Never mind the crash report I just submitted before realizing that new binary was needed.
Resolved with update.

KOM is correct. After 2.3.x the x86 builds are likely to be discontinued, so that isn't a great path to take unless you're OK with being stuck eventually.

You'll still get some use out of it for the time being but I wouldn't consider that a good long-term plan.

Once upon a time we preferred the 32-bit builds since they were well-tested, that was several years ago though. Now practically all new (or reasonably new) hardware is 64-bit capable and that's where our focus is, and that's what gets the most testing.

More here: https://doc.pfsense.org/index.php/Is_32-bit_or_64-bit_pfSense_Preferred

Sorry for the late answer, got to catch up with life….

Here is the ifconfig.txt with the ipv6_link_local selected on network interface and unbound failing to start on reboot.

igb0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:08 inet6 fe80::ec4:7aff:fe31:aa08%igb0 prefixlen 64 scopeid 0x1 inet 71.48.1.43 netmask 0xfffff800 broadcast 71.48.7.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:09 inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2 inet6 2602:47:3001:2b00::1 prefixlen 64 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: no carrier igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:0a inet6 fe80::ec4:7aff:fe31:aa0a%igb2 prefixlen 64 scopeid 0x3 inet 71.48.1.75 netmask 0xfffff800 broadcast 71.48.7.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb3: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500 options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 0c:c4:7a:31:aa:0b nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: no carrier pflog0: flags=0<> metric 0 mtu 33160 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 0.0.0.0 maxupd: 128 defer: off syncok: 1 enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 nd6 options=21 <performnud,auto_linklocal>wan_stf: flags=4041 <up,running,link2>metric 0 mtu 1280 inet6 2602:47:3001:2b00:: prefixlen 24 nd6 options=1 <performnud>v4net 71.48.1.43/32 -> tv4br 205.171.2.64 igb0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:08 inet6 fe80::ec4:7aff:fe31:aa08%igb0 prefixlen 64 scopeid 0x1 inet 71.48.1.43 netmask 0xfffff800 broadcast 71.48.7.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:09 inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2 inet6 2602:47:3001:2b00::1 prefixlen 64 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 0c:c4:7a:31:aa:0a inet6 fe80::ec4:7aff:fe31:aa0a%igb2 prefixlen 64 scopeid 0x3 inet 71.48.1.75 netmask 0xfffff800 broadcast 71.48.7.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>) status: active igb3: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500 options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 0c:c4:7a:31:aa:0b nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: no carrier pflog0: flags=100 <promisc>metric 0 mtu 33160 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 nd6 options=21 <performnud,auto_linklocal>wan_stf: flags=4041 <up,running,link2>metric 0 mtu 1280 inet6 2602:47:3001:2b00:: prefixlen 24 nd6 options=1 <performnud>v4net 71.48.1.43/32 -> tv4br 205.171.2.64 ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::ec4:7aff:fe31:aa08%ovpns1 prefixlen 64 scopeid 0xa inet 192.168.110.1 --> 192.168.110.2 netmask 0xffffff00 nd6 options=21 <performnud,auto_linklocal>Opened by PID 35006 ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::ec4:7aff:fe31:aa08%ovpns2 prefixlen 64 scopeid 0xb inet 192.168.120.1 --> 192.168.120.2 netmask 0xffffffff nd6 options=21 <performnud,auto_linklocal>Opened by PID 37481 ovpnc3: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 options=80000 <linkstate>inet6 fe80::ec4:7aff:fe31:aa08%ovpnc3 prefixlen 64 scopeid 0xc nd6 options=21 <performnud,auto_linklocal></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud></up,running,link2></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></performnud,auto_linklocal></promisc></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></broadcast,oactive,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud></up,running,link2></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></broadcast,oactive,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast>

system.log shows an error that unbound could not start because cannot bind socket: can't assign requested address for fe80:…..

problem worked around by setting this at boot time:

set hint.agp.0.disabled=1

This one feature will bring a lot of clarity for me when going over bigger rule bases.  Hats off to you Steve_B (or whoever did this work).  This is the one big feature for me that I will be looking forward to.  I have been creating dummy rules with descriptions but that really doesn't help a lot as it is not very easy to go through to find them.

Thank you.

@jimp:

Not all bears are bad…

https://www.vat19.com/item/worlds-largest-gummy-bear?adid=gbase&gclid=CKeTkeyOyMoCFQgGaQodlgcB2A

Bad bears, bad bears, whatcha gonna do, whatcha do when they come for you!  Bad bears, bad bears.

@Perforado:

Now that it works without MSI-X you could try a different Slot for the ixgbe-card (HP should have a best practice document for that)

And you could try to update the Servers Bios. Maybe MSI-X Setup is somewhat borked.

Server BIOS is up to date, running the latest release from HP which came out last month. I'll see if I can try a different slot. On a somewhat related note, I had to disable x2APIC in the BIOS for the machine to boot. Not sure if that's a BIOS or FreeBSD issue.

Ok, have gitsynced and everything seems to be working

grep powerd /cf/conf/config.xml showed the settings changed as they should.

thanks guys for your help

OK, I win the Dummy of the Day award.

I had cleaned out the WAN and LAN rules, but skipped over the Floating rules since I didn't have any shaper running at that point (I imported the rules from a 2.2.6 box with shaping.)

Please accept this bear.

Ted.png
Ted.png_thumb

I pushed a fix. Thanks!

@cmb:

Thanks for the ticket Phil, and Renato for fixing.

@Seth:

I owe CMB a bear.

Wow, you can keep the bear. Thought I was being helpful, not inviting a deadly animal upon myself. ;D

LOL

Glad you like them. I plan to add then to the NAT pages soon.

There are several things it would be "nice" to do with the separators: The things you have suggested, the ability to edit an existing separator etc, but we have to weigh the usefulness against the effort required to implement.

The separators were quite difficult to implement and doing much more to them would require that we revise the way the whole rules page works. At the moment, I can't really justify that amount of work for something that is really just a convenience feature used by a limited number of people.

We'll see how things look after the first release.

I have a question ….
Now Pfsense have a new method of update , peoples who Like dangerous life ( Like me ), can stay on beta updates ?

Sorry bad english

The general lack of fallback has a bug ticket open.
https://redmine.pfsense.org/issues/3152

@C0RR0SIVE:

Checked the "Prefer IPv4 over IPv6" option in advanced, and no dice, same error.

You have to flush whatever has a cache after doing so. Reboot with it set to prefer IPv4 and you won't hit that.

@JasonJoel:

I can't ever check for updates with IPv6 turned on in 2.2 or 2.3, even though other IPv6 traffic works fine (youtube, etc).

Sounds like you aren't getting a functional IPv6 IP assigned WAN-side. Your LAN hosts will go out via your routed/PD'ed internal subnet, the firewall itself will go out via whatever's assigned to its WAN.

Thanks for helping us test 2.3!

I see you found that a normal full firmware update will do the job. We had another similar thread here: https://forum.pfsense.org/index.php?topic=105435.0

Packages still have some rough edges but they're getting better all the time as we refine things.

I have posted Pull Request #52 for pfBlockerNG v2.0.7.

Just tested mine. Works fine but did see an error in the logs.

Time Process PID Message Jan 24 14:34:21 openvpn 15867 brianc/172.101.16.149:62964 send_push_reply(): safe_cap=940 Jan 24 14:34:21 openvpn 15867 brianc/172.101.16.149:62964 MULTI_sva: pool returned IPv4=10.10.10.2, IPv6=(Not enabled) Jan 24 14:34:21 openvpn 15867 172.101.16.149:62964 [brianc] Peer Connection Initiated with [AF_INET]172.101.16.149:62964 Jan 24 14:34:21 openvpn user 'brianc' authenticated Jan 24 14:33:44 openvpn 15867 brianc/172.101.16.149:62941 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #933 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Jan 24 14:33:44 openvpn 15867 brianc/172.101.16.149:62941 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #926 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Jan 24 14:32:53 openvpn 15867 brianc/172.101.16.149:62941 send_push_reply(): safe_cap=940 Jan 24 14:32:53 openvpn 15867 brianc/172.101.16.149:62941 MULTI_sva: pool returned IPv4=10.10.10.2, IPv6=(Not enabled) Jan 24 14:32:53 openvpn 15867 172.101.16.149:62941 [brianc] Peer Connection Initiated with [AF_INET]172.101.16.149:62941 Jan 24 14:32:53 openvpn user 'brianc' authenticated