The ath(4) driver doesn't support USB NICs as far as I know.

@Gertjan said in BootLoader not found, please install an OS: @opticalc Well, the (cut short) TPM story is : if something changes the boot files on the boot partition, then the user should be warned when the system boots. That's the IMHO, whole idea behind TPM protection. On the other had, end user devices do have a TPM so they can install Windows 11. If its actually used to protect the system, only your BIOS can tell you that. OK, thanks - all that makes sense. But theres still got to be something weird going on with the pfsense installer, given linuxmint worked fine on a single partition, and pfsense gave so many problems?

Try capturing the encapsulated traffic on the parent interface. You could be seeing traffic that's dropped before it makes it out of the WG interface. I wouldn't expect it to be an issue though.

Skipping the untrusted certs there is expected in any install. CE is not supported in Azure.

Yes upgrading CE in Azure is not supported. And that includes to Plus. The only supported deployment in Azure is from the tested Netgate image.

The issue vanished on it's own

This is still an issue as of 2.8.0 / 25.07, and it drives me crazy. Gateway failure works as expected, the wireguard tunnels will fail over to the backup gateway and continue on as normal, but will never recover once the failed gateway comes back online. While a reboot will (usually) fix it, I usually just go into my routing settings and mark the secondary gateway as down, forcing it to revert back to the primary... the users tend to dislike it when I reboot the firewall in the middle of the day

@stephenw10 Yep; the php-fpm script hung right at config upgrade. Had to do ctrl-t to see what was stuck. Stayed there until the script timed out then threw an error and rebooted in 24.11.

@eloich Thanks, this worked. Was back online in 2 mins of reboot and I didnt remove any packages this time either.

Where are you trying to make that change?

Yes, in the dynamic repo system ugrades are supported from the previous two versions. So you can skip one version. For 25.07 that's 24.03 and 24.11 so you would have needed to upgrade to one of those first from 23.09.

@slu said in Filterdns has stopped resolving hostnames in firewall aliases: aybe its relevant how ACME is configured. Nice catch ! This : [image: 1754480078430-7f044d98-4fe3-4b61-9697-d44d3c9bd573-image.png] implies that when you set DNS Sleep to '0', it's the script itself that starts polling every 'x' seconds the domain name servers. If its using one of the Doh etc, (which you've blocked with pfBlockerng) then yeah, that fails ... Set DNS Sleep to "200" or so and solved ^^

Wow... very interesting thread. I found this just yesterday and it takes me half the night to to read it from start to end . Actually I am using a SG-3100 device which I switched to SATA SSD abt. 3 years ago. I was thinking about replacing it with a newer appliance, i.e. a SG-4200, thats why I am looking around here. To be honest, there is no technical reason for that, it was just to keep pfSense at the latest. But just this days a new v25.07 was released so I will keep my SG-3100 for a while. And BTW: the SMART values shows the SSD is still at 94% lifetime, so I can run the device may be until a 4300/4400/4x00 is availabe . Regards

@johnpoz Thanks John, looking forward to your findings.

For reference that's an ugly error but it's only cosmetic. It's safe to upgrade still if you see that after rolling back.

@stephenw10 again... no errors. It's kind of wild... [2.8.1-BETA][admin@waw-staff-vpn.cic.com]/root: pfSense-upgrade -dC >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: Fetching data.pkg: pfSense-core repository is up to date. Updating pfSense repository catalogue... Fetching meta.conf: Fetching data.pkg: pfSense repository is up to date. All repositories are up to date. Your system is up to date [2.8.1-BETA][admin@waw-staff-vpn.cic.com]/root:

So you're using the CARP IP address for the pfBlockerNG redirects? May I ask why that's necessary?

said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

@jimp Here it is: Aug 5 13:49:59 cleo filterlog[66564]: 247,,,1649447902,mvneta0.4092,match,block,in,6,0x00,0x00000,1,Options,0,56,fe80::417:952d:77be:4497,ff02::16,HBH,PADN,RTALERT,0x0000, which should match with this from the gui: [image: 1754416400265-screenshot-2025-08-05-at-1.52.20-pm.png]