@kevindd992002: I tried this and it worked: https://forum.pfsense.org/index.php?topic=97554.0 Thanks :)

Currently there is no practical way to update offline using pkg. Though there are some ways it can be done with high effort (e.g. local mirror of the pkg server content) In almost every case it will be simpler to reinstall in place, using either "rescue config.xml" or this procedure to put the config back in during installation: https://doc.pfsense.org/index.php/Automatically_Restore_During_Install

There is no automated way to fetch a config like that from USB. It can be done manually, but you'd have to run the proper mount commands by hand. If you search around for something like "pfsense mount msdos config" you should hit a forum thread with the procedure.

I mask the addresses for a reason - I have been in IT for nearly 20 years now and I've seen my share of script kiddies and wanna-be's who troll sites like this looking for "inside information".  This is the first forum that I've ever seen it be a problem in solving an issue.  So here is the information you're looking for…you can tell me if it helps, but I'm guessing probably not? I apologize for my mis-explanation of the routing - the WAN is a single block of 3 usable IP's consisting of each WAN IP and the CARP VIP.  Then I have a ton of 1 to 1 mappings going on for several other IP blocks, and all of those are routed to the CARP VIP...the 3 IP's on the WAN side are routed to themselves (Primary to Primary, Secondary to Secondary and CARP VIP to CARP VIP).  I have not only confirmed this routing with my host, but they also told me they are getting no ARP replies from the secondary box either...  

If you want my 2 cents, not a fan of opening this sort of stuff open to the public.  I just vpn into if need to access anything on my network be it files or plex server, etc.

@cmb: Sounds like the same issue FreeNAS folks appear to have tracked down to: https://bugs.freenas.org/issues/3273 at least starting from the mountroot failure "failed with error 19" and following the trail lead there. Are you booting from a USB drive of some sort? What are the details of your hardware? I've seen that this was already been more than few months old, but if somebody out there still encounter this probel, you can try my solution below. I was able to resolve this issue with my pfsense 2.3.2 on Windows 2012 R2 Hypver-V. mountroot> mount <enter>Expected sample output: /dev/57c0727e81075d96e on / (ufs, local, journaled soft-updates) devfs on /dev (devfs, local) /dev/md0 on /var/run (ufs, local) devfs on /var/dhcpd/dev (devfs, local) Take the first line as your mountpoint mountroot> /dev/57c0727e81075d96e <enter>Expect the machine to continue boot process. Cheers!!!</enter></enter>

Yeah, I wasn't thinking. Reassigning using option 1 won't Re-IP everything. If you enter the same physical interfaces you already have you can they just set an interface IP address on OPT1. I do not believe that will create a firewall rule, however, pfctl -d should work too.

pfsense wanip is dhcped and is a 10.x.x.x ip. You didn't ask about my modem firewall rules but I thought it was pertinent. when I did the port forward rule it did create the rule and it will work but the issue is when I dhcp my WAN pfsense my ip is x.x.x.6 and I need it to be x.x.x.1.  When I set the WAN to static and pick x.x.x.1 neither in or out work.  That is where I think the Comcast modem has to be bridged to work.  And why I ended up putting the pfsense vm in the DMZ with DHCP, I tried static in the DMZ to no avail as well. I read the steps and followed through them when the pfsense was not in the DMZ.  Traffic was not getting thru in. I have no desire currently to do multiple ips but in the future I might is why I switched to the virtual IP. Either way with the port mapping getting the x.x.x.6 ip or the virtual ip x.x.x.1 in the DMZ it works.  The only problem is now my port 80 doesn't go through on the x.x.x.6 (I did move pfsense to port 81) and because my web server goes to a different server I cannot use the virtual ip. So now my biggest issue is getting my web server working and getting my ip to be x.x.x.1 instead of x.x.x.6 using port mapping and not virtual ip. I do have a Comcast business connection and modem with 5 ips the 6th ip they setup on the modem itself.  The business modem firewall nat is shutoff.  the business modem is a virtual bride right now.  You have to call Comcast to get them to set it in physical bridge mode and I do not want to do that.  smoothwall works with trhe modem as a virtual bridge and I want to run side by side comparisons of the firewall to insure performance etc. is good before I pick pfsense long term.

I've gotten it so far as when connecting a LAN client, some services work (such as connecting to Facebook, Whatsapp), but webaccess still gives timeouts. Changing the DNS manually in the client seems to allow internet access! So it seems to be a DNS problem so far.

Hello never mind  , i have and  reinstalled from scratch and restored only the Openvpn part which contained  site to site vpn settings Thanks any way

That's understandable of course. However, I was more looking for a (rough) estimate as we could use that estimate to determine let's say, CPU time for a 1-time compile of all software and use that information to roughly extrapolate it to determine CPU time for the worst-case scenario of (re-)compiling all software on a continuous basis, which should be enough I reckon as after a 1-time compile, updates won't take nearly as much CPU time as compiling software from scratch.

The ADSL router likely has a copper-wire telephone-style physical connection that does the ADSL modulation stuff. That physical interface will be needed at the telephone cable coming into your home. So you are stuck with leaving the ADSL device at the very front. Typically you would put it into a "bridged mode" so that it just forwrads everything through to its LAN (ethernet) side, then connect pfSense WAN to the ADSL device "LAN". Then pfSense WAN gets the real IP address from your ISP, and whatever public services they are letting you do/provide. If the ADSL device does not "bridge", then you can just make it port forward everything from its WAN side to some private IP on its LAN side, and put pfSense WAN at that IP. That way of doing it does mean that there is an extra layer of NAT happening, and pfSense WAN does not directly have the IP allocated by the ISP. Then you put and AP on the LAN side of pfSense to do WiFi. Note: If you are using method (2) above, then it is possible to turn off DHCP on the ADSL device, turn on DHCP server on pfSense WAN (giving private IPs in that ADSL-LAN-to-pfSense-WAN subnet to the ADSL device WiFi clients), then NAT those back out WAN (so that they route symmetrically - client WiFi device<->pfSense WAN <-> ADSL "LAN" <-> ADSL WAN <-> ISP/internet). But that is all quite tricky when fault-finding or explaining it to someone else. Usually it is easiest to just put another AP on the true pfSense LAN side.

it has nothing to do with ipv6 either.. Do have a ipv6 thread going over that issue?  If so will take a look.  To be honest maybe my isp has just soured my grapes, etc.  But I just feel that many of the isp just not ready for primetime ipv6 deployment.  If want a /48 give me a /48 - for gosh sake a /56 at min via pd so I can have multiple segments inside my network.. Sorry but 1 /64 is just not enough.. And that /48 or /56 I get shouldn't freaking change at the drop of hat..  I should have that and always have that same pd.. If you want stable ipv6 where you might have get the pd you requested you might not, if you get one its prob different then the one you had yesterday, etc. I just run a tunnel from HE..  I know exactly what /48 I have.. Doesn't change - always up, speed is good, etc..

Problem SOLVED!  Turns out that I had a bad stick of ECC memory.  Replaced it and she is up and running!!! Thanks for the help.

ZFS support is in pfSense 2.4

Quick update - the config worked. Thanks. However, due to some unknown issue in the serial line, it was quite slow (i had set baud rate as 115200). I got me a serial-usb cable and things have been much better.