Issues installing Pfsense on Protectli Vault
-
Have been using Pfsense for years and have decided to upgrade the hardware. Did some research and purchased a Protectli Vault FW4C which from the reviews runs Pfsnese really well. My old fanless small pc will be retired and the new Protectli will replace it.
So I downloaded the PFsense memory stick amd64 installation file and used Rufus to write it to a usb stick.
The USB stick boots and the Pfsense screen shows but it doesn't show the installation screen. It boots and ends up at a login prompt. If I type the default Pfsense user name and password it then shows the installation screen and wants to configure the WAN and LAN interfaces. I plug in the respective cables and Pfsense sees they are there and then tries to contact the Netgate servers and then says it can't see them. So basically I come to a stop.
I have messed about in the bios, turning fast boot off, legacy boot on, etc. Have spent 2 hours googling and going through Reddit but can't seems to find anything to help. I have also tried three different USB sticks. They all boot and do the same thing.
The installer used is the new network installer and it can't seem to find the Netgate servers. I have tried to input my isp given WAN ip address, used the google DHCP server address and the internal ip address of 192.168.1.1 for the Default gateway. I know the internet is all working as when I plug the cables back into the 'old' Pfsense running box the internet works.
Can anybody help? Or can I get hold of the 'legacy' installer which I have used many times before?
-
I think the new net installer is still in beta, but you can try
- Make sure the device is connected to the internet via the WAN port, example connect WAN port to your existing network.
- Login to the console prompt using the default credentials (admin,pfsense)
- Follow the prompts to install. If the device does not have a previous homelab or TAC license, it should allow you to install CE
Or you can download the legacy installers here.
https://atxfiles.netgate.com/mirror/downloads/
-
Hmm, that's not a failure mode I've seen. Would it be possible to get the boot log resulting in the login prompt? That shouldn't happen.
-
@elvisimprsntr Thanks ever so much for your help. I downloaded the stand alone installer and that seemed to work. Really appreciate your help
-
If you can provide any feedback from the Net Installer on that platform we'd love to have it. We can only fix that stuff if we can replicate it.
-
@elvisimprsntr thanks for posting the link to the installation image file download location. I had a similar issue as OP and was surprised that the pfSense website no longer seems to have links to the repository of installation files. Not sure what Netgate's long term plan is, but it is going to be super frustrating if they stop posting these files. The new Netgate installer appears to require internet connectivity, which for me is a non-starter: I like to keep my firewalls isolated from the internet until they are fully configured. (Am I the only one who thinks that's the best practice?!?)
-
Do you have (or can you get) a boot log showing that failure?
-
I think Netgate is trying to thwart unscrupulous vendors selling appliances with pre-installed images, who may try to install malware or backdoors without the end user knowing. Requiring registration to receive a download link and requiring internet access during install allows them to detect their activity and possibly block their IP addresses or domains. Because once the device is sold and the end user boots it up it will show up on a different IP address and domain.
For a home user it’s easy enough to connect up the WAN port to their existing infrastructure, assuming it’s not their primary firewall that is down and the reason they are trying to perform a new install. Thats why I have a cold spare appliance with pfSense installed and configured. I would just have to restore the latest config backup which is automagically backed up to my local NAS. I have not explored a HA setup since there is nothing mission critical on my home network.
For an enterprise customer or business providing IT services, I can see how this might add some complexity, especially if there is a user authenticated proxy to access the internet. It might require setting up a physical access controlled DMZ to allow appliances to be connected to the internet during install.
I am sure Negate has implemented something to prevent miscreants from setting up a DNS proxy and hosting the repo locally with expiring links, keys, certs, etc.
-
We want the process to be as easy as possible and this is a bug. I think we have a handle on it though, we have replicated it locally. Should be fixed in the next build.
-
L lightingman117 referenced this topic on
-
@stephenw10 apologies I don’t have the logs to send.
-
@stephenw10 apologies to have replied so late to your post. It was a strange error and nothing I could do could fix it. The old installer worked and I have pfsense working on my new unit.
Glad my post has been of use to improve the software by eliminating a bug. Thanks for all the posts from everyone and the link to the mirror site.
A superb piece of software.
-
No worries. I'm pretty sure we found and fixed that bug. The next installer build should have that.
-
R RyanM referenced this topic on
