You can't change that without editing the error page.  Read this post if you want to know about creating your own custom error page for squidGuard.

@doktornotor:

Did the box reboot at all after upgrade?

https://redmine.pfsense.org/issues/4653

i could have sworn it rebooted after the upgrade, guess it didnt! i'm a noob. Thanks for the help, its much appreciated!

Sorry Guys I'm having a real problem understanding why the rule for OPT2 is wrong and causing the inbound speed issue (especially as the active rule in my previous post is one created by PFSense itself). I have tried source: * and destination: * as shown in the above attachment but that doesn't help with the speed either.

Can you explain? or even suggest what the firewall rule for this simple test should be? (Note: with no rules for OPT2 the iperf test obviously fails as all traffic defaults to blocked).

As requested attached is a diagram. I'm testing on the OPT2/igb2 interfaces on both boxes as a simple case but the same speed issue is present on the LAN and FAILOVER interfaces (not tested the WAN side but I'd be amazed if that didn't have the same issue).

Also as requested here's the interface config from the PFSense booted box:

igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:30         inet6 fe80::ec4:7aff:fe32:5c30%igb0 prefixlen 64 scopeid 0x1         inet 192.168.1.247 netmask 0xffffff00 broadcast 192.168.1.255         inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 vhid 2         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 2 advbase 1 advskew 0 igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:31         inet6 fe80::ec4:7aff:fe32:5c31%igb1 prefixlen 64 scopeid 0x2         inet 10.10.1.1 netmask 0xffffff00 broadcast 10.10.1.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect         status: no carrier igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:32         inet6 fe80::ec4:7aff:fe32:5c32%igb2 prefixlen 64 scopeid 0x3         inet 10.9.8.1 netmask 0xffffff00 broadcast 10.9.8.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:33         inet6 fe80::ec4:7aff:fe32:5c33%igb3 prefixlen 64 scopeid 0x4         inet X.X.X.106 netmask 0xffffffe0 broadcast X.X.X.127         inet X.X.X.108 netmask 0xffffffe0 broadcast X.X.X.127 vhid 1         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 1 advbase 1 advskew 0 pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=41 <up,running>metric 0 mtu 1500         pfsync: syncdev: igb1 syncpeer: 10.10.1.2 maxupd: 128 defer: on         syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384         options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000         inet6 ::1 prefixlen 128         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7         nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536         nd6 options=21 <performnud,auto_linklocal>ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500         options=80000 <linkstate>inet6 fe80::ec4:7aff:fe32:5c30%ovpns2 prefixlen 64 scopeid 0x9         inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff         nd6 options=21 <performnud,auto_linklocal>Opened by PID 85860</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast>


@deltix:

If your modem is one of those USB 3g/4g/ modems I would recommend to use it directly with PfSense if possible/compatible. PfSense can do everything you need without Tomato router. If your USB modem is not supported by pFsense try putting Tomato router in bridge mode. If that is not possible you might have to do double NAT. But you really want PfSense to handle everything.

Nah, it's an external 4g wireless receiver that is up on a 30' tall antenna and connects to my router's WAN port via ethernet cable.

Yes.

Thanks.  Thinking I might stay with 2.0.1 for a while.  I think I know why we're having slight issues with it.  Somehow, the second box has a different password.  That means the two aren't working in CARP.

I have a monitor and keyboard in the Comms Room and, I believe I can change the password easily with those.

If I do upgrade, I'll try and image the disks first.  Have bought some 8Gb Kingston USB sticks for that and got a copy of Clonezilla from Tuxboot.

@cmb:

You can with the embedded version, quite a few people do that. I'd advise against cheap no-name USB sticks as they tend to not be very reliable for always-on long term usage (judging from the experiences of those here in the past who've tried them).

If you have to boot from USB, my recommendation is these:

http://www.amazon.com/dp/B00IVPU894/
http://www.amazon.com/dp/B002HGFKR8/ (buy whatever color is cheapest)

The Samsung MicroSDHC/XC "PRO" cards all use MLC flash.  I've been using these with full installs for a while now and have had no failures.  I also use them in my home PBX, my RetroPie box, my micro voice recorder, and my car.  Amazon had them on sale a while back and I bought like 20 in varying sizes…

Lexar actually makes a better card reader, one that supports USB 3.0 speeds and really lets the Samsung cards fly, but unfortunately they don't sell it separately.  If you want a cheaper SDHC card for use elsewhere though, you could always buy this and then just use the reader for your pfSense install.

http://www.amazon.com/dp/B00IF4OC1G/

hi, thx, for your time, for now i am on v2.2.0 x64 (at start point) with all working well.

Pleas can you help me, how to check logs (where are located, i upload all here) if i am on start position (are overwriten or append)?

Dredging up an old thread here but seeing as nobody responded…
If you're monitoring the thread and havne't got this working please ask again.  :)

Steve

hello
havent seen that same prob on nanobsd versio 2.2.1

TRIED installing full version of 2.2.1
=tested for 2 hours and was okay
=booted the following morning and dhcp not working
=statically put ip address on PC and start the webgui which gives again 503
=checked the console on bootup messages and found

fcgicli: Could not connect to server(/var/run/php-fpm.socket)
  pfSense (pfSense) 2.2.1-RELEASE amd64 Fri Mar 13 08:16:49 CDT 2015
  Bootup complete

@Gertjan:

Set up by hand and then do a restore, selecting ONLY DHCP settings … from your config.xml  ;)

I didn't know you could selectively restore bits of the config.  If this problem persists, I will definitely check that out.

You're on the correct version. The system must be sane given you've done multiple clean installs, so it must be something with the config. Could you PM me your config, or otherwise get me a copy? Manually browsing to status.php will get you a somewhat cleaned version (no keys, passwords, etc.) that you can copy/paste. Or if you wouldn't mind opening up access WAN-side from my IP so I can log in and check it out, I'll do that. PM me.

Should be straight forward. We've upgraded a few ALIX boards from even 1.2.3 straight to 2.2.x for support customers with no issues. There aren't any hardware-specific issues with the ALIX, which eliminates a good deal of the potential upgrade issues with the jump from FreeBSD 8.1 to 10.1. You're not using IPsec, which is where the bulk of the other behavior changes that could be problematic exist.

Go to Diagnostics>Nanobsd, and click "View upgrade log". If that button's newer than 2.0.3 (don't recall for sure offhand), check the contents of file /conf/upgrade_log.txt.

Interfaces: WAN is where both the assigned static IP address and the gateway IP address are configured.

The CIDR network (mask bits) must also be set correctly.

OK, this is a serious and confirmed PEBKAC.  ::)