-
I have been trying to setup Pfsense on the Protectli firewall device. I followed the instructions in Michael Bazzell’s Extreme Privacy book, but after doing so, I tried to reboot and after 12 hours, it had not completed. So, then I tried to just upload a script provided on his website (inteltechniques.com/firewall). Everything seemed to go ok, but at end of the Backup and Restore action, I again got stuck in the reboot (currently trying to reboot for 14 hours). Any ideas how to remedy this issue?
-
@ajha If you watch the console output does it get stuck anywhere in particular, or log any errors?
-
It probably rebooted OK and just appears to have not rebooted. Though with custom scripts involved anything could be true!
Yeah, we'd need to know where it appeared to stop booting.Steve
-
@stephenw10 Thanks! That worked. However, I now have 2 issues: 1) I can connect the output of the firewall directly to my laptop via an Ethernet cable and connect directly to the web, but the connection speed is reduced a lot (I have 250 MBps from my provider but I am only seeing 120 Mbps down & 75 Mbps up); 2) When I try connecting this cable to an Asus router, I get a red LED for that connection and get no output from the router to connect to a webpage. Do you have any ideas on these issues?
-
@ajha said in Excessive Reboot Time:
When I try connecting this cable to an Asus router,
'This cable' is
@ajha said in Excessive Reboot Time:
connect the output of the firewall directly to my laptop via an Ethernet cable and connect directly to the web
== the LAN cable ?
( why connecting a LAN cable to another router ? )@ajha said in Excessive Reboot Time:
I get a red LED
Can you tell more about "Protectli firewall device". I don't have one so 'red led' can be anything.
@ajha said in Excessive Reboot Time:
(I have 250 MBps from my provider but I am only seeing 120 Mbps down & 75 Mbps up);
What is the negotiated speed settings on the WAN interface ?
LAN interface ?
See Status > Interfaces.Buffererbloat test ?
Check MTU. -
Which console are you using?
The configs on that site do not have the serial console enabled so you will see nothing after root is mounted at boot if you're looking there.
Those configs have a bridge which is generally a bad idea. But additionally it is configured badly for that type of setup. The IP and DHCP server is on the LAN interface rather than on the bridge interface itself. That means that if you connect a device to the OPT ports and do not have the LAN connected it will fail.
It's configured to send all your traffic via the VPN so the available bandwidth will be dependent on the VPN speed which could be limited by either the provider or the CPU in the firewall.
Steve
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.