1: download the pfsense compressed image from a mirror e.g http://mirror.qubenet.net/mirror/pfsense/downloads/pfSense-1.2.3-RELEASE-LiveCD-Installer.iso.gz 2. extract pfSense-1.2.3-RELEASE-LiveCD-Installer.iso.gz image using peazip or winzip, you should be left with an extracted pfSense-1.2.3-RELEASE-LiveCD-Installer.iso file, dont try to extract this file any further, I think this is where youre going wrong. 3. burn using imgburn http://www.imgburn.com/index.php?act=download or your favourite cd burning program, dont use the windows in-built program, it cant burn ISO images let alone make a bootable CD. if you use imgburn, choose the option "Write image file to disk". Slam

Thanks, that helped.

Not that I've seen, have you tried Firefox on another machine? An extension or any number of other issues could have broken your file upload in Firefox.

You are on ALIX, as you said. That page is for a WRAP. You likely just need a BIOS update, which is also on the doc wiki, complete with a CF image that has the BIOS update on it. http://doc.pfsense.org/index.php/ALIX_BIOS_Update_Procedure

Hi all, similar problem here. First time I try to install a pfSense and i get a similar hang right before booting. The hardware is an ALIX 2D1 (bios 0.99) board which i run with a 512MB CF on which i installed the pfSense-1.2.3-RELEASE-512mb-nanobsd.img using the usual install procedure (dd under linux) After starting the ALIX, i get the bios dump and then the system stalls right before boot: 1 FreeBSD 2 FreeBSD Boot: 1 And the system adds every 15sec. a sharp symbol after the 1 .. I juste installed the 1.2.2 version and it runs perfectly fine!  :-/ I'd be glad to install a smaller version (i.e. 128MB) but the smallest one is the 512MB one. Thanks for help.

So I think I got it working - either one of the following changes (or both) got things up and running on my system. Disabled LBA for the hard drive. Unselected packet blocks during setup. Thanks.

So far so good.  It looks like the checksum thing was it.  Thanks so much for your help Bob.  I really appreciate it! My luck with these things never ceases to amaze me.  The main reason I bought the intel 100's was due to their practically legendary status in the nix world, and then when I go to use them they are one of the broken ones. lol

I have to admit, this is the single biggest gripe I have with pfSense. Many times, I install pfSense inside a virtual machine for testing with no other LAN connected hosts. While you can easily enable SFH via the console window, getting into the web GUI is a different story. In fact, you need a host with a GUI running on the LAN network in order to access pfSense to create the necessary rules to allow WAN clients access to the web interface. ARGH! Luckily, we have an easy workaround.  Here is what do to: Install pfSense  on your target machine Unless your WAN gets a DHCP address, you will need to manually assign the IP Address of the WAN interface:  –> Get to the CLI (option 8 )  --> Type "ifconfig en0 10.20.30.40 255.255.255.248" (substitute en0 for your WAN interface and use the correct IP Address/Mask)  --> Type "route add default <default-gw-ip>"  --> Type "pfctl -d" to temporarily disable the packet filter Point your browser to your WAN IP address then login as admin/pfsense Once you have done your initial configuration, MAKE SURE to enable the packet filter again (CLI --> "pfctl -e") Note - you may have to disable the packet filter a few times because changing GUI options will automatically enable the packet filter. In fact, I just installed pfsense in a new virtual machine today and did the exact steps above. Hope this helps...</default-gw-ip>

@wallabybob: Danswartz: …my take on why someone might be interested in this: Suppose you are on a restricted budget !!! come on, say it…'if you're a cheap skate u might want to do this'...  ;D @wallabybob: and you have a wireless modem to cable or ADSL. You have discovered the limitations of the cheap versions of such modems and have scrounged a system to run pfSense and like pfSense.  But you still need wireless access and because of your limited budget (money, slots, equipment, whatever) you want to know if its possible to use the wireless hardware support in the modem you already have but want pfSense to have some control over the wireless traffic. Well there are many scenarios… I am a cheapskate often <oh dear,="" my="" secret="" has="" been="" exposed="" in="" first="" post="">, but not with hardware. If I have no budget, I go old over good rather than new but crap.  I do prefer minimal hardware and smart config (a bit too much I do admit) too, as this is a way to improve one's code (and waste days aimlessly hacking...). The absolute reason in this case is: I don't want to have a built-in WiFi interface as the box is a ESX host and won't support it probably, pass thru USB would suck and have to be in the DRP.  Another wireless router in addition to the ADSL gateway... no, because it uses more power to load the UPS, generate heat and add ongoing cost and dependability.  (I like to have two of everything- so I don't want 4 commodity routers if instead I can have 2) @wallabybob: Or, maybe you are fairly new to networking and just want to see if you can make the suggested configuration work - as a learning exercise. Indeed. There are a few reasons… @wallabybob: … using the ADSL modem with wireless support would have allowed the wireless connected systems to bypass the pfSense firewall Hmm.  If they were on a VLAN it'd be harder, but yes security here is a major compromise.  For me, the reason is less the WiFi AP. The more I thin about it, the more I'd like to use the Billion's VoIP gateway… for others it might be USB NAS, or VPN... Anyway, you know 'what they say about justifications and statistics!' I'll report again once I can get a decent night's hacking done :)</oh>

You can't create a directory on a ro filesystem, but you can mount to an existing directory (make sure it's empty first). Or you may be able to temporarily mount your rs read-write. I'm less familiar with BSD's mount, but you could try something like 'mount -oremount,rw / && mkdir /mnt && mount -oremount,ro /'

No, it doesn't work that way. For one, because there is no compiler on pfSense, and also because upgrading various components could lead to breakage as often config file formats and behavior change between versions that would be unexpected. The system is released as a whole because it's tested and known to work. If there is a compelling (e.g. security) reason to upgrade a tool such as lighttpd, it may warrant a new release or get upgraded in the development version. If you want to try to build an updated version, you can do so on another FreeBSD box or VM as described here: http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso

@scottnguyen: FREEBSD works fine with unetbootin Is that from a FreeBSD ISO, or by selecting FreeBSD from the menu.  Because, when you select FreeBSD from the menu, you get a "packaged" version of FreeBSD, that someone has specifically built to be usable in unetbootin. Cheers.

Same problem with my DC5850 and latest livecd (pfSense-2.0-BETA1-20100308-2107.iso.gz ) Also the same on HP DC5750 Any help appreciated JClausen

Bear in mind that I have not tried or tested this, but here is a sample pfi.conf file from the server. It just shows available options and such: ####################################################################### # $Id: pfi.conf,v 1.10 2005/07/09 00:07:07 cpressey Exp $ # Defaults for pfi.conf. # A space-separated list of what services to restart when we are done # changing options.  The services are the base names of RCNG scripts # (i.e. without the "/etc/rc.d/" prefix.)  Note that these must be # given explicitly in the same order they would normally be started # by rcorder during RCNG (e.g. "netif dhclient sshd"); they are not # automatically ordered by their dependencies here. pfi_rc_actions="" # Determines which installer frontend to use.  Defaults to "curses"; # other legal options are "cgi" and "none". pfi_frontend="curses" # Determines which installer backend to use.  The standard backend # is now the Lua backend, but this can be changed, to start an # alternate backend.  (See example #4, below.) pfi_backend="/usr/local/bin/lua50c51 /usr/local/share/dfuibe_lua/main.lua" pfi_backend="$pfi_backend option.booted_from_install_media=true" # When using the curses frontend: # Set the amount of time, in milliseconds, which must pass after # the 'ESC' key is pressed, in order for it to be recognized # as a plain 'ESC' keystroke, and not part of an escape code. pfi_curses_escdelay="150" # A password to set as the root password on the LiveCD, if any. pfi_set_root_password="" # Control corresponding sshd options.  To make sure sshd restarts with # these options, add "sshd" to pfi_rc_actions. pfi_sshd_permit_root_login="NO" pfi_sshd_permit_empty_passwords="NO" # An script to run before the installer.  It is assumed this script is # located on the pfi media.  While it is run, the media's root directory # is mounted on /mnt. pfi_script="" # A program to run before the installer.  It is assumed to reside on # the LiveCD; /mnt is not mounted. pfi_run="" # What transport layer the DFUI in the installer should use.  Valid # values are currently "caps", "npipe", and "tcp". pfi_dfui_transport="tcp" # User to automatically log in as, or "NONE". pfi_autologin="NONE" # Command to use to reboot.  "shutdown -h now" is typically used # interactively, to give the user a chance to eject the disk, but # "shutdown -r now" can be used for headless operation. pfi_shutdown_command="shutdown -h now" ####################################################################### # EXAMPLES # To use one of these examples, extract it to a text file and remove the # leading pound-signs.  Copy this text file to the file "/pfi.conf" # on a floppy disk or USB pen drive (hereinafter referred to as "the pfi # media") and have that media inserted or attached to the computer while # you boot from the installer CD-ROM.  The installer will attempt to # locate this file and, if found, will use the variables present within it # to configure the installer boot process. # This file has the same syntax as /etc/rc.conf, and it can contain any # setting which is meaningful in /etc/rc.conf as well.  Any rc.conf # setting which is given will only be obeyed, however, if the RCNG script # to which that setting applies is named in pfi_rc_actions. # EXAMPLE 1: # Boot the installer headless, configure the network interface dc0, # and start the CGI frontend. # # ifconfig_dc0="DHCP" # pfi_rc_actions="netif dhclient" # pfi_frontend="cgi" # pfi_autologin="installer" # pfi_shutdown_command="shutdown -r now" # EXAMPLE 2: # Boot the installer headless, configure the network interface rl0, # and allow ssh'ing into the box as root with the password "sekrit". # # ifconfig_rl0="DHCP" # pfi_sshd_permit_root_login="YES" # pfi_set_root_password="sekrit" # pfi_rc_actions="netif dhclient sshd" # pfi_frontend="none" # pfi_autologin="installer" # pfi_shutdown_command="shutdown -r now" # EXAMPLE 3: # Boot the cd and setup a PXE/TFTP/DCHPD server environment # so that clients can boot from the network and enter the installer # # Enable tftp and NFS services with pxeboot and a kernel available via # tftp and the CD's root mount available via NFS. # # pfi_boot_tftp_server="YES" # pfi_boot_nfs_server="YES" # pfi_boot_pxeserver="YES" # pfi_boot_ipserver="YES" # pfi_option_subnet-mask="255.255.255.0" # pfi_option_routers="10.0.250.1" # pfi_filename="pxeboot" # pfi_ddns-update-style="none" # pfi_option_domain-name="domain.com" # pfi_option_broadcast-address="10.0.250.255" # pfi_option_domain-name-servers="192.168.64.3" # pfi_server-name="DHCPServer" # pfi_server-identifier="10.0.250.50" # pfi_default-lease-time="7200" # pfi_max-lease-time="7200" # pfi_subnet="10.0.250.0 netmask 255.255.255.0" # pfi_next-server="10.0.250.50" # pfi_range="10.0.250.29 10.0.250.250" # EXAMPLE 4: # Revert to the traditional, C language backend. # # pfi_backend="/usr/local/sbin/dfuibe_installer"

Ok I have just bitten the bullet and installed the latest upgrade. As tommy said the update just happened the system re-booted and voila an up to date pfsense. All rule sets in tact everything as it should be. Great stuff people not to mention I now have access to a reactive snort package which seems to be working very well. I really am as happy as a pig in sh"! (pun intended)  ;D If someone is using snort could they tell me if adding just my trusted wan ip's to the white list will restrict vpn access to just those ip's. I couldn't find a way to do it from the pptp page (see my post in the pptp list). Regards Sam

i was since you were the only one helping me. Its burned you twice huh, doesnt sound too good. I still think this is related to my upgrade as it didnt do this on 1.2.2, I will ask it on the snort board. Thanks for your help at least the connectivity issue is solved, if i cant use snort im not going to worry as it isnt critial to me.

Thank you for answering my question. I am not able to change the far side of the tunnel at all. How would I supply multiple 'peer' addresses? would authenticating to the IPSec as a seperate users on each of the WAN's do that?