Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense+, tokens vs nic changes, broken registration

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    4
    581
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GPz1100
      last edited by

      use case: home lab

      I'm in the process of planning to migrate from sophos UTM to pf.

      I need some clarification on how the NDI number is tied to tokens to hardware.

      It's my understanding part of the hardware hash includes the nic(s) mac address(es).

      For example, pfsense instance (vm), has 2 nics in vfio (passthrough). Token applied and instance registered, software upgraded to pf+ 23.01.

      What happens when a third nic is added (vfio or virtual)? Will the registration break?

      What is the best way to strategize adding new nics so as to avoid breaking the registration?

      Based on reading other posts, a ticket can be created to fix the existing registration or a new free token applied. Is one method preferred over the other?

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @GPz1100
        last edited by

        @gpz1100 said in Pfsense+, tokens vs nic changes, broken registration:

        I need some clarification on how the NDI number is tied to tokens to hardware.

        The token is one-time use and is converted into a pfSense Plus license/record for your NDI.

        It is based on all the NICs in your system at the time of application. If you have 2.5GbE NICs that are not recognized your NDI will change after installing pfSense Plus.

        Best solution to not breaking the NDI is not changing your NICs. If you're on VM take plenty of snapshots so you can roll back. If you have to crush your install and start over use the same VM instance and don't make a new one. If you can make your MACs static, do that.

        If you have Intel 226 NICs and you do the upgrade you have two options:

        1. Open a ticket and explain your situation and include your original NDI, the new NDI, your Shopify Order number and we'll migrate. Please also include a screenshot of your System Information widget on your pfSense GUI Dashboard in your ticket.

        2. If your original one-year license is expired get a new token.

        If you subscribe to TAC Pro or TAC Enterprise as well just do step one and open a ticket explaining your situation.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        G 1 Reply Last reply Reply Quote 0
        • G
          GPz1100 @rcoleman-netgate
          last edited by

          @rcoleman-netgate
          Thank you for the quick response.

          Is the NDI tied to the physical nic mac or virtual (spoofed)? To get the wan operational its mac has to be spoofed.

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @GPz1100
            last edited by

            @gpz1100 said in Pfsense+, tokens vs nic changes, broken registration:

            Is the NDI tied to the physical nic mac or virtual (spoofed)? To get the wan operational its mac has to be spoofed.

            The MAC as it is presented to the core OS. Internal spoofing in pfSense is not taken into account.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            1 Reply Last reply Reply Quote 0
            • First post
              Last post