Paste the encoded data and end with Ctrl-D (EOF).

Use full install, not nano!

simple search here on pfsense forums for xenserver would of pointed you to many threads with pointing out the checksum problems.

There is even a Sticky in the VM section
https://forum.pfsense.org/index.php?topic=88467.0

Someone would possible even have replied if this was posted to the proper forum. (Basically, the question has nothing to do with pfSense, that VLAN clicking takes about a minute.)

Yeah, either you did not install at all or you failed to remove the CD.

Guys,

I figured out what was the problem. I had Device Polling enabled, and apparently it was causing a unexpected exception in the driver.

Turned it off, now everything is ok.

Also had to turn the hw.ixgbe.allow_unsupported_sfp, considering that I'm using a DA cable.

That's fixed in the next snapshot.

Ahh yes, certs. I'll never forget the time a senior dev asked me if I should encrypted my random token because if it's not encrypted, then someone else may be able to spoof it. Yes, someone going to guess my 256bit crypto-grade random token.

Ignoring the fact that the encryption class he wanted to use was a company internal one that uses a static key and static IV. /derp

@cmb:

@heper:

@cmb

i've experienced the same/very similar issue on a crappy dlink nic (sk0 driver) that worked fine before upgrading from 2.1.x –> 2.2.x  .... so in my case very similar situation with a non-intel nic. (haven't found the time to swap nics)
currently i'm rebooting the firewall every morning at 5am and haven't received any reports like "please fix my internets"

Could be the same solution for that, try disabling MSI and MSIX.

In the Intel case, it appears the new driver wants to enable things that don't work on some small minority of cards. Could be a similar cause, though completely different root problem given different hardware and driver.

Some rebranded cards, like the HP i350s, may have MSIX disabled in the firmware, but still identify as an Intel i350, which can cause issues. Nothing like saving $10 on a $140 card just to have driver issues or reduced performance because they've disabled or otherwise customized the card.

In my case both of my Netgear switches support it and have through several iterations of pfSense (2.0 to now). In fact one of the Netgear switches requires management via VLAN1 so I'm somewhat stuck there.

In any case, I did try to have dnsmasq listen on all interfaces as well as specific VLAN interfaces when it was flapping yesterday. In both instances I saw the same flapping behavior.

I am happy to note that since reverting the dnsmasq binary back to 2.2.2 I haven't seen a single signal 11 crash, it has stayed remarkably stable on both my primary and secondary firewall.

And the built in Linux Mint Image Burner program is also problem free and stupid simple.

One thing I've learned with pfsense, linux, windows, whatever…

Don't install any feature unless you NEED it.

The cleaner and simpler you keep an install the less problems you will have.

Thats universally true.

@doktornotor:

Haven't seen a single complaint about the "harmful" patch for years.

+1

To cmb: Thank you, that was the information I needed! Things are running smoothly now after checking the Forwarding Mode button.

To doktornotor: This is exactly what I do. Additionally restricting by filter rules helps me enforce the DNS policy as DNS requests by misconfigured clients will pop up in the firewall logs. And malware that subverts a client's DNS configuration will fall nicely short of its objectives.

@cmb:

You don't need a different update URL, the default one is fine. The ADI memstick exists only so it's pre-configured with the appropriate serial console settings. Once it's installed, that's no longer relevant.

got it, thx. i'll give the update a whirl then.

Fuckin' finally… lol. Thanks, that worked.

Simplest way is to use the 2.2.3 installation CD or USB stick. Download the image you need from here: https://www.pfsense.org/download/

The installation process will do all the reformatting for you.

Restored 2.2.1 last evening: been running for 17 hours now; all problems gone again.

@Dadoo:

Update: the message in the Version box (on the dashboard) has gone away (even though we haven't changed anything), but now it's taking a very long time (maybe 30 seconds) to get past the login screen, after entering the password. I've checked DNS, to make sure it's working. What else might cause such a long delay?

I also discovered, this morning, that we lost a couple of rules. We just needed to re-enter them, but I'm not sure why the update would have deleted them, in the first place.

Did you get any notices at the top of your screen?  If you did, chances are it may have said something like "reverting to backup configuration" or something, which is why you lost your rules.  This, assuming you got that notice.

Thanks for the confirmation that this is by design and not a bug.

I just wasn't expecting it.