@lucky06480 said in Fresh install does not give Internet access [RESOLVED]:

Thank you for the link. But unfortunately , all checks pass …

I finally found the solution:

Valid (tick) "Disable hardware checksum offload" resolved my problem"
in [[i]System / Advanced / Networking]

Probably the external (WAN) USB-ETHERNET is the problem source.
It is curious, because the same hardware work perfect on different computer (Raspberry Pi, netbook, DELL PC, …).

May be a driver bug ?

Best Regards,
Lucky

Came here and made an account just to rant about this issue. I spent a whole workday finding the problem, installed pfsense multiple times because i thought something is wrong with the image or some bug in recent release. And i am not using USB-ethernet but VIRTIO in Proxmox on Intel Hetzner-Server. I bet i am not the first stumbling across this problem.
Outbound NAT just simply stopped working when having this hardware checksum offloading not deactivated. It doesn't even throw an error anyway. Guys....

Editing the /conf/config.xml AND deleting the /tmp/config.cache file should work in general.. Then changes should show up in the webgui, and after applying the settings haproxy should just start running. For haproxy i dont see any issue why it wouldn't work.. (besides perhaps some reference to a certificate-ID that might not exist in the current config..) The haproxy config itself is pretty stand alone regarding all the other parts. (unlike some packages that generate certificates/config on first install already) imho the issue with restoring a complete backup file is that it go's trough a reboot which isn't always nice when just adding a package to a production system..

It's not really a bad assumption, I would also expect that to work in there. Sometimes you just hit a corner case and some odd incompatiobility.

Steve

@gertjan Thanks, that's all I need to know!

@jasonl I got it working...bounced my phone :)

I had a GEDODE board that refused to boot from USB , and made a CD. Now it "booted" , but i think i got the same error as above.

I don't have access to my notes right now , but i think the solution was to specify some kind of "Wait for disk ready" delay or retrys , in the CLI.

And then boot.

/Bingo

@gertjan, Thanks for your help. I've been out for a bit. came back and the mapped drive connections are still stable. I think the fqdn was the key, followed by a restart of the NAS.

A benifit of this exercise was i found info on power tuning the Synology NAS. I took care of that at the same time and the file access is much faster.

Now i'm going to plan the next network project which will be the changes needed for a VPN.

@dedwards There is something else going on here. With all on the same subnet, PFSense would not be involved unless it was doing something like DHCP when you already have DHCP through your servers. If the client picks up DHCP, for example, from PFSense instead of your DHCP server, it could end up in the wrong subnet and so not see your servers, causing a failure. So make sure that PFSense is not providing any DHCP. Only other thought, if you have more than one LAN port on your PFSense and are using them instead of a dedicated switch. PFSense is not a switch; each lan port is a different network. Other than that, I don't see how PFSense, or any router, would have any influence on what you are doing, as everything you have setup is on the same network. PFSense would not have any bearing here; firewall rules would affect the connection to the internet, but nothing between clients on the same subnet. Whatever switch you are using, is connecting your servers to your clients and that's it. You don't even need a router for what you are attempting to do with WDS.

@marekandreansky said in Box dead after reboot, caused by UFS corruption ? ZFS vs UFS?:

Any idea why its not the default option for pfSense?

Read this.
The bad news, and good news : ZFS is already build into the kernel, which makes it much bigger.
Also, processing and maintaining all this information will take many more CPU cycles. Ok if you have a 'big' processor. ZFS won't work on small drives, and needs a lot more RAM.
A router / firewall is normally not file system bound, it use the storage device to boot, and store some boot settings and operational settings.
So, I guess, by default, it's very overkill to use ZFS as the default.

But these days people have firewalls have multi cores, with 250GB++ (raid ?!) drives, and several GB if memory, so ZFS could be an option.

The next time I re install pfSense, I'll choose ZFS, if I remember the option. The thing is, it will take years before I have the occasion to do so ^^

Moved this to new topuc since it's unrelated to that 2 year old thread.

You are unable to ping 8.8.8.8 from pfSense itself?

Does it have a valid IP address, subnet and gateway?

Does it have a default route?

Are the virtual NICs showing as UP?

Do you have other VMs there that can connect out?

Steve

@tm_an said in Upstream fixes missing?:

Or is my local update bugged?

Easy to check. Visit System > Update System Update : does it say "up to date" ?
Visit System > Package Manager > Available Packages : does the list gets populated ? Do you receive package updates ones in a while ?
Visit SSH (console) : option 8 and " pkg update" : do you receive a :

pfSense repository is up to date. All repositories are up to date.

About "CVE-2020-25577" : see for yourself : https://www.cybersecurity-help.cz/vdb/SB2020120118

The first one : local access is needed ..
The second part : a special ICMPv6 crafted package : you use IPv6 ? Accessible from the outside ? Normally, there are no WAN rules, that is, there will be one rule : block everything. Crafted, or not.

CVE-2020-7469 : somewhat the same thing : ICMPv6 : https://lists.freebsd.org/pipermail/freebsd-announce/2020-December/002000.html (take note that FreeBSD 11.3 isn't listed here which means there is no patch available or the issue doesn't exist for 11.3).

Anyway, it's an upstream FreeBSD issue.

Ah, OK. Yes that sounds correct.

You could image the drive with something. There's nothing included in pfSense to do that.

However you can install and import and config at the same time which reduces the install time to close to a few minutes if the have the install media prepared.

https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#automatically-restore-configuration-during-installation

Steve

Does it even tell you what the name of the file is that its trying to download extra?

Chrome creates a file while its downloading

crdownload.png

Could it be your system warning you about that? Then it renames it?

I can not duplicate what your seeing - and without more info, like the name of what its trying to download? Not much else can help with..

I don't have a mac mini to test with, but I don't see such behavior in any browser, firefox, chrome, edge..

Where are you running tcpdump? On xn2 directly? Is the vlan tag correct on the incoming ARP traffic?

You have disabled all the hardware off loading you can? Could be some hardware VLAN stuff breaking things.

@stephenw10 Thank you Stephen you saved me 👍 . I was like banging my head here and there, Thanks a lot ..

@masteradde

Hi Guys, ok Are you ready for this! I was having the same exact issue and I was able to fix it!

I don't know how I fixed it because what I did was a complete mix up of steps that are not in any beta that I have found.

So What I did when I got this picture as seen above.

Go into Machine setting and click on reset. Re-install pfSense ISO image. pfSense-CE-2.4.5-RELEASE-amd64.iso.gz Go to this link and follow these steps [https://technicalustad.com/how-to-install-pfsense-in-virtualbox/](link url) Once the install is complete from bios boot up hit reboot (do not force unmount yet) Once it reboots go through the process again. When is ask if you want to reboot, then "Force Unmount" Then click reboot, then you will get error messages. (no worries) Either turn the VM off then or simply click on the Machine settings and click reset. This finished the Bootup process for me and took me to "pfSense dashboard" where you can then configure interfaces and ip addresses etc...

I'm not sure why this worked because it has nothing do with installing the software, it seems like their is a glitch in the boot up process and doing things in this "exact way" fixes it. At least it did for me.

I don't understand why its acting this way, because I installed two pfSense VMs on my laptop and did not have this problem. It always get weird if you "Force Unmount" at the wrong time. Maybe that is the answer. I remember seeing YouTube Video explaining when to "Force Unmount"

I hope this helps, let me know if you have any questions and maybe I can help!

@dlehenky said in Does the SG-5100 run v2.5 well?:

And you're a politician

No need to start calling people names ;) hehehehe

ROFL...

@teicee This worked great!

@gertjan nothing comes up, and card does work in Linux...