Custom loader values should be put in /boot/loader.conf.local. Create that file if you don't have it yet. Steve

it install everything is necessary for pfsense to work, dependencies included example: [2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: pkg-static install pfSense-pkg-pfBlockerNG-devel-2.2.5_37 Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 9 package(s) will be affected (of 0 checked): <------ 9 dependencies New packages to be INSTALLED: grepcidr: 2.0 [pfSense] iprange: 1.0.4 [pfSense] jq: 1.6 [pfSense] lighttpd: 1.4.54 [pfSense] lua52: 5.2.4 [pfSense] pfSense-pkg-pfBlockerNG-devel: 2.2.5_37 [pfSense] py37-maxminddb: 1.4.1_1 [pfSense] py37-sqlite3: 3.7.7_7 [pfSense] whois: 5.2.17 [pfSense] Number of packages to be installed: 9 The process will require 9 MiB more space. 2 MiB to be downloaded. Proceed with this action? [y/N]: if no "New packages" are available than there is no dependencies needed or they are already installed

Hmm, interesting. You would not normally be able to just change the WAN to PPPoE (from dhcp?). The ISP and the ISPs router would need to already be configured for that. Steve

The solution that worked for me is here, https://forum.netgate.com/topic/156964/how-do-i-change-hard-drive-on-a-working-install?_=1604859343667

Apropriate allow rules (TFTP is UDP 69) , on the affected interfaces. /Bingo

Just had to try a few more things because I am stubborn. Character flaw, but I think at this point I am now done. There is no fix for this NIC/Hitron modem combo. I grabbed another SSD I had around, installed the 2.5 devel, did basic setup only on it- WAN set dhcp, lan set static ipv4. Nothing else. Connected the WAN to the Hitron modem and it flapped maybe twice, then no lights on modem or PFSense NIC. They just don't talk to each other. Connect the WAN to that little Netgear dumb switch and it's fine. So it stays like that till I can think of something else. BTW I also booted that SSD on an old test computer I have that has an old 2 port intel PRO 1000 NIC that also uses the IGB driver and it flapped then lights out as well.

I will try that, and see how it goes. If not, I can do it manually. /Jan

Hi ts1101, Good Day, Many thanks for the details again on this. I would agree with you with out any question. Prior unlocking, I could see its goes to BT Site for pay as you go subscription hence I don't want to take any chance i.e only by connecting lan2 port no phone line connected to it!. Some more setting pending with regards to WiFi access point need to keep them ready before hand. Will keep you updated. Thanks

furthermore if anyone has successfully negotiated this formidable task please feel free to enlighten this true nube with the details.

You should, ideally, restore a backup from 2.4.5 as well. There were some changes to the config format for 2.5.0 that are not backward compatible (like IPsec tunnel lifetime settings)

I also see this screen every time I login using Roboform. Oddly, if I ask Roboform to "Fill" the fields and press ENTER myself... I don't get the message. Looks like the way Roboform "presses Enter" is not compatible with the pfSense login page.

@fperloff said in OpenSSH - patching CVE-2018-15473: Interesting conversation about relative importance of fixing bugs vs adding to the attack surface. In this case, OpenSSH was patched, but FreeBSD doesn't use a patched version. The only options I see for passing the PCI scan are to either install a later version of OpenSSH for FreeBSD, which doesn't appear to exist, or to patch it myself and self-certify. If the latter, what tools are required and how do you patch existing software? FreeBSD itself has a newer version available in the ports tree. I dont know specifics about pfSense packages though.

@waynec said in Upgrade from 2.4.4p3 to 2.4.5_1 PHP ERROR: upgrading the packages before the update Don't do that, that could pull in dependencies that don't exist on 2.4.4. Best practice is to uninstall packages, upgrade, and reinstall packages. For instance I'm pretty sure I've seen posts about people who upgrade a package and find out they upgraded PHP versions, so lots of things are broken. https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-prepare.html#packages

@Gertjan You will gather I'm a newbie and more often I can break what is already configured and working! Simple traps like disable the LAN for testing on the webGUI, lose everything, no GUI, no SSH then I recover the box, hook it up to peripherals and use the last but one backup. Thanks, yes I already spotted the default /32 netmask and changed it to /24. My routing problem was linked to assignments, what physical ports were assigned when I first installed the image. The reason all my clients are static IP is I could find no easy way to filter via DNS to allow some clients and websites to go to VPN and others to bypass VPN? Yes I could configure the TV for DHCP since it is now on its own subnet without routing via VPN. In UK some video streaming services detect proxies and block access over VPN. My LG 'Smart' TV is getting old now. The LG WebOS seems very slow (compared to pc browsers). I suspect the TV processing and memory storage for apps is insufficient when I do want HDTV streams. I may solve all my streaming speeds and data link to the LG server by switching to a HDMI mini PC on my new pfsense TV port and just use the TV as the display device. Others have already posted a huge list of servers LG smart TVs can connect to in the background. A dedicated pc for TV and subscription services should simplify firewall rules for privacy. Most forget that once registering a smart TV warranty, the TV serial number, IP address and any email addresses given are linked to you. Gertjan - Thanks for your input, I will try that out. I already use pfBlocker on the private LAN. I forgot about creating a static MAC lease for the TV.

He..He Been there , and "lost" the world by leaving it set to auto. Worked for a quite a while , and then some "Glitch" made it switch to the "other" Gateway , my OVPN tunnel. Since then i have always forced it to the ISP router GW. Note: I'm not using ipv6 (ISP doesn't provide) , so i left that to auto [image: 1603951186030-selection_2020102906-54-52.png]

Hi sorry im new on this thing... what im trying to is to replace Cisco 1841 Router with pfsense the cisco 1841 router has failed to work properly after a recent power failure at our place and for a temporary replacement we have setup a pc with pfsense installed in virtual box with the same ip as the router. i added a static summary route in pfsense firewall rules Pfsence 10.130.0.0 255.255.0.0 10.130.50.10 virtual box setup - Nat, Bridge Adapter Virtual Box Host adapter - 10.195.50.18/255.255.254.0/10.195.50.10 Pfsense LAN 10.130.50.4 1st pc network adapter - 10.130.50.5/255.255.255.248/10.130.50.3 2nd pc network adapter - 10.195.50.19/255.255.254.0/10.195.50.10 Old Router lan interface 10.130.50.4/29 Old Router Wan interface 10.195.50.20/23 now i can access pfsense (10.130.50.4) in all my vlan..pfsense is up and running but i can't ping the pc 10.130.50.5 or 10.195.50.10 in my vlan and also i have no internet in my vlan or pfsense i am able to browse internet from the virtualbox pc and able to ping 10.195.50.10 any other pointer on how i can fix this ? what do i need to setup in pfsense in order to get internet to work ? current pfsense setup ip wan v4 : 10.195.50.20/23 ip Lan v4: 10.130.50.4/29 this is my old cisco router config Router.txt

@viragomann A new modem from the ISP, It's not Static IP, looks like the ISP provides DHCP because if I connect it straight to a computer it gets a public IP and works, this is the Network Connection Details that gives me: IPv4 Address 76.30.XX.XX IPv4 Subnet Mask 255.255.254.0 IPv4 Default Gateway. 76.30.XX.X IPv4 DNS 75.75.75.75 75.75.76.76 I did configure the pFSense WAN interface for DHCP correct see below screenshot. [image: 1603882207039-screen-shot-2020-10-28-at-5.48.58-am.jpg] This is how the Gateway status is : [image: 1603882371746-old.jpg] The default WAN is the old internet with the old modem service that it's working fine. The WAN2 is the new Internet Service and new modem it's just stuck on Pending. Booth connections are from the same ISP Comcast. Thanks in advance.

Thank you good news!!!!!!

I have replaced the switch that died and now I'm working on tweaking and getting the network set up just the way I want it. Here's what I have so far... IP - 500/500 Mbps fiber to the house with PPPoE configuration to the WAN of my pfSense router. Cabling - All of the backbone wiring is brand new CAT8 cabling Router - pfSense running in a VM on my server using 2 of the 4 ports of a quad gigabit network card. Switching - 1 Unifi 8-port POE managed switch and 2 Flex-Mini POE managed switches. Access Point - 1 Unifi AC-PRO access point. I'm trying to set up a guest wifi network that gives me a sequestered network with a simple password for guests and that I can limit the bandwidth fairly easily. I'm a little confused about what to set up in pfSense and what to set up in the Unifi Controller as it seems that there is quite a bit of overlap between what each can do. I have seen some tutorials about setting up a network like I want to but they all seem to be using an older version of the Unifi Controller than the current one and the options are definitely different. Any guidance about this would be most welcome!