Thanks, I'll do that.

I've been researching ways to backup a pfsense installation as a clone disc image and it isn't easy. There was a mistake in my post because I'd backed up a flash drive 250Mb instead of the pfsense hard drive when the actual backup size without free space is 1.2Gb for a virgin install and 4Gb plus with packages, caches and logs backed up. Once I discovered my mistake I tried again. The only true backup is one which backs up then a restored disc image runs without errors or crashes.  I only found 2 windows GUI apps that claim to backup freeBSD format - Clonezilla and Acronis True Image.  I started with the 2.4 beta and Clonezilla wouldn't even see the hard drive(?) Acronis 2012 wouldn't see the freeBSD drive either. However, Acronis TI 2016 does see the pfsense hard drive as 3 partitions when run as the ISO on a bootable pendrive. I had limited success trying to recover from the 2.4 beta backup clone with pfsense stalling during boot.

I then installed pfsense 2.3.4 stable, repeated the backup of 2 partitions as 'copy sectors' but exclude free space and successfully restored from the backup .tib image I'd saved on a 16Gb pen drive. Acronis 2016 has options to save to a local (usb drive), a hard drive on the home network or a NAS drive. I was curious about this but I'm now pretty certain Acronis TI uses its own drivers with the NIC interface and is completely detached from drivers runing pfsense. It must do this to be able to write back the saved drive image.

I need to go further installing pfsense packages to see if I can still get a perfect backup of a pfsense hard drive across the LAN.  If it works, an Acronis 2016  local backup/restore can be done offline independent of an internet connection for the download and integration of packages using the built in backup xml file. For the moment I'm reverting back to 2.3.4 amd 64 stable version, although I miss the keyboard 'choose and test' built into 2.4 beta.

This disc clone backup method needs more testing, but I'm cautiously optimistic I can get it to work.

Sorry for bumping

Just thought I'd mention that GNU screen works fine with 2.3.4

same here with the

route: writing to routing socket: Invalid argument error

2.4 beta 6-26 build date

Without the full backtrace it is difficult to say what it might be with any certainty.

They can sure.  Would depend on the OS that is the client.. Windows can be flaky for example.. But when you setup a machine you should setup its primary domain.  And you can also setup multiple search suffix, and can even set them specific per interface, etc.

Its option 119 in dhcp, and while OS X and linux/bsd all support it - windows doesn't keep up with any sort of internet standards ;)  Their solution is to hand it out via group policy ;)

im a little confused, teredo is something windows uses to connect to microsoft servers to connect to ipv6 networks hence i was seeing teredo enabled on my isp.
what i do is connect with pppoe to my isp which provides ipv4 ip/dns/gateway but i see the push this also

Jun 23 12:03:04 ppp [wan] IPV6CP: Up event Jun 23 12:03:04 ppp [wan] IPV6CP: state change Starting --> Req-Sent Jun 23 12:03:04 ppp [wan] IPV6CP: SendConfigReq #1 Jun 23 12:03:04 ppp [wan] IPV6CP: rec'd Configure Request #29 (Req-Sent) Jun 23 12:03:04 ppp [wan] IPV6CP: SendConfigAck #29 Jun 23 12:03:04 ppp [wan] IPV6CP: state change Req-Sent --> Ack-Sent Jun 23 12:03:04 ppp [wan] IPV6CP: rec'd Configure Ack #1 (Ack-Sent) Jun 23 12:03:04 ppp [wan] IPV6CP: state change Ack-Sent --> Opened Jun 23 12:03:04 ppp [wan] IPV6CP: LayerUp Jun 23 12:03:04 ppp [wan] 020d:b9ff:fexx:xxxx -> 0225:baff:fe70:05fd

the xx:xxxx is the last 3 blocks of my lan mac id of pfsense.

now what i dont understand is does this mean isp is using ipv6 natively or something else?

@jimp:

No problems here with any of my own tunnels/setups. Given that everyone is complaining only about PIA, and the client wouldn't have any bearing on AUTH_FAILED (that's a message back from the server), this could only be a PIA issue.

If your problem started around the time of a snapshot update, it was purely coincidence or because of the reconnect and NOT because of anything that changed in OpenVPN.

It's possible PIA was updating their own systems to also implement OpenVPN security patches and something got fumbled on their side. I imagine a lot of VPN providers were in a bit of a panic yesterday since they are huge targets for abuse/exploit attempts.

Hi Jimp

I think your right, its back up and running now, but does indeed point to PIA maybe after the pfsense setup rebooting and trying to re-connect to their servers

Thanks again!

I just updated about a dozen systems it they all updated OK.

What happens if you try the upgrade over ssh using option 13, do you see any errors?

Fixed. Using  2.4.0-BETA (amd64) built on Thu Jun 22 03:42:40 CDT 2017

Yep the system widget will still show 127.0.0.1 as the first dns server, that is perfectly fine. Also when configuring other dns servers in general settings it will still use localhost, its just the manual setting of 127.0.0.1 that seemed strange :) , good its resolved now.  8)

Maybe you want to take a look ad wpad configuration of the dns&dhcp server. Together with a little wpad.dat wpad.da proxy.pac file served up. It should allow for automatic proxy configuration. If its enabled in the browser..

@bmeeks:

My first guess is you have a system whose NIC hardware driver is incompatible with the Netmap kernel driver utilized by Suricata when it is configured to use Inline IPS Mode.  I see messages in the crash dump related to netmap.

When attempting to remove the package, the Suricata GUI code will signal any running Suricata binary process to shutdown.  The GUI code then will continue with removing the configuration from the config.xml file and cleaning up certain things on the disk.  The pkg utility takes care of removing all the files it installed as part of the Suricata package.

Did Suricata install and successsfully start up for you?

Bill

I think it should not be NIC card reasons, WAN using Intel82576 pci-e. Suricata seem can start but it is can't stop or unstall.

If you have the power button on the widget dashboard screen and the mac address on the wake on lan its service page, we should be patched/good to go. Appreciate you working on a patch for this! I'll keep checking during updates if I have this issue arise again.

I think this is a great question which I was also pondering.  I only started running the latest snapshots because I had converted to a virtualized setup and felt that FreeBSD 11 would be the best version to run as a VM.  I started with Xenserver which was fine, but I moved to the latest beta of Proxmox and everything is working great.  I am planning on updating once a week or so, taking snapshots as was previously mentioned.  When I embarked on my little mission I had reloaded my config into a fresh install at least 5 times and everything went really smoothly.  As long as you have a backup of your config along with a pfSense ISO file, you are golden.  The package install does take a long time, so I would budget an hour or two of downtime if you do end up doing a fresh install and restore.

Looks like you have an invalid blank extend command entry on the "Host Information" tab. Delete it.

I pushed an update to the pkg that will prevent it from doing that in the future. It will show up eventually in the next round of snapshots.

Because that's actually the redis db directory and not ntopng, it may not belong in the ntopng FreeBSD port.

I'll add an mkdir to the start section of the rc script to make sure it's there.

Post at least the interface configuration, routing table and any packages you have installed. Nobody heare can make heads or tails (pun intented) of your log file without any context provided.