I assume you mean a load-balancer in AWS itself rather than another VM running there? The routing there could get ugly! Steve

Not enabling DHCP did it. Not sure why that would even be, but it worked, many thanks

Hi, I've faced the same issue, just now. I run couple psSense 2.4.4-RELEASE as a virtual machine on a XenServer 7.2.0 HA cluster without any issues about 2 years. Before now, I used dedicated virtual network interfaces to connect virtualized pfSense VMs to my VLANs. Couple days ago I decided that its time to connect pfSence to a trunk and configure VLANs on it. I did it and it works but with MTU issues. It looks like it works but at the same time, heavy traffic like SMTP over TLS doesn't go through or heavy https web pages can't be opened. 1469 is the largest ICPM packet size can go through the VLAN interface. So, I would appreciate if anyone can help to resolve the issue and a specially if the topic starter can share his experience and explain what was wrong with the kernel drivers for the server NICs.

I did the upgrade, just by backup the config and restore the config on 2.4.4 - with no problems at all. One interresting thing is that the upgrade I now got almost full speed in down/upload. With 32 bit 2.3.2 : 200/300 Mbps With 64 bit 2.4.4 : 700/950 Mbps My line is 1000/1000

We are working on it! But things get significantly more complex if the existing config already has vlans or laggs for example. Then there's the switch config, you might set it as 8 separate ports but some users don't want that. There are many combinations. A compromise will be reached. Steve

Ok so it appears to have been an issue with our Zyxel GS1500 PoE switch. I took my phone home with me and tested it from there. It worked perfectly. Brought it back to the office this morning and it just started working. Maybe it just wanted a change of scenery or something ;-) but anyhow it's working now. My colleagues phone on the desk next to me (we're all plugged into the same PoE switch) still wouldn't play ball however. So I unplugged it, walked over to another desk and plugged it back in. Low and behold it starts working. Unplugged it and went back to his desk and plugged back in - doesn't work. Walked over to the PoE switch and moved his connection to a different port on the same switch which got him up and running. Repeated procedure for other phones (All Yealink T46G's) and now all is back to normal. So something in that managed switch (which we don't actually manage, it was left as was out-of-the box) was interfering with traffic somehow. Incidentally there are no PC's on that PoE switch only phones, that aspect sadly didn't occur to me until now otherwise I might have rebooted it for the sake of it. So thanks for help guys but it turned out to be something basic in the end.

There was a memory leak fixed in Unbound that I guess might have exhibited this. Maybe if it started swapping and got progressively worse. That should have been fairly evident though either on the pfSense dash or the VM performance graphs. Steve

Yes, 2.3.X is End of Life. There will be no further security updates for it. https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html Steve

@jimp Perfect, thank you for the details. My patch is set up to not auto re-apply after upgrading. So I am set this time. (In the past, I once reinstalled pfsense for good measures after forgetting to revert a patch because I was not sure about these details.)

@ianmc said in Old old laptop to run as router: Does anyone have any positive at all to say about a post. So what is I want to use an old version. If working then may consider a dedicated machine at a later time with an updated version of pfsense. If this is what to expect from asking genuine questions the software then maybe I could give it a miss. True. But, why are you waiting ? Install pfSense on it right now. It can be done in a couple of minutes. But keep in mind : pfSense is based on FreeBSD, it uses actually has a recent 11.2 kernel - and as you know : your PC might run (== accept) some Windows versions - but other OS's ? These devices are known to be very picky. FreeBSD might not recognize your Wifi NIC : test this first ! No one on this forum could predict the results. Still : no one can remembers what worked with your device (10 years ago) with what software. And keep in mind that the "32 bits" game is over very soon - this isn't a pfSense rule. Apple and Microsoft decides the same thing already years ago.

Thanks for the help but I decided to just stick to the working installation. I thought it would be simple to install a fresh PfSense to a different hard drive compared to jumping through extra hoops to clone it, not expecting this crazy problem. At some point later I'll clear CMOS and try again but the current drive is fine so it isn't a major priority.

Updating using the command line seemed to partially work. Now it says no packages installed. Have not tried to install packages, just happy to finally get it partially working again. Summary for those of you at home, don't plan on UI updates working. Frustrated Neil

@thewaterbug said in Restoring 2.3.4 Backup to 2.4.4: Interface Mismatch and hang . . . .: now I can import the old Backup with no errors. Once I disable the Gateway, it will boot normally at full speed. Victory! I restored my 2.3.4 config to the MBT-2220 as described, replaced the APU2 unit, and un-disabled the WAN gateway. Everything is working as expected, and my IPSec tunnels came up immediately. I had about 5 minutes of downtime. Now I can do a clean install of 2.4.4 on the APU2, use that to replace the other APU2, reinstall on that one, and then use it to replace my obsolete m1n1wall/Alix unit. Thanks for all the help!

You can set Ubounds log level in the advanced tab. If you set it to level 3 or higher you can see the queries made against it so you would see whatever it is resolving initially. Steve

I had to disable the pf via shell and then use wan ip to configure it. after the reboot I was able to connect to 10.x.x.x via lan vm browser. Thanks for the help.

@marc1701 hey marc, I am so happy to find you as I have the same exact J1900 celeron I just wanted to chime in, I was also experiencing the same issue as you, it would get stuck at boot when going from 2.3x to 2.4x, I followed your instructions and chose kernel.old (option 5) twice, the second time it booted in to 2.4.4-RELEASE , I cannot express my gratitude for your words on this forum you don't understand how much headache you have saved me, thank you so much!

Yes to both questions. You can also restore a backup between different hardware types and between factory and community versions though there are some caveats there. https://www.netgate.com/docs/pfsense/backup/index.html Steve

@stephenw10 said in config.xml during initial install - in vmware?: If attach a second fat32 formatted virtual drive it doesn't pull a config file from that? Or just that isn't a practical option? Steve I finally got it working this afternoon! At present, you must attach a second virtual hard drive, MBR-formatted (not GPT), with a FAT filesystem on it. I couldn't tell if the installer was picking up the config file or if ECL was picking it up, so I placed a copy of config.xml in both /conf and /config to cover all my bases. On macOS, I did the following: export config.xml (WITH RRD data) from existing firewall run these commands locally on your macbook with both qemu and VMware Fusion installed: dd if=/dev/zero of=ECL.img bs=1024k count=100 D=$( hdiutil attach -noMount ECL.img ) diskutil eraseDisk MS-DOS ECL MBR ${D} mkdir -p /Volumes/ECL/conf /Volumes/ECL/config cp ~/Downloads/config*.xml /Volumes/ECL/config.xml cp ~/Downloads/config*.xml /Volumes/ECL/conf/config.xml cp ~/Downloads/config*.xml /Volumes/ECL/config/config.xml diskutil eject ${D} hdiutil detach ${D} qemu-img convert -f raw -O vmdk -o subformat=monolithicSparse -S 1 ECL.img ECL.vmdk /Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager -d ECL.vmdk /Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager -k ECL.vmdk • upload the resulting ECL.vmdk file to VMware at OVH • add it as a second hard disk to the new pfSense VM • shut down the old pfSense VM • boot the new pfSense VM into the installer, off the ISO image • install pfSense • it will automatically pick up the config file from the 2nd hard disk • test that the firewall works • RE-UPLOAD the config.xml file to the firewall manually (this will restore the RRD data) • shutdown the firewall (instead of rebooting) • remove the 2nd hard disk • power it back on (WARNING: those are notes-in-progress, don't just blindly paste that in anywhere!) FWIW, the last error I made was copying the downloaded config.xml file in as-is without renaming it back to simply "config.xml". -Adam

Hi, Thanks for your answers, I suspected it. I will think about an other solution.