@hannes-hutmacher I think will be better if you save your config to xml file and then make fresh install including xml import option.
Please see https://docs.netgate.com/pfsense/en/latest/backup/index.html

@Oidar said in System update showing 2.3.4_1 as "up to date":

I have to admit I'm ashamed not following up of this earlier...

Well, if it works for you there is no obligation.
Not upgrading has a small list of advantages. But keep in mind that you can only decide to not to upgrade when you know all the disadvantages. And that list is big.
Just to name some of them :
Packages are always developed against the latest version (pfSEnse doesn't keep packages for old pfSense versions) so thee can't be upgraded neither.
Security issues !?
Functionality issues !
Often forgotten : old pfSense are not available anymore. When your system has a hardware failure, you have to reinstall - on another device probably. This forces you to make a major upgrade, and review the entire setup without really knowing what changed. All the time you gained by not upgrading becomes now a triple pay-back.

Etc etc ^^

tl;dr check if file format is .iso not .iso.gz

I'll reply to this thread even when it's old as it was one of the first which came up when googling "Operating system not found".

I spent quite awhile searching for an answer and then I realised that the pfSense ISO file, which I downloaded from official site, is in iso.gz format. I didn't notice this first as I'm working with small laptop screen and the file format was always cut from the screen.

You have to extract the .iso.gz file so you have only .iso file.

I installed pfSense CE 2.4.4 with Guest OS: Other and Guest OS Version: FreeBSD 11 (64-bit) on ESXi 6.7 U2, though I used VM compatibility ESXi 6.7.

Known by who? Is there a redmine about this? Dozens of systems?

anyone have any ideas?

Try enabling powerd in Sys > Adv > Misc.

That CPU should have Speedstep if it's configured correctly in the BIOS. That should save some power and will at least show varying clock speed. You might also get the full turbo speed. That will show as 3101MHz, the +1MHz being turbo enabled. That's actually up to 3400MHz for that CPU.

Steve

Yea it was but I figured what went wrong, I didn't have NAT GW on the AWS I thought that the AWS internet gateway was sufficient.
Anyway Thanks couldn't figure it without your help :)

@Tafy said in Failing to login to pfSense 2.4.4 terminal screen after install:

just installed it as a VM in Hyper V

Use the same access that you used to install it, to declare the WAN and LAN interfaces.
The LAN interface will be typically a virtual VM NIC.
Afterwards, fire up a browser on the host system, pointed to the IP of the LAN of pfSense.

https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-hyper-v.html

yes, I tested the routers 1 at a time directly into the fiber. not all at once with a new switch. I will do that in about 30 min. after I close the doors.

Yes, you can import your old config into newer hardware running 2.4.4p3. You will probably have to re-assign the interfaces initially.

Steve

Hmm, you might be hitting this: https://redmine.pfsense.org/issues/9267

Does it continually try to pull an IP and fail?

Is 2.127.238.131 the previous IP?

Steve

I thought that after restoring the configuration, OPT1 would be enabled and would ask the DHCP server for an IP. As it wasn't working, I assigned the em2 interface to OPT1 hoping that the system would read the xml config file and enable the dchp-client mode.

In my use case, the whole point of restoring a backup on a fresh VM is the attribution/configuration of these interfaces. Ideally I would not make any configuration before restoring.

No all of my info is learned, just like everyone else - my point is its sub 100 level info..

If you understand what an IP address is an and a network and what a router is - how do you think you can have the same network on 2 different interfaces and route between them..

Just like I don't have to tell you not to put your freaking dick in a shredder.. Did you read a doc that told you not to do that - or is is common sense ;)

Or that when you order a "coffee" that its going to be freaking hot.. JFC!! If you are to the point that you have figured out that you want to run your own router distro you should understand that you can not route between 2 networks that are the same..

I am more than happy to explain basic info to you - do you want to start at the basics of what an IP is.. My point was that anyone that has gotten to the level that they have want to run their own routing distro should know these basics - shouldn't have to be spelled out in a FAQ that you can not route between 2 networks that are the same ;)

When you get to kindergarten they expect you to know some basics.. Same should go for when you attempt to download a routing distro and route and firewall with it.. You should know what a firewall does, and what a router does - etc.. They expect you to know your ABCs when you get to kindergarten ;)

Do we need to teach you that B is after A?

no problem, best of luck in your adventures.

I followed this youtube tutorial
https://www.youtube.com/watch?v=ZwQpB5hlvD4P

and this reddit thread
https://www.reddit.com/r/technology/comments/3rt1v5/loading_pfsense_on_watchguard_xtm_5_series_model/

Hmm, interesting. Also apologies I totally missed this was 11 days old!

Steve

@stephenw10 said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:

Hmm, interesting. What's special about that then. Some odd character in there maybe that would be disallowed now but passed input validation years ago when it was added?

If you want to open a ticket and send us a status_output file I can look through it. https://go.netgate.com

Steve
done

How did you apply the patch? It should not be possible to apply it to 2.4.4p3 as it's already present. If you were able to then your install is in some odd state.

Steve

@jimp said in Upgrading from 2.4.3 to 2.4.4 new error in logs:

What packages do you have running?

Are there a lot of clients hitting services on the firewall itself?

That is probably referring to a UNIX socket, not a TCP socket, so the tunable probably won't help.

I did a grep against netstat and I could not find the pcb. The pcb is consistent upon each boot up:

Jul 9 23:54:45 kernel sonewconn: pcb 0xfffff8003f322570: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jul 9 23:52:45 kernel sonewconn: pcb 0xfffff8003f322570: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jul 9 23:48:15 kernel sonewconn: pcb 0xfffff8003f322570: Listen queue overflow: 8 already in queue awaiting acceptance (4 occurrences) Jul 9 23:47:15 kernel sonewconn: pcb 0xfffff8003f322570: Listen queue overflow: 8 already in queue awaiting acceptance (2 occurrences)

I have the following packages:

acme Avahi bandwidthd iftop nut Open-VM-Tools openvpn-client-export RRS_Summary siproxd