Issues installing Pfsense on Protectli Vault
-
Hmm, that's not a failure mode I've seen. Would it be possible to get the boot log resulting in the login prompt? That shouldn't happen.
-
@elvisimprsntr Thanks ever so much for your help. I downloaded the stand alone installer and that seemed to work. Really appreciate your help
-
If you can provide any feedback from the Net Installer on that platform we'd love to have it. We can only fix that stuff if we can replicate it.
-
@elvisimprsntr thanks for posting the link to the installation image file download location. I had a similar issue as OP and was surprised that the pfSense website no longer seems to have links to the repository of installation files. Not sure what Netgate's long term plan is, but it is going to be super frustrating if they stop posting these files. The new Netgate installer appears to require internet connectivity, which for me is a non-starter: I like to keep my firewalls isolated from the internet until they are fully configured. (Am I the only one who thinks that's the best practice?!?)
-
Do you have (or can you get) a boot log showing that failure?
-
I think Netgate is trying to thwart unscrupulous vendors selling appliances with pre-installed images, who may try to install malware or backdoors without the end user knowing. Requiring registration to receive a download link and requiring internet access during install allows them to detect their activity and possibly block their IP addresses or domains. Because once the device is sold and the end user boots it up it will show up on a different IP address and domain.
For a home user it’s easy enough to connect up the WAN port to their existing infrastructure, assuming it’s not their primary firewall that is down and the reason they are trying to perform a new install. Thats why I have a cold spare appliance with pfSense installed and configured. I would just have to restore the latest config backup which is automagically backed up to my local NAS. I have not explored a HA setup since there is nothing mission critical on my home network.
For an enterprise customer or business providing IT services, I can see how this might add some complexity, especially if there is a user authenticated proxy to access the internet. It might require setting up a physical access controlled DMZ to allow appliances to be connected to the internet during install.
I am sure Negate has implemented something to prevent miscreants from setting up a DNS proxy and hosting the repo locally with expiring links, keys, certs, etc.
-
We want the process to be as easy as possible and this is a bug. I think we have a handle on it though, we have replicated it locally. Should be fixed in the next build.
-
L lightingman117 referenced this topic on
-
@stephenw10 apologies I don’t have the logs to send.
-
@stephenw10 apologies to have replied so late to your post. It was a strange error and nothing I could do could fix it. The old installer worked and I have pfsense working on my new unit.
Glad my post has been of use to improve the software by eliminating a bug. Thanks for all the posts from everyone and the link to the mirror site.
A superb piece of software.
-
No worries. I'm pretty sure we found and fixed that bug. The next installer build should have that.
-
R RyanM referenced this topic on
