Below is the working route/gateway table. Firewall rules used to push traffic to VPN Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS em0 1.1.1.1 10.156.0.29 UGHS ovpnc3 9.9.9.9 10.156.0.29 UGHS ovpnc3 10.156.0.29 link#9 UH ovpnc3 10.156.0.30 link#9 UHS lo0 46.182.19.48 192.168.0.1 UGHS em0 81.3.27.54 192.168.0.1 UGHS em0 91.xx.xx.xx 10.156.0.29 UGHS ovpnc3 127.0.0.1 link#6 UH lo0 192.168.0.0/24 link#1 U em0 192.168.0.234 link#1 UHS lo0 192.168.20.0/24 link#2 U em1 192.168.20.5 link#2 UHS lo0 192.168.21.0/24 link#4 U em3 192.168.21.5 link#4 UHS lo0 Table from where is does not work. Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS em0 1.0.0.1 10.149.0.13 UGHS ovpnc1 1.1.1.1 10.156.0.29 UGHS ovpnc3 9.9.9.9 10.156.0.29 UGHS ovpnc3 9.9.9.10 10.149.0.13 UGHS ovpnc1 10.149.0.13 link#10 UH ovpnc1 10.149.0.14 link#10 UHS lo0 10.156.0.29 link#9 UH ovpnc3 10.156.0.30 link#9 UHS lo0 46.182.19.48 192.168.0.1 UGHS em0 81.3.27.54 192.168.0.1 UGHS em0 85.xx.xx.xx 10.149.0.13 UGHS ovpnc1 91.xx.xx.xx 10.156.0.29 UGHS ovpnc3 127.0.0.1 link#6 UH lo0 192.168.0.0/24 link#1 U em0 192.168.0.234 link#1 UHS lo0 192.168.20.0/24 link#2 U em1 192.168.20.5 link#2 UHS lo0 192.168.21.0/24 link#4 U em3 192.168.21.5 link#4 UHS lo0 This is the traceroute (which works) from when both VPNs are up. traceroute to mintlinux.mirror.wearetriple.com (93.187.10.106), 30 hops max, 60 byte packets 1 10.156.0.1 (10.156.0.1) 30.850 ms * 30.785 ms 2 * v741.ce01.ams-01.nl.leaseweb.net (37.48.118.60) 30.738 ms * 3 * ae-5.cr01.ams-01.nl.leaseweb.net (81.17.33.128) 30.667 ms * 4 be-111.bb03.ams-01.leaseweb.net (31.31.38.200) 30.622 ms * be-112.bb03.ams-01.leaseweb.net (31.31.38.204) 30.578 ms 5 * triple-it.telecity2.nl-ix.net (193.239.116.57) 37.565 ms * 6 mirror.wearetriple.com (93.187.10.106) 37.501 ms 25.516 ms * however, this is the error from the linux package manager and as i say, on the whole http browsing works. Failed to fetch http://mintlinux.mirror.wearetriple.com/packages/dists/tessa/InRelease Cannot initiate the connection to mintlinux.mirror.wearetriple.com:80 (2a00:1f00:dc06:10::106). - connect (101: Network is unreachable) Could not connect to mintlinux.mirror.wearetriple.com:80 (93.187.10.106), connection timed you can see it is resolving in the application error message, so i don't think it is a dns issue. If i shutdown either of the VPN clients, this will work.

Ah, great. Coming from 2.3.4 or earlier can be a bit sketchy. There are several repo and upgrade package updates that need to apply before you see the 2.4.X updates. Glad you were able to resolve it. Steve

@zdevlor said in Unable to install packages looks like certificate error: how do i do that with no access to the repo With no access, this file pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or director can't be loaded, so it can't be found. A WAN connection need to exist to update/upgrade.

Reading the guides we have posted is the best bet. Verify your hardware will work with 2.4.4-p2, we no longer offer support for 32bit OS, nor Nano images. When that is done, I would suggest doing an install and restore: The fastest path to getting onto current with less issues will be to take a backup right now (Diagnostics -> backup and restore, download XML). Downloading the latest/greatest, install, and recover. Depending on hardware this will be under 15 minutes. If you go the upgrade route you might be waiting over 30 minutes depending on what's going on.

Thanks for the reply sorry I wasn’t clear the other config was for a PF sense box that I have that is already up and running I was hoping I could put the config on the system that I couldn’t get to access the Internet and try it that way even with the config from the working PF sense box it still was not able to connect to the Internet at this point I’m at a loss I reset the config several times the only thing that I haven’t tried yet is downloading a fresh copy Any other ideas? What would a good firewall entry look like

@gertjan said in Users on the LAN network do not surf the internet: Hoho : No bad mood at all on this side. All reflexions are here to help you. Remember : we all have been there - and most of us seen it all already. We're all expert in doing this fast, good and stable (so you can pass on to other things fast !) Thank you so much for your encouragement. I also thought about abandoning Virtualization, because that's the problem in my opinion. Thanks again

Okay, I'm reading everything documentation, but squid is not working. my version is 2.4.4-release-p2. I thought I had to upgrade squid

pfSense is not configured to support multiple disks other than hardware raid or geom mirrors (or ZFS pools). There is no provision to mount additional disks in the GUI. It has been done before but some custom scripting is required to make sure services relying on additional disks are handled gracefully should the disk not be mounted for example. For logging you can install the syslog-ng package and specify the storage location on another disk. Then export the pfSense logs to it. Again though you can edit the fstab to mount that but it may be overwritten. Hosting a syslog server externally is the recommended way to go. Steve

Which SSD type is it? mSATA or 2.5" SATA? If it's mSATA be sure the slot you are using in the other machine is actually mSATA and not mPCIe. Steve

@jimp , much appreciated! your old post made here Re: Packages disappear overnight after system restore led me to the solution straight-away. It was driving me nuts. For me the browser auto-filled in the "System-Advanced-Miscellaneous" proxy info. Thanks again!

Hi, Yes I had tested it multiple time, but you can guess what, it works now :( I dont know what else to say Thanks

I fixed the backup and restore by downloading the file from the master on Redmine. I'm still getting the javascript line appended to the config.xml before applying the patch. The patch worked, backups look good again. Thanks!

If you are coming from 2.4.2 or 2.4.3, I would uninstall all packages first, then upgrade, then manually add them back once you are on 2.4.4. If you follow all of the recommended steps at https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html you should be fine.

Through a packet capture on interface facing the radius server, I found that the ip address was malformed and radius server was dropping the access-request packet. This was a great discovery, as I found the line 218 in radius.php file is not the problem. I have been asking for NAS-IP-ADDRESS support in the Radius client for what seems like years. They finally added it to the Radius process as a valid attribute, but from what I can tell, it defaults to the WAN interface, which for me also happened to be dhcp. With the services starting and dhcp not yet available, the line 218 failed to find the dhcp address and in return failed on line 218. Fix: Assign the interface facing the Radius server as the NAS-IP-ADDRESS, which is most likely your LAN interface and should be "static". This change should be done under System>User Manager > Authentication Servers > (edit) Radius Server> Choose NAS-IP-ADDRESS interface from drop down menu. Note** Traffic from FW Radius Client sources from the egressing interface of firewall. This ip address does not have to match the NAS-IP-ADDRESS, but should be same for ease of configuration on Radius Server.

I have the same issue, last week i upgraded to 2.4.4-p2 from 2.4.4 on both my nodes but master now warns "A communications error occurred while attempting to call XMLRPC method restore_config_section" I tried to uninstall/test/reinstall pfblocker and snort without success. Removing both services reports same XMLRPC error. Changing pf rules on master replicate as usual on backup Changing pfblocker rules on master does not replicate on backup At the back i have several years of working HA since pfsense 1.2.3 and no conf changes has been made since then. I think is a 2.4.4-p2 specific issue because i also had for weeks a well synced 2.4.4 with a 2.4.4-p1. Any idea?

Looks like it didn't fully or properly upgrade from <= 2.4.3 to 2.4.4 or later. It has some parts of PHP 7.2 and some of 5.6. From the shell, run pfSense-upgrade -d and see if it finds anything more to do.

Another thread on this topic I'm aware of: https://www.dslreports.com/forum/r30908033-Bypass-Google-Fiber-Box-How-To-pfSense Hope this helps.

@rico Yes, lesson learned.

@nick13 - I figured it out. It appears after the switch from the USG to pfSense, my Windows 10 VM changed my network firewall settings within Windows from Private to Public. Once I switched it back to Private everything worked.