I have a similar need. I've recently reinstall to move my pfSense build on to ZFS. I have a single 128Gb M.2 drive so have plenty space and IOPS to spare. I don't want to add a second disk even though that would give the best level of redundancy as I don't have space inside the unit. I would like to enable copies=2 which is easy to do but I would like to apply this to my full installation rather than just newly create blocks. I was thinking of doing the following but I'm not sure if this is sensible. Boot with FreeBSD ISO version that matches my current pfSense install "FreeBSD 11.1-RELEASE-p2". The do the following 1. Drop to shell 2. import ZFS pool and mount 3. create new datasets with same name as existing with "-new" at the end and set copies=2 4. cp -ax <source-path><destination-path>5. zfs rename original datasets so that "-old" is appended 6. zfs rename new datasets so that "-new" is removed from name 7. check zpool bootfs is correctly point and new boot path change if needed. 8. unmount and export ZFS pool Would the above work?</destination-path></source-path>

@Gertjan Fantastic! Changing DIOCADDALTQ to DIOCXCOMMIT works! Cheers Thomas

Please don't spam everywhere and open bug reports for things that are not bugs. There appear to be missing images there. That is not a bug. It is the middle of the night here in the USA where these things are done. Thank you for the report.

It's not an issue at all. You just used a community image for the unit. Community image is identical to the factory one with exception of AWS Wizard, IPsec profile and a few device specific tuning parameters (all of those are available on our wiki). If you have a factory image downloaded, you can install it. If not, just stick with CE.

I should have specified that we are also moving to a new location so the two old firewalls will stay until we shut down that cabinet. So setting up the new firewalls will be in a new cabinet with new IPs and connections. By moving the config I was hoping to save some time. Setting up all IP address, rules, users, etc is a ton of work. I dont think you can use the 2.26 config on 2.4? The upgrade path specified by Netgate is 2.2x to 2.4, you need to do a stop at 2.3x first. Basically, I am trying to get a workable config.xml I can use. If I follow the update path to 2.4 and have a workable config, I can blow that out and reinstall 2.4.x then import the config. I appreciate you taking the time to write that long response, very kind of you.

How did you install pfSense for the first time?  :o

2.4.0, more specifically FreeBSD 11.1 - does not support drivers for Mellanox Connectx3, and Mellanox has no plans to provide upgraded drivers to support FreeBSD 11. If the new cards are available and running what is now the real problem? If it is urgent you could buy this cards and all will be fine for you and your company, or? So this are Infiniband adapters, and this is more or less well known and used for any kind of SAN or storage networks, for sure in some rarely cases this can be interesting for admins to get the hands on and together with their switches able to serve 40/56 GBit/s or 25/50 or 50/100 or 100/200 GBit/s it could be nice to get this working well or together with different OS. But perhaps also the money is rare and a driver not given, you could try out to install pfSense inside of a VM to get the benefits of that adapters and being able to use pfSense more then other distributions. Rather their support informed us that Connectx4 NICs ARE compatible with FreeBSD 11. For sure a generic kernel driver from them would be fixing many things, but for perhaps some rare interested users they don´t hire a driver coder I really think.

If it can run NanoBSD, it can probably run a full install. As long as it's 64-bit hardware and can boot from USB to run the installer. As for the /tmp and /var bit, if you look at System > Advanced on the Miscellaneous tab there you will find the option to place /tmp and /var in RAM disks. The vast majority of the writes on pfSense are in /tmp and /var to temporary volatile status files or logs, and placing those in RAM disks will prevent those writes from wearing out your drives.

By the way. I was forced into reinstalling because my installation broke when I restored a config I had created only minutes before. The backup config.xml included RRD data and after the restore I got a message saying some specific line from the RRD data wasn't allowed twice in the config. (Something like that, I don't remember exactly what the message was and I found no duplicated lines in the file anyway.) After this the WEB GUI was completely down and my pfSense was offline. Restarting the machine didn't help. There was no way left to restore another (older or repaired) config.xml. Login with ssh was possible but even other options in the console menu didn't work. Due to being offline I had no opportunity to ask the community how to resolve this. So I reinstalled the system using the most current version I had available locally which was a 2.4.0 BETA. Lessons learned: Prefer the config history feature to revert to previous settings over restoring a config file. Don't backup RRD data, feature is broken anyway. Run pfSense with zfs. Even with no redundancy (1 ssd in the system) this still provides snapshots on a system level in case restoring a config.xml doesn't work. Create snapshots regularly. Have an installation image available locally for the current and at least one previous pfSense version (even if the system got updated online).

@Qinn: (…) btw Maybe it doesn't matter, but I have noticed that after the upgrade to 2.4.1 the beep, when you login, is back (I remember disabling it). (...) https://doc.pfsense.org/index.php/Disable_Sounds/Beeps

https://www.freebsd.org/doc/handbook/zfs-zpool.html

It worked perfectly for me. But having a backup of your config somewhere can never be a bad idea…..!

Yeah - Its nice to be able to put hands on it or have someone handy who will do it for you. Years ago, you could downgrade with the same update gui you used to upgrade.  Later they improved things, so that doesn't work anymore. I suspect they could make it possible if they wanted.

"Do you have any idea what this could be" Hmmm – let me look deep into my crystal ball... Nope must be on the fritz... How about you actually give us some details of what you changed.. "After the creation of some VLAN's in PFsense" Since your running on esxi.. Did you change the setting the vswitch from 0 to 4095 if your going to be passing vlan tags?

Same problem here. Our firewall worked fine with pfSense 2.3.4. We use a firewall with 8 NICs: igb0: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb1: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb2: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb3: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb4: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb5: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb6: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">igb7: <intel(r) 1000="" pro="" network="" connection,="" version="" -="" 2.5.3-k="">After updating to 2.4.1 we start to have problem on NIC igb2 and igb3, connected to switches Allied X510. NICs igb4, igb5 and igb6 are connected to external routers and they work fine. Deactivating and reactivating NICs igb2 and igb3, they start working fine. Restarting the firewall the problem, sometimes, returns. Thanks for you help Giovanni</intel(r)></intel(r)></intel(r)></intel(r)></intel(r)></intel(r)></intel(r)></intel(r)>

Hi Juve, No idea why that sentence is there. Will remove it, thanks.

Same problem here. But the solution above doesn't work for me. (No lagg in config.xml, adapting vtnet0 accordingly, leads to unassigned interfaces on reboot, when replacing all occurencies accordingly. Manually chaniging only the vlan und pppoe sections does not help either - interfaces assignment works again, but pppoe still does not.) The PPPoE Client ceased working right after upgrading from 2.4.0 to 2.4.1. Furthermore - with a backup default gateway, manually configured - package updates fail. e.g. a shell dependency of freeradius3: https://pkg.pfsense.org/pfSense_v2_4_1_amd64-pfSense_v2_4_1/All/bash-4.4.12_2.txz Despite name resolution is working here I see a „host not found“ message. I also tried to manually download that from a different client (with wget) and through an LTE connection. All the same pkg.pfsense.org does not exist. For the PPPoE problem - reinstalled 2.4.1 from it's clean CE iso, restored the config - same error. I reconfigured the pppoe connections from the scratch - same error behaviour. BTW, there is even more: MTU settings are missing on the "Advanced and MLPPP" tab. I used to have baby jumbo frames configured there. For the logs: System logs/PPP show setting the MTU, a try to connect and no data. Just as when using the wrong vlan. I reverted to a virtual disk of 2.3.x - worked all well. I guess 2.4.1 didn't receive sufficient testing. Blame on me.

It just so happens that I did install using ZFS. However, I did not take any snapshots beforehand so I guess I'm screwed there as well… I wonder, is there a way to upgrade again from the local console "over" the non-working version to the next development update? That is to say, would it be possible (and equally as important, easy for a newcomer) to grab the update from another machine connected to the network, throw it on a USB and then run the upgrade on the locally accessible PFsense box? I figure maybe subsiquent upgrades might "patch over" the issue.