@homikaushal said in Data Transfer:

I have a cisco 3560 8port swicth between pfSense and VMs.

What is the exact switch model number ?

IIRC some of the range are 10/100.

Hi,

@Jungtv said in Convert pfSense from virtual machine to physcial machine:

t 70 physical machines .... don't have internet access ...

You could check with VMware how to clone the disk space.
This way everything will be copied over, packages included.

The basic idea of pfSense is : save the config file, and import it on another device
But it will be not a 100 % pure "sit back and watch" experience : the network interfaces will probably be using other drivers, so other interface names. You have to re do that part of the setup for sure.

Install a Ethernet router, not connected to the Internet is still like construction a swimming pool without any water in the neighbourhood. The question has been asked many times before, and I guess it's possible to preload the package files. It boils down to : are you a real FreeBSD expert ?

Well I hunkered down for a long list of troubleshooting, listed out the various things I was gonna try in the order I'd try them.

I released and renewed DHCP under Status->Interfaces->WAN (while running a pcap) I restarted the modem with the WAN ethernet cable plugged in and the pfsense box powered on the whole time etc

And I never got to spoofing the mac address or anything. The WAN IP was still 0.0.0.0 and the pcap looked the same after the first step but after a restart of the modem it grabbed an IP address!!!! I swear I power cycled the devices many times in a multitude of different orders of operations and it never worked. Maybe the release and renew of the dhcp, though not working before a modem restart, actually did something to help on the next modem restart. In any event, fingers crossed, i seem to finally be up. I don't understand why I had issues with only the Dell installation but at least I have learned a few things along the way:) Thanks for all your help!

@slightlybeige said in IP address conflict on new install despite changing it?:

The fault I'm more interested in is how changing the interface IP appeared to somehow NOT change the interface IP.

Connecting to an Interface and changing the IP is time critical. I can't test it right, now, but I guess you wind up having a big green Apply button. Ones hitting that, there will be a message that states that pfSense changes LAN settings, and a browser redirect should activate in "20 seconds". After the delay, the GUI should work on 192.168.1.4.
If you connected your new pfSense to early, some of your network devices might have 'sniffed' that another "192.168.1.1" device was present on the network, and things go haywire.

Btw : when starting up a new pfSense, I always activate the console access. Serial if possible, if not keyboard/VGA and by SSH also. Maintenance related to the GUI itself, IP changing, etc, I don't use the browser that, I use the console.

Hmm, that is usually OK to have enabled but yeah I;d just leave it disabled if it's causing a problem.

Steve

Concur with Stephenw10 here, complex is normally not the best choice.. Why can you not just route/firewall with pfsense - if your current edge device can not be put in modem/bridge mode so that pfsense gets public IP on its wan.. Then just double nat.. Much simpler setup! Than bridging..

@johnpoz

The AirVPN guide has the Do not pull routes checked so that is what I do. I do override the VPN to allow Netflix to work and also my email server but that is it.

I learned something today.

Thanks guys. Much appreciated

Randy

Yes we usually don't make CE installer images for patch releases but made an exception for 2.4.4p1 as there were a number of nasty bugs in 2.4.4 it fixed. Things that could prevent you easily updating.

Another good place to check is here: https://docs.netgate.com/pfsense/en/latest/releases/versions-of-pfsense-and-freebsd.html

Steve

Many thanks Steve! You're a genius! adding route-nopull worked.

VLAN30 is clear to isp and VLAN20 on VPN and does not go outside when the VPN connection is dead.
Problem sorted!! Thanks again!!

I'm pretty sure the VPN wasn't the problem. I built this box from scratch. My old firewall worked no issues. This problem only started occurring when I went to this version.

I also posted my issue on a Pfsense Facebook forum and I had a couple people confirm they also had the same issue when they went to version 2.4.4 p2. Their fix was to revert back a level. That isn't the best option for me at this time.

I'm not an expert but I'm far from a novice.

Realize this topic is rather old but just wanted to update it that I went ahead and ordered caps from mouser that matched the spec of the ones I pulled off the board and got the old Firebox running again! Was even able to get it booting off a hard drive. Really appreciate all the insight offered!

FYI- Looks like you set it to pull updates from the 2.5.0 development snapshots but didn't upgrade to 2.5.0.

Sorted now thanks to Support ☺

They are normally generated if they are missing when you try to update. What actual error are you seeing?

Steve

@JeGr
As haproxy terminates the TCP connection in a socket, and the state of that socket is not sinked to the secondary haproxy node the TCP connection will break when a failover is performed.

Stick-table content can be synced.. but the state of all socket-connections is not.

@adam65535
As for configuration changes on a running haproxy this should not have much notable impact on http connections as it would ask the browser nicely to close existing http connections, and new TCP-connection can be made to the already running new haproxy instance. And the old process keeps serving connections until the hard-stop-timeout (its default on the pfSense package is 15 minutes) or it will stop when no connections remain. Long existing connections like for a database connection or a ssh session, yes those would eventually break.. Or you would need a stop timeout of like 24 hours or something.. but that gives a risk of running lots of haproxy processes simultaneously if several changes are made during a day, risks like out-of-memory then arise...

Again: Pick an addon card, read up what chipset/controller it's using for the RS232 port and then check whether it is supported by FreeBSD. The PCIe bus has nothing to do with it.

1225v3 is the CPU.
https://ark.intel.com/content/www/us/en/ark/products/75461/intel-xeon-processor-e3-1225-v3-8m-cache-3-20-ghz.html

The prebuilds usually have similar or slower CPUs no?

Is ECC really needed for pfsense and if you claim Single thread is that badly needed do you have any actual data to back that up because for my house even the 3770 should be faster than anything else I currently have set up or could reasonably buy.

Also what about the NICs? I heard there are issues with fake NICs and wondering on prices for NICs because I have to do the used/generic route.

@Boab said in adding new subnet to existing WAN:

I think I may have resolved it still checking. Writing it up on the forum and having a meal/break clears your head.
will report tomorrow.

Show us how you did it, with screenshots!

Jeff