDMA_QUEUED. ...

I have just validated the disk a few days ago and don't believe that there is a physical problem with the disk. So, I am assuming that it is once again some kind of compatibility issue. Will do some research on it, but at least I can now take a look at the Web UI.

Finally some progress!

@jimp said in Cannot uninstall nor upgrade squidGuard:

Hey, that's me! ... But I take no offense because it is a giant kludge. It does have some rare but specific useful purposes, but it gets used as a sledgehammer more often than not.

You... you... klutz 😁
Jokes aside sometimes I wish the package would be hidden in some "debug/expert" options only. I see that popping up far too often for my liking. Often the cultprits aren't even sure why they installed it or it's because of misunderstood problems (restarts of unbound because DNS errors etc.)

Can't we hide it from the UI and only allow it to be installed hands-on via shell/ssh? 😏
Or just throw a big red box of test above it so it's understood, that it's only a workaround but no "solution"? 😃

But as for the OP problem: is the "new" pkg tool somehow more sensible for running services? We had our share of problems after updating to 2.4.5p1 and afterwards, too and most of them are due to pkg deadlocking or stalling with packages, especially the big ones like FRR, Squid, pfBlocker?

As a side note: It would be nice to have a tool like service restart, that could use trigger/event conditions like other internal processes do e.g. WAN down/renewed IP, gateway fail, service xy restart, package (re/un)install, sync, whatever ;) That would be more in the way of the "shellcmd" package but it would make quite a few things easier to handle :) Especially a hook like "after any change written to config.xml" would be incredibly nice for doing some backup'py stuff.

These kinds of installation issues are quite rare.

I'm not sure we have enough information to precisely tell you the problem or how to fix it, but maybe we can start to work it out.

FreeBSD (and thus pfSense) can boot using UEFI since FreeBSD 10.1, however, depending on the BIOS/UEFI in your laptop it might help to enable CSM (Compatibility Support Module) to allow booting in legacy BIOS mode. CSM enabled should generally be the most safe option (my experience).

Regarding AHCI or IDE this is mostly to do with your SATA ports, but may affect USB drives aswell. AHCI mode should be default, IDE being legacy mode for very many years now.

Installation to USB drives is generally a bad idea, since the controllers and NAND chips on USB drives are not really geared for that kind of workload. You should REALLY consider installation to a small SSD or even a Harddrive. At least to work out if the issue is related to the one or more USB drives, that you have attempted to use.

So after hours of fun it truns out this is a bug. See https://forum.netgate.com/search?term=stuck%20after%20deinstall&in=titlesposts for more details.

In short you need to stop the squid services before the re-install can complete successfully!

Glad you have got it working. 👍

-Rico

Hi,

Contact support.
They give you the steps to update your SG-1100 so everything is fine again.

1: Boot offset could be your Bios (hw) clock being wrong.
Check & Correct

2: Investigate the NTP peers
Diagnostics -> Command prompt
Run the command : ntpq -p

3bbf1e64-255a-4308-b256-6276776cadfb-image.png

Paste output here

/Bingo

@reza-mnp said in unbound DNS Resolver Will Not Start:

Shared object "libevent-2.1.so.7" not found, required by "unbound-checkconf"

"libevent-2.1.so.7" is not /var/unbound/unbound.conf.

I saw this one https://forum.netgate.com/topic/154509/libevent-2-1-so-7-not-found and I can create that situation rather easily : by deleting that lib file.
Still, there is not enough info.

Hah, don't I feel stupid.

Thank you.

Wow.. Yeah.. Thanks! I think I'm in the market for some new hardware.. It was good to see all that in writing