as far as i know there aren't any of anything between me and the internet, unless my isp is doing something funky… i'm plugged directly into the fibre node termination point in my house. ubuntu and raspbian have no issues running apt-get updates. got this twice trying to install open-vm-tools:- 678460032:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:518: and if i try an manual upgrade in the console i get this:- [2.3.2-RELEASE][root@pfSense.localdomain]/root: pfSense-upgrade -d Updating repositories metadata… Updating pfSense-core repository catalogue... pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 678460032:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_pk1.c:103: 678460032:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_eay.c:705: 678460032:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_verify.c:218: 678460032:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Unlocking package pfSense-kernel-pfSense... Unlocking pfSense-kernel-pfSense-2.3.2 **** WARNING **** Reboot will be required!! Proceed with upgrade? (y/N) Aborting... Locking package pfSense-kernel-pfSense... Locking pfSense-kernel-pfSense-2.3.2 [2.3.2-RELEASE][root@pfSense.localdomain]/root:

same problem here, hdd, 32bit

Here's what I did that seemed to have gotten me back to the working original repos for my SG-4860: Changed my pfSense-repo.conf per tl1964's post above from the firmware.netgate.com url to the pkg.pfsense.org url. Ran the updater again from SSH with success in getting to 2.3.2 Changed the pfSense-repo.conf back to the original url of firmware.netgate.com (using http, not https) and removed the following lines from the conf file: signature_type: "fingerprints",   fingerprints: "/usr/local/share/pfSense/keys/pkg" Ran the updater from SSH again Modified the conf file, putting it back to the firmware.netgate.com url (using https, instead of http) Ran the updater from SSH again Modified the conf file one last time, adding back the signature and fingerprints lines Seems to be good now.  No more "No trusted public keys found" messages and no "Unable to retrieve package information" messages. The AWS and IOS VPN packages show up in package manager. Not sure if this is what you are looking for, but hopefully it may help.

Haven't found any. I've asked the supplier, waiting for a response.

Hi, pppfsense I had the same - took aeons, but updated successfully. If you have huge fanbase, huge trafficsurge, so need much bandwith, what do you do: You buy more. So, where does the money come from? think… And also this: Every single update i did on my pf-boxes allways (yes, i go with the 100% here, a very seldom but honored, valued 100%) went through, even remote, since i use pf, on first days and also later (second and thirday max). Don't know what happend with yours, but from my end, it looks good here - you might want to consider your statement about robustness and testing... And yes, with zyxel, sonicwall fortigate cisco .. name em...and so on, it can happen (too) now and then - even got briked several times, and payed for several times (resp. customers paid for). That why i ended up here.

Just upgraded via console (option 13) - since I use a SSD it updated very quickly  8)

Hi cmb, thanks for your description. I have decided to stay on the version now, though you mentioned it is same. BR WKN

VIPs and 1:1 NAT definitely all work fine. Packet capture, see if the traffic is coming into your WAN at all. I'm guessing it's not, and you're not seeing any ARP requests on those IPs, likely because of upstream ARP cache on your ISP's router.

It was indeed the NIC.  Or possibly the slot the NIC is in.  Unfortunately, the small board I have only has one x4 or larger slot, so I can't try it in another.  I got a replacement 2-port card that uses the x1 slot and that works fine boot after boot. Thanks again for the help.

I had this same issue when trying to upgrade from 2.3.1 to 2.3.2 last night. After the update on the first reboot I received the same error message. Tried another cloned HDD and SATA port and the issue remained. I reinstalled 2.3.1 on the exact same drive and restored my configuration to solve the issue. I will likely wait until the next update before trying again.

Missed the ps auwwx command and ended killing the process on both machines. I rebooted the secondary so I'll wait for it to happen and will get the ps output. Thanks. @cmb: What exactly is that pkg command that's running? ps auwwx|grep pkg

There was a server issue that was addressed earlier today that was causing slow downloads. It's been fine for a bit now.

Thanks Jorge, it would probably worked… :) But I solved it doing a SSH connection (using putty) and then picked option Update from console And it Worked now all is fine :)

Fixed.

I entered the gateway and reboot the server. Now I can go to the internet. Thank you very much phil.davis for your help and patient.

So ICMP (ping) works and DNS also works (port 53 UDP/TCP) but ordinary web-browsing does not work (TCP port 80 and 443). If there is traffic coming back from your browser actions that is being blocked then that means the states are somehow not being created (or not created right) when the initiating browser request packets go out through pfSense. Your description of all your settings sounds fine and should "just work". Do some packet capture to know exactly what packets are received on LAN, sent out WAN, and what comes back in to WAN. That will at least make you confident in what flows where and how far. Then when you are really stuck, post screenshots of settings, as there must be something odd that you have accidentally done.

Awesome, I will try that. Thank you!

I hate to dig up the thread just to say "me too" but this thread accurately describes my problem. My specific WAN card is an Intel PRO/1000 PT Dual Port Server Adapter - network adapter - 2 ports (EXPI9402PTBLK). Happy to provide whatever other information would be useful. Any updates on this issue? I am running pfSense 2.3.2. Would the same issue affect a Intel Pro/1000 PT Quad port D72468 39Y6137 NC364T 10N8556 EXPI9404PTG2L20 D57995?