I am running 2.3.2_p1 and was running 2.3.2 with openvpn and no issues.  I am currently connected for that matter.  Both as pfsense as a client connected to a vps server running openvpn-as and as a road warrior client connected to pfsense openvpn server. Without some actual details of your setup, and what exact errors your seeing.  I have to assume since your using the export that your trying to connect to pfsense from somewhere else.  What IP are you trying to connect too?  Sure your using pfsense public IP?  Are you using udp or tcp?  What port - do you actually see the connection to pfsense, or is the tls handshake error after some other error? What does the log on pfsense show, what does the log on your client show?

In case anyone else runs into this, it seems to be esxi 6 related.  don't know if it's update 2 or not, but I can confirm the behavior doesn't happen on the same hardware with esx 5.5.

Thread management lic for juniper is not cheap..  Lookup on CDW shows it going for like 11K for 3 years. I am with muswellhillbilly here.. This is a great statement "If you're running a Juniper that nobody knows how to use, then I would think this is an obvious weak point in your security overall. Either educate yourselves in how to use the Juniper and make an informed decision about whether to keep it or not, or remove it altogether and substitute it for something you know something about" I could not have said it better.. While there are clearly some things that juniper can do that pfsense can not..  Your going to pay for those somethings ;)  Do you need those somethings is the big question.  The srx can be a bit tricky.  They are not as straight forward as say the ISGs or SSGs

There, that's all I am saying, it is a bug when the upgrade on vanilla systems fails. @Nullity: @pppfsense: Not what I am saying. It has gotten better, but in my experience, with other similar free software, the failure rate is very, very low. I, for one, have never had an upgrade failure with Untangle, and I have been using it longer than pfsense. With pfsense, in the last few years, every upgrade has had issues for me. Most of them small enough, but that is not the point here: This code is known and it does get to fail in vanilla configurations. Some condition/exception is not being detected or handled properly. Example: https://forum.pfsense.org/index.php?topic=119344.msg661368#msg661368 When I see the word 'odds' as a possible explanation of why the upgrade went wrong, it proves my point: Something is missing or being missed…. I know it is hard and I appreciate the efforts, but in order to get better, we need to admit the issues. @JonH: Today performed my very first ever upgrade, not knowing exactly what to expect. Seemed to work just fine.  No problems. lol… everyone knows that all complex software has bugs, known and unknown. This is not an interesting or useful observation. So, we admit there are issues... now what? Bug reports require details so that others can reliably and repeatably recreate your situation. Without these details there is nothing anyone can do. Things like "The update failed! HELP!!!" are not helpful. Also, don't forget about user error. :)

Doesn't make sense. If the NIC was working with a previous version, a new version would not have killed the NIC. Plus you do see the link on the modem coming up as pfsense boots right? (i.e. NIC works). Reboot modem, reboot pfsense. Check Status - Interfaces and try to get a new DHCP address. You can also try assigning the MAC address of the Linksys router to the WAN interface so you don't have to reboot the modem. Last resource, just for testing, assign the given DHCP address to the WAN interface (no DHCP). (You can also try connecting the pfsense WAN to the Linksys router and see if pfsense gets a DHCP address). @Ramosel: @pppfsense: You DID reboot the (cable) modem, right? Yep, several times.  Observation: As the power comes on to the pfSense machine, the link light on the Arris box goes valid (green).  As the boot progresses and the drivers load, the link light goes out.  Boot finishes with no WAN IP negotiation. Been busy with other projects but just may do a clean reload today and pull a restore. Rick

@kjoe: @Renato: @kjoe: @Renato: @Juve: This is a huge step back. pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :)) The only mean of upgrade I see is full reinstall with backup import…. This is sad. Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf: http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/ http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/ To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address. is just a problems here to update how do you bypass certificate check Using http instead of https that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update. here the log from update Upgrading pfSense-repo… done. Updating repositories metadata... Updating pfSense-core repository catalogue... Repository pfSense-core has a wrong packagesite, need to re-create database pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... Repository pfSense has a wrong packagesite, need to re-create database pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error repository pfSense has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error Unable to update repository pfSense Failed the after that i got this in system update The following input errors were detected: ERROR: Error trying to get packages list. Aborting...     pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required     ERROR: Error trying to get packages list. Aborting...     pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required Updating repositories metadata... Updating pfSense-core repository catalogue... Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error repository pfSense has no meta file, using default settings Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error here is the logs with certificate error solved all this editing pfsense.conf repo in /usr/local/etc/pkg/repos setting as http local repo and is done

A simple check for folks thinking about a non-sine UPS solution. Check the temperature of the power supply on wall current and again on the non-sine UPS. Even better check it with the UPS batteries at 75% charge levels as that can generate even more unwanted heat. We have had issues with several power supplies cooking when running on UPS power, they had run for months on wall power with no issues. Some power supplies, particularly some with PFC do not play well with non-sine power. We had to replace a number of HP desktop power supplies as the computers crashed on switching to inverter power. Full-sine or near-sine units are cheap enough that I'd not consider less today.

Hi jimp, thanks a lot for your reply! I was abroad for work so couldn't test this earlier at home. I installed the CE image and that went fine, I was able to import my config and all is up and running now. I did however get following message which worries me a bit: [image: 7sMeA6T.jpg] I followed following guide to install pfSense again on my SG-2440: https://doc.pfsense.org/index.php/Installing_pfSense#Performing_a_Full_Install_.28ISO.2C_Memstick.29 Should I be worried about this message? What is the best way to get the official optimized image for my SG-2440 that was on it when I first received it so I can manually upgrade to the latest afterwards? Thanks again for your help, I'm really glad everything is back online now :)

The first 4 lines under Cache information for squid.

Thank you Jim.

PFSense 2.4 alpha UEFI boots out of the box. I run it on a Qotom Q190G4 with ultra fast boot enabled and the pfsense bootloader timeout set to 1 second and it's unbelievable how quickly it's back up when it reboots!

had a similar issue trying to update using chrome…switched to firefox and worked smoothly.

@Lucky06480: I had a similar problem, described and resolved here : https://forum.pfsense.org/index.php?topic=119077.0 May be same solution can help ? Best regards, Luc Thanks Lucky06480 it worked. Thanks alot! Cheers!

Or to put it another way, that screen shot doesn't tell us anything significant. If you have a copy of your current config.xml, the simplest fix is probably a reinstall from scratch and restore the config. If you don't have a current copy you can try a rescue install to retrieve it (and/or previous versions) so you can do a full reinstall. Simplest and safest method overall.

Meh. Even though I forwarded purchase records, I'm being told I can't get the software. The only thing available to me through the portal is SG and XG hardware. I guess 2 year old hardware isn't supported any more. Not good. David