You can also see install guides for the Netgate version of these products, which is a bit more up-to-date than the Wiki and uses CE in its examples: http://netgate.com/docs/rcc-ve-8860/pfsense.html

Ha! I solved the bastard! I will explain how, in case someone else encounters the issue (old ThinkPads make great pfSense machines!). Turns out historically FreeBSD has a problem with second IDE channel of ThinkPad X40. Having it enabled was causing more than just this problem  - but I'll get to that in a second. Method 1: Adding hint.ata.1.disabled=1 to /boot/loader.conf.local seemed to do the trick. However things are not exactly as they seem. It appears the second IDE channel of X40 can randomly get higher assignment than 1. Hence, it will still freeze at occasional boot. To prevent that, lets add this instead: hint.ata.1.disabled=1 hint.ata.1.disabled=2 hint.ata.1.disabled=3 hint.ata.1.disabled=4 Side note: you might have to add hint.agp.0.disabled=1 to the list above to solve another unrelated issue with booting caused by an old VGA card, like the one in X40. So that covered the booting problem! BUT the channel was still enabled on hardware level, which was causing another issue: impossibility to reboot or shutdown the machine, because it was freezing on the last shutdown stage. It was necessary to do hard power-off by holding the power button. Obviously, this is not an ideal scenario on a remote router. Therefore Method 2: I disabled the second channel using IBM's DOS config program (like so: https://forums.pcbsd.org/printthread.php?tid=4257 ). I edited Win98SE boot ISO and added PS2 to it. It is attached to this post (hope that's ok), so just boot from it, change drive to C: or D: and run PS2.EXE IDE2 DISABLE Et voila! So finally the system seems to be working fine! (At least after limited testing. Knock on wood..) IBM_config_utility_ps2_bootdisk.zip

I have FiOS and it's an ONT. I'll take a look when I get home to see if that can be reset.

Ah, great to know that.  Thanks!  8)

So why not check to see what your getting back.. openssl s_client -connect pkg.pfsense.org:443 [2.3.2-RELEASE][root@pfsense.local.lan]/root: openssl s_client -connect pkg.pfsense.org:443 CONNECTED(00000004) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.pfsense.org verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFTjCCBDagAwIBAgIQG1r/78gt1gbpG+qPmcKZxzANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0xNTA4MTcwMDAwMDBaFw0xODA4MjIyMzU5NTlaMFoxITAfBgNVBAsTGERv bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls ZGNhcmQxFjAUBgNVBAMMDSoucGZzZW5zZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDIzOkrFy7AHTUWqJdIF2IvDtTM8X3RTb8O52QG8sAokDCv u+ad3wgPCboJhUvLwDB9bUZ+/JIOV2tMNzcJ2h6IPRRfh/2RMV+aI3cdWgKxmB5d sZUZp22Tviwol145Ty5lEVkRFLVn6y5MLgj2Pju4q5hEUPBjoiMpufeyHM/NnWf0 IWtuDFB+VlaApXnnpxhMejChdBQeAdUV6QZcHvQiVXn+EnQaj4l+kwwxaS+GwLA6 TVC988yood/FG3yMu7RLgS6a9CeJ8f4SpGifg0JouTU5iR02MQwLyUhESQcl9yQ/ ANERGLM7+giyJvAD9jpj/ErnZINgBmu+RpzK4NDbAgMBAAGjggHXMIIB0zAfBgNV HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU3bK8mIZpBTqH JyRIxOK5ArpV220wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCUGA1UdEQQe MByCDSoucGZzZW5zZS5vcmeCC3Bmc2Vuc2Uub3JnMA0GCSqGSIb3DQEBCwUAA4IB AQAhtYwrG8qpDDN3R+BkuRfULnzy3DB7MbzSukmtLo3QNrimOfuWepUKqa6Vabm6 JrIGle0ehemGp3S6jWAS54FZnViobgaiQ4qYqXlNaCT73qHNSIGDszQBov6oHNo1 aa+s+7e4hN5+fXnX9uscZ+afFfKHS8j4kg21pNEg5r3lIZg4flc5DtDhxeSor/0b 9jx8D4yus/py2xnM9jy8z1C8EXpQPR+5PvMTpfEVJTgX4y+6P+9t5TEc+hgioGZQ GfFDnI0On9A0BYfpjnRKs8o2Y+7OEmSoAA3/fe8vOBaTLpGn5HGZJOj8QPmgud49 oML3RbMw4y2L6ONLMpNFupVa -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 4991 bytes and written 417 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session:     Protocol  : TLSv1.2     Cipher    : ECDHE-RSA-AES256-GCM-SHA384     Session-ID: 8775FC02DD4BB31FF7BC9A171FCE8DDFBBBB8F0AA62FD4C781DCD147A3BAA3E5     Session-ID-ctx:     Master-Key: 8F011056B08AD2149D95D70FC51B2995D34C2C0862460213D10160CDC193B1021D27F62260EFF0400FBC4382F26C6E81     Key-Arg  : None     PSK identity: None     PSK identity hint: None     SRP username: None     TLS session ticket lifetime hint: 600 (seconds)     TLS session ticket:     0000 - 1b 45 d4 93 df 02 3b 62-99 3b 45 b4 da 55 94 27  .E....;b.;E..U.'     0010 - d1 ba 02 64 ea aa 8f a3-74 4c 2f 79 21 80 18 9e  ...d....tL/y!...     0020 - ba 2c 32 48 db c0 a1 2c-29 de 64 6c 7f b3 cc 33  .,2H...,).dl...3     0030 - d8 32 db fc 6f f2 d0 83-bc 56 0c fe d8 f2 20 75  .2..o....V.... u     0040 - d1 9b 2f 11 ab d5 91 b3-8f 9d 5d 6d 4d bb b9 93  ../.......]mM...     0050 - cb 1f 6f 49 0b 85 0a 15-ff 37 fb 3a 20 20 38 8a  ..oI.....7.:  8.     0060 - 50 b5 2d cf 29 e8 cc ad-39 b9 64 d2 7e f5 71 e9  P.-.)...9.d.~.q.     0070 - 1c d3 71 c9 97 f8 b1 93-50 20 0c 7c 17 28 7f b3  ..q.....P .|.(..     0080 - 5c a0 73 7b 48 10 35 23-78 0b d1 93 5c 9a 73 27  \.s{H.5#x...\.s'     0090 - 3f 08 f8 55 e8 9e 99 9f-f4 c3 89 59 e3 62 d8 0a  ?..U.......Y.b..     00a0 - e5 14 7c 8f 04 9b eb eb-81 9d 8d 10 67 9d 3c 29  ..|.........g.<)     Start Time: 1481290886     Timeout  : 300 (sec)     Verify return code: 0 (ok) --- ^C [2.3.2-RELEASE][root@pfsense.local.lan]/root:

Are you natting these downstream networks?  If not then YEAH.. But again.. Where is your transit network… You say pfsense has an address of 10.0.50, this is inside what you say you created a stated route of 10/8 That screams problem right there!!

perfect! Thank you heper

That is what I thought.  I'm the only badie in my place.  Thanks.

Aside from being below the minimum specs, performance would be very poor on that hardware. If it would run at all, it would likely struggle to pass more than single digit numbers of Mbit/s throughput. It's not worth the effort.

Most likely a hardware fault. Either it can't read the installation media (CD/USB memstick) or it can't write to the SSD/HDD.

Taken to PM to not steal OP's thread.

maybe its this problem: https://forum.pfsense.org/index.php?topic=116223.0

Hmm what exactly are you trying to do? Did you run into a problem? Rigging LCDproc is documented here, half way on the page: https://forum.pfsense.org/index.php?topic=44034.555 Good luck

So, The method you described did not work unfortunately. I tried it a few different ways and i was unsuccessful. I was able to do what I wanted to do by fiddling the outbound rules, by changing to manual outbound NAT rule generation. I matched all the autocreated rules so WAN1/LAN1 and WAN2/LAN2 were paired and there was no cross between the two. Not sure if this is the proper way to do it, but it's working. Thank you! Now to get L2TP working…

Does 2.4 support running off of USB?  Or if not, are you aware of a guide for optimizing USB boot for pfsense? Thanks! EDIT:  Did a full install to USB and it seems to be working.  I put tmp and var in memory, and set it to write only every 6 hours to disk.  Hopefully this will save my USB jump drive. Of note, and this is weird, if if set pfsense to use serial console, it crashes with BTX HALT again.  I had to completely re-install pfsense after I tried that and no amount of various USB jumpdrives with serial memstick written to it will boot.  Any ideas?

Or indeed here: https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#X-Core Some of that information is a little outdated now but still mostly relevant. I should point out that all of those boxes are getting old now. The two X700s I have have both stopped booting reliably likely due to bad caps. Steve

Don't think your crash has anything to do with your DNS problem on "ISP3 is connected to the OPT4 interface." I had issues with unable to update or get package before. My problem is was DNS has not route or could not find a route to netgate.com, I'm sure this is your problem as well.

Those are update images not full installation images. You only have one slice, not a full NanoBSD setup. Take the opportunity to instead use the 64-bit serial memstick to put a full install on there, forget NanoBSD.