"it would be in bridge mode so the pfsense assumes the ip publica."

Then it wouldn't be routing now would it..  What what is your question?

Sounds like you are looking at the wrong console.

Usually the last thing it will report is ' trying to mount root…' and then you only see system messages such as link status changes. At that point the output switches to the primary console only until bootup completes.

So if you're looking at a video console check serial is vice versa. Or force the primary console to the one you are looking at:
https://doc.pfsense.org/index.php/Boot_Troubleshooting#Booting_with_an_alternate_console

Steve

The auto created Firewall rule on the WAN interface :

wan2.PNG
wan2.PNG_thumb

What is the hardware spec you are running Pfsense on?

@rbird:

We were running 2.2.5 or 2.2.6. Upgraded to 2.3.4_p1.  About one week after the upgrade the ipsec tunnel started acting up.
It is connected to a pfsense 2.3.1.  After 1-2 hours the vpn status shows as established but I lose ping to the remote server.  A quick disconnect/connect fixes it but I can't have this happening all the time.

Thanks
Roger

I'm having the same exact problem on one of IPSec tunnels. IKEv1 from my pfSense 2.3.4p1 to an OpenBSD on far end. Traffic works perfectly, then at about 2 hours, all phase 2 traffic stops but the tunnel stays up. It's almost like tunnels are not getting torn down and re-built after a re-key/re-auth. If cycle the tunnel, everything comes back, then at 2 hours nothing. (oddly, all of my IKEv2 tunnels don't have this problem, all of those are pfSense > pfSense). This is a site-to-site IPSec, not a VPC.

I checked for duplicate routes, and there aren't any. I'm not seeing anything logs pointing to any clues as to why this is happening. I thought this might be related to this issue: https://forum.pfsense.org/index.php?topic=135557.0

However we're not using OpenBGP (it's not even installed) and we don't have any tunnels to VPC.

Neither of us are seeing any logs on either side giving us an idea as to why everything would work fine then stop suddenly around the 2 hour mark. Any assist as to how to troubleshoot this would be great. Thank you.

@dbstore:

If I try to download that file from a browser I receive the same error.

You cannot test this with a browser, there's no A/AAAA record for that.

dig srv _https._tcp.pkg.pfsense.org ; <<>> DiG 9.11.2 <<>> srv _https._tcp.pkg.pfsense.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53242 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_https._tcp.pkg.pfsense.org.  IN      SRV ;; ANSWER SECTION: _https._tcp.pkg.pfsense.org. 60 IN      SRV    10 10 443 files01.netgate.com. _https._tcp.pkg.pfsense.org. 60 IN      SRV    10 10 443 files00.netgate.com. ;; AUTHORITY SECTION: pfsense.org.            300    IN      NS      ns1.netgate.com. pfsense.org.            300    IN      NS      ns2.netgate.com. ;; Query time: 152 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Sep 23 12:06:26 CEST 2017 ;; MSG SIZE  rcvd: 181

https://files00.netgate.com/pfSense_v2_3_4_amd64-pfSense_v2_3_4/All/pfSense-pkg-openvpn-client-export-1.4.3.txz
https://files01.netgate.com/pfSense_v2_3_4_amd64-pfSense_v2_3_4/All/pfSense-pkg-openvpn-client-export-1.4.3.txz

Anyway, the file is just not there.

Mmmm….. Interesting. I wonder WTF I did then, I'm sure I didn't hallucinate ! I wish I still had the board to try it again

I see dpinger restarting a number of times, like the WAN was unplugged or some change was made. I only see one alarm there though and it's on WANv6.

If there is some packet loss on WAN though that would obviously be a problem.

Steve

In what slot have you installed the mSATA disk? Make sure you use the middle mSATA slot, closer to the ethernet ports. Your mSATA SSD may not be supported, what model do you have?

please clarify what you wish to achieve … don't try this with ascii-art, draw a proper schematic.

@Gertjan:

Wait !

So, when choosing the automatic installl (hides all the technical details) it decides to make a 40+ Gb swap ? On a 32 Gb RAM system ….
For info : on my 3 Gb system it never uses the swap.

Yes, the installer makes the swap equal to 2xRAM. I have 16GB ECC RAM in that machine, so it made a 32GB swap. Someone should change that installer to ignore 2xRAM if the machine has enough for three reasons:

It's a very old formula for deciding the size of the swap, when machines tended to have very little RAM. I am talking MBs not GBs

For a machine that has enough RAM, swap isn't used much especially for a machine which is up 24/7 which pfSense would be.

swap may be used in desktop OSes for hibernate etc, but for an appliance like pfSense, it's not used as much as indicated by many users here.

@Gertjan:

Btw : on a device like a firewall I would have opted for a raid 1 …. Knowing that you use 'old' drives ;)

That would require me to have 2 drives. The only other 3.5" drive I have is a 500GB that I keep as emergency replacement for my FreeNAS box in case a drive fails. Also, wasting a 500GB drive for pfSense seems like a waste to me, especially since even 80GB would be more than sufficient for what I need it to do.

Scrap that, i found it under system/routing/gateways/advanced

Thanks again

Well, not much more to do then. It's a ~12 year old laptop. Maybe try a verbose boot of 2.3 and see if you see anything more, but it sounds like recent versions of FreeBSD do not like that hardware. 2.2.x is based on a much older version of FreeBSD.

well, now they do  :o
Thank you very much  :-* ;)
solved!

""Bridge LAN ports to act like a switch".. but will just get a switch."

Good choice!

Hi,

It's not immediately clear what you are connecting here but the short answer is no. pfSense will block all incoming traffic on an interface by default so unless you add rules to allow traffic between those subnets it will not pass.

If we had a diagram of what subnets you're connecting and a description of why we could probably offer more insight.

Steve