NAT issue?

As well was firewall rule(s), you'll need NAT for your VLAN 50

Incidentally, running a DHCP server on the Unifi box for VLAN 50 doesn't work very well - make sure you're running DHCP server for the VLAN on the pfSense box

@rbrtpfsense No you should not be concerned. This only indicates that you have not turned it on (Active) If you use EAS-NI crypto engine in your ipsec, then switch it on if needed. It's informative status of cryptoengine usage.

@johnpoz said in Ssh changes in 2.3.2 ?:

Not sure exactly what your looking for - but here is a blog post by the person that brought chacha20 to openssh and has some reasons why he did so, etc.

http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
Thanks @johnpoz good article. I hadn't heard of these before.

There was a post that listed which algos were best/safe for OpenSSH-can't remember what else. Something with general best parctices would be helpful.

Honestly, I don't know how to do anything with a blown up sbin. Some things might work, some not. The best answer is "don't do that." The file you want is /cf/conf/config.xml.

Does that happen for any log file, or only the system log file?

Have you changed any log settings such as the log file size or the number of lines displayed in the firewall GUI? Go straight to the log settings page, /status_logs_settings.php, and check.

I jumped 2 or 3 versions (don't remember), because I'm not on site, and I don't like to make updates remotely. this time I did and it confirmed the reason why I don't do them... I was locked out of my remote site... I will try to analise this and report back...

Thank you

What version were you running before the upgrade?
Can you post the contnet from /conf/upgrade_log.latest.txt?

hi, this caused me mass headaches too. Ive reverted back to 2.4.3 no p1. Didnt fancy patching things. Id have pulled the release and re-issued as I noticed that even with the issue the firewall was still passing traffic but was just completely open in some instances. :/

Yes. I just "got er dun". It took me a few attempts as I had a new 8GB USB drive which would not take the 1GB image. I switched drives and it worked like a champ. I'm back on the latest release image.

I can't check atm but I do remember vaguely that dtrace also requires a kernel option or a src.conf option or both to work

Solved it myself, turned out that there was some false metadata saying this was part of an array (it has never been, so I have no idea how). I used
graid remove Promise ada0 and it destroyed it. Now it's installing.

Well if your the owner of the this box, ie take a "modem/router/gateway" if this provides dhcp to your current network and you want put pfsense and your network behind this "box" then you can just let pfsense use dhcp on its wan (which is the default) or you could set it to be static depending on the network currently behind your "box"

That would be up to you.

Normally pfsense would replace this "box" and get dhcp from your ISP via a modem or a gateway in "bridge mode" so that pfsense gets a public IP on its wan from your ISP. But it does not have to be on the public internet it can be behind your box doing nat.

Then in general you would place the rest of your network behind pfsense. Where you could use the default network on pfsense lan of 192.168.1/24 or set this to be whatever you want. The only thing to make sure of is that network on the lan does not overlap the network on the wan of pfsense.

@crotalus said in Change autoboot_delay value:

If I add an entry in /boot/loader.conf.local

That is the correct procedure, but there was a bug, which has been fixed for the next release.

If you need to reinstall on an APU (first or second gen), the amd64 serial-memstick image is what you'd need.

Thank you for your patience!

I also tried the instructions on this link:

https://www.netgate.com/docs/pfsense/hardware/forcing-a-filesystem-check.html

For the "full install" shell command I get "Read-Only system"

For the 2nd set, I get "Fatal Error Unable to creat lock file: Bad file Descriptor (9)"