[SOLVED] First installation, but PC no longer connects

WhiteTiger-IT

I don't understand what's going on.
I am new to pfSense.
I installed pfSense on a PC with three network cards; I have assigned interfaces and IP addresses; I connected from the PC; I changed some settings that I consider marginal, except for the port to be added on the browser.
I saved several configurations every time I finished configuring some menu.
I turn everything off and go home.
When I go back to the office and try the URL again, Chrome tells me that the address is not valid.
I try in private mode; I try with Opera. http and https.
Of course, I also try without the new assigned port.
So, I go to the console and do the "Reset to Factory Default" and I do the configuration of the cards again.
Nothing! My Win 10 PC still doesn't connect to pfSense.
From now on I have tried everything, including clearing the caches of ALL the browsers installed on my PC, resetting the network cards in Win10, even a new installation of pfSense.
I just need to install Win 10 again.
Obviously all cables are correctly connected and there are no VLANs in the switch (off and on again as well).

And what's worse I don't know how to test what's not working since the PC does not connect to the firewall or the Internet (I'm using a hotspot on a smartphone).

=== Update ===
I tried on a second PC. This also does not connect.
I noticed that on both PCs an address is not assigned by the pfSense DHCP Server.
However, on both PCs, even assigning a static address, they do not connect.
In addition, I also tried leaving the address 192.168.1.1 on the LAN card of pfSense.
Finally, I also tried to reset the pfSense motherboard's default values.
All attempts fail.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

I noticed that on both PCs an address is not assigned by the pfSense DHCP Server.

If these PC's do not have their default network setup (DHCP) then you have to setup up on these PC's the correct "IP" information (IP, mask, gateway, DNS - these 4 are all important). Which is non-advisable.
Leave everything to default is always the best way ;)

pfSense, behaves like any other router you can find on planet earth : when you unbox them, it works.
True : a WAN and LAN interface has to be assigned, because it can't know on what device you are running it, when it wakes up for the very first time. Up to you to hook up your internal network to LAN, and the upstream connection to WAN NIC.

WhiteTiger-IT

@Gertjan
As I wrote, it works neither with DHCP nor with static IP.
Obviously with the static IP the values IP, Mask, DNS and Gateway are correct.

As for the assignment of the interfaces it is not difficult.
I disconnect the three cables, launch the "auto" and then connect the single cable.
This is for each one of the three cables.

The red cable goes to the router.
The green cable goes to the switch where the two PCs are connected
The yellow cable goes to a second switch where nothing is currently connected.

So, I can't go wrong, nor do I assign cables to the interfaces, nor do I assign cables to the router and the two switches.

During the various installations I made, however, I noticed that pfSense randomly assigns the re0, re1, re2 cards.
Once they are connected in one way and another time they are connected in a different way.
I am therefore obliged to do the manual assignment to avoid problems and confusion.
For this reason I am sure that the assignment is correct.

==== Update ====
I solved the problem.

On the PC of pfSense I installed Xubuntu indicating to take the whole disk.
Then I installed pfSense again, always taking the whole disk.
Now I can connect to 192.168.1.1

I wonder if with the first installation something was saved that then remained on the disk even with the "reset to default factory" and with the (old) new installation of pfSense.
Something that has been erased using the entire disk for something else, Xubuntu in my case.

Or is it just a coincidence?

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

During the various installations I made, however, I noticed that pfSense randomly assigns the re0, re1, re2 cards.
Once they are connected in one way and another time they are connected in a different way.
I am therefore obliged to do the manual assignment to avoid problems and confusion.
For this reason I am sure that the assignment is correct.

Scary.
If the kernel detects interface on a subsequent boot in another order : then known interfaces will get assigned teh other way around. LAN becomes WAN ,etc which is a big security issue.
Such a situation should never happen.

But you're using "re" or Raaeltek NIC's. This forum is loaded with issues with NIC's : mostly Realtek ones, they are are then famous for this.

@WhiteTiger-IT said in First installation, but PC no longer connects:

On the PC of pfSense I installed Xubuntu indicating to take the whole disk.
Then I installed pfSense again, always taking the whole disk.

I guess it's possible to make the pfSense device a dual boot device.
The manual doesn't speak a word about it. I didn't even know people did such a thing.
Ones it own it's has it's own file system. pfSense doesn't look in other file system for it's settings, it isn't even aware that they exist.
As long as it boot, it should be fine.

@WhiteTiger-IT said in First installation, but PC no longer connects:

Obviously with the static IP the values IP, Mask, DNS and Gateway are correct

Great.
Understand that I had to ask.
Most people that install pfSense understand what an Ip is.
But masks (networks) , gateway etc : they are less known.
Like the famous : I set up my pfSense LAN to /32 (was /24) and now DHCP doesn't work ....

WhiteTiger-IT

@Gertjan
It happened again!
I have made a new installation.

From my browser I connected and arrived at the login page.
I did not enter and I turned off my PC; then, from the console of pfSense, I selected 6) Halt System.

Return to the office.
I turn on pfSense and once it is started, I turn on my PC, try the connection again and it gives me an error.
From the moment of installation to now I have only turned off pfSense with the Halt System command.

This is the photo taken on the pfSense PC after the installation.
After installation there is an error message.

This is the photo taken on the pfSense PC now

This is the photo taken on the switch with only the two cables involved.

And this is the snapshoot of the IPv4 configurations of my PC.

Gertjan

During boot, look at boot console screen.
At the end - you'll see the menu.

Use option 8 and command

ifconfig

compare mac addresses with interface / driver names = pfSense interfaces.
be sure they are not mixed up.

If your LAN became WAN , then all explains.

edit : when you set up a static IP on your PC, do not omit the Gateway - neither the DNS. You have to fill them in.
"192.168.1.1" for both. These 2 are not really optional.

valentinius

seccion reply lists seem to be useful for me, i dont remember where i saw them

WhiteTiger-IT

@Gertjan said in First installation, but PC no longer connects:

During boot, look at boot console screen.
At the end - you'll see the menu.

Use option 8 and command

ifconfig

compare mac addresses with interface / driver names = pfSense interfaces.
be sure they are not mixed up.

If your LAN became WAN , then all explains.

edit : when you set up a static IP on your PC, do not omit the Gateway - neither the DNS. You have to fill them in.
"192.168.1.1" for both. These 2 are not really optional.

Sorry, but are you telling me that during boot pfSense swaps the WAN with the LAN?
If true it is crazy!
At this point pfSense becomes totally useless because it is unmanageable.
Since there are thousands of them installed, I would like to understand why this only happens to mine.

Finally, I know that I have to put gateways and DNS on my PC, but if I want to surf with Wi-Fi I can't put them because there is already the gateway to this.

=== Update ===
From Xubuntu I deleted the partition on the disk and then I made a new fresh installation of pfSense.
Now I have arrived again at the login page and this time turning off and on I can still get to the login page.
I try again to do the configuration and we will see if it still works tomorrow morning.
Otherwise I don't know what to think anymore, except to blame the green goblins

For the moment, thank you

WhiteTiger-IT

It is simply ridiculous!
It was not possible that last evening it worked and this morning it no longer works!

Whatever the change that bothered it.
It cannot work at the time of the save and not work the next day.

And then what bothers?
I haven't even created a rule. I haven't even changed the interface configuration. Not even the name OPT1.
I changed the Dashboard, activated PowerSaving, created two users

Gertjan

This :

@WhiteTiger-IT said in First installation, but PC no longer connects:

last evening it worked and this morning it no longer works!

is close-to-none error description.

Something in the logs at the moment of change ?
Did it reboot ?
Did you check the interfaces ?

@WhiteTiger-IT said in First installation, but PC no longer connects:

created two users

It's a firewall. Two users ? You need two admins ?

WhiteTiger-IT

Everything closed at 12:45. At 16:00 I turn on and once again nothing works.
It was configured with DHCP and instead I am forced to put the Static IP on the PC, but even so it is not reachable.
There is no ping between PC and pfSense, nor between pfSense and PC.

If I don't log in, where can I find the logs?

@Gertjan said in First installation, but PC no longer connects:

is close-to-none error description.

So what?

Did you check the interfaces ?

The interfaces are correctly assigned to their respective MAC addresses, there has been no swap.
If they are working obviously I don't know.
The leds on the cards and on the switch work.

It's a firewall. Two users ? You need two admins ?

There are three users, two admin. I'm only using user "admin", but if I don't even get to the login page it's useless to talk about it.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

So what?

I'm trying to understand what can happen.
I can shut my pfSense, and start it right away, or hours /days later, and it will humm on as before.
You probably believe me that this happens with many others (although, most of do not shut the system down often).

So what so special about your settings and/or device, knowing that the code base is the same.

@WhiteTiger-IT said in First installation, but PC no longer connects:

If I don't log in

God mode always works The console access : the most important access because it's dedicated to those times when things go down hill.

I'm curious to see - from the console - a boot when all goes well, and one when the system goes 'freeze'.

WhiteTiger-IT

These are the steps during and after installation.
I don't find anything particular or wrong with what I have done.

PfSense installation

• Installation from USB stick
• Interface assignment
  (remove the cable from the boards, choose Auto and insert the corresponding cable)
• Assign addresses
• Yes for reverting to WebConfigurator
• DHCP for LAN and OPT1
• Continue from browser (admin / pfsense)
• Complete the Wizard
• Check for updates
• In System / General Setup:
  ** change the columns of the Dashboard to 3
  ** Top Navigation on "Fixed"
• First configuration of the Dashboard

Done Backup -1-Post Installation

Advanced configuration

• In System / Advanced / Admin Access / WebConfigurator
  ** Select HTTPS
  ** WebConfigurator / TCP port = 1020
  ** DO NOT enable WebGUI redirect (I tried also with enabled)
  ** Enable Browser tab text
  ** Enable Secure Shell on port 222
• In System / Advanced / Networking
  ** Disable IPV6
• In System / Advanced / Miscellaneous
  ** Power Savings Activate Enable PowerD
  ** Cryptographic & Thermal Hardware / Thermal Sensors = Intel CPU
  ** NO! Hardware Settings / Hard disk standby time = 12 (I tried with this settings)

Done Backup -2-Advanced-Config

User Management

• In System / User Manager
  ** Creation of SysManager group / Users "admin" with fewer rights
  ** Privilege assignment
  *** User - Notices: View
  *** WebCfg - Crash reporter
  *** WebCfg - Diagnostics
  *** WebCfg - Status
• User creation and association to groups
  ** Enable Custom Settings and specify:
  *** Top Navigatuon on "Fixed"
  *** 3 columns in Dashnboard
  *** Browser tab text = "Display page name first in browser tab"

Done Backup -3-UserManagement

WhiteTiger-IT

@Gertjan
Thank you for your interest and help.
I am aware that the problem is here, with my pfSense.

I don't understand what you mean by "close-to-none".
If you tell me where I find the log from the console, I'll go and see it

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

"close-to-none"

"we" as a forum audience like to "see" things.

Like :

Console or SSH access : I's using SSH because all is fine now :

Using username "admin".

Authenticating with public key "rsa-key-20190201"
Passphrase for key "rsa-key-20190201":
pfSense - Netgate Device ID: 195fccaad82dc1d68d5f

*** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pfsense ***

 WAN (wan)       -> em3        -> v4/DHCP4: 192.168.10.2/24
 LAN (lan)       -> em1        -> v4: 192.168.1.1/24
                                  v6: 2001:470:1e13:5d0:2::1/64
 PORTAL (opt1)   -> fxp0       -> v4: 192.168.2.1/24
 HENETV6 (opt2)  -> gif0       -> v6: 2001:470:1e12:5d0::2/128
 EXPRESS (opt3)  -> ovpnc2     ->
 OPENVPN (opt4)  -> ovpns1     -> v4: 192.168.3.1/24
                                  v6: 2001:470:bce0:3::1/64

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 8

[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dmesg
Copyright (c) 1992-2020 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.3-STABLE #243 abf8cba50ce(RELENG_2_4_5): Tue Jun  2 17:53:37 EDT 2020
    root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/sources/FreeBSD-src/sys/pfSense amd64
FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
VT(vga): resolution 640x480
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz (3192.07-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0xf43  Family=0xf  Model=0x4  Stepping=3
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x649d<SSE3,DTES64,MON,DS_CPL,EST,CNXT-ID,CX16,xTPR>
  AMD Features=0x20100800<SYSCALL,NX,LM>
  TSC: P-state invariant
real memory  = 2147483648 (2048 MB)
avail memory = 2005266432 (1912 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table: <DELL   DM051  >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 hardware threads
ioapic0: Changing APIC ID to 8
ioapic0 <Version 2.0> irqs 0-23 on motherboard
SMP: AP CPU #1 Launched!
Timecounter "TSC-low" frequency 1596034060 Hz quality 1000
random: entropy device external interface
wlan: mac acl policy registered
kbd1 at kbdmux0
000.000022 [4213] netmap_init               netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff812d9960, 0) error 19
mlx5en: Mellanox Ethernet driver 3.5.2 (September 2019)
nexus0
vtvga0: <VT VGA driver> on motherboard
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
acpi0: <DELL DM051  > on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x7f irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x5f irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0xecd8-0xecdf mem 0xeff00000-0xeff7ffff,0xd0000000-0xdfffffff,0xefec0000-0xefefffff irq 16 at device 2.0 on pci0
agp0: <Intel 82945G (945G GMCH) SVGA controller> on vgapci0
agp0: aperture size is 256M, detected 7932k stolen memory
vgapci0: Boot video device
vgapci1: <VGA-compatible display> mem 0xeff80000-0xefffffff at device 2.1 on pci0
hdac0: <Intel 82801G HDA Controller> mem 0xefebc000-0xefebffff irq 16 at device 27.0 on pci0
pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pcib2: [GIANT-LOCKED]
uhci0: <Intel 82801G (ICH7) USB controller USB-A> port 0xff80-0xff9f irq 21 at device 29.0 on pci0
usbus0 on uhci0
usbus0: 12Mbps Full Speed USB v1.0
uhci1: <Intel 82801G (ICH7) USB controller USB-B> port 0xff60-0xff7f irq 22 at device 29.1 on pci0
usbus1 on uhci1
usbus1: 12Mbps Full Speed USB v1.0
uhci2: <Intel 82801G (ICH7) USB controller USB-C> port 0xff40-0xff5f irq 18 at device 29.2 on pci0
usbus2 on uhci2
usbus2: 12Mbps Full Speed USB v1.0
uhci3: <Intel 82801G (ICH7) USB controller USB-D> port 0xff20-0xff3f irq 23 at device 29.3 on pci0
usbus3 on uhci3
usbus3: 12Mbps Full Speed USB v1.0
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xffa80800-0xffa80bff irq 21 at device 29.7 on pci0
usbus4: EHCI version 1.0
usbus4 on ehci0
usbus4: 480Mbps High Speed USB v2.0
pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib3
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xd8c0-0xd8ff mem 0xef980000-0xef99ffff,0xefa00000-0xefa3ffff irq 18 at device 2.0 on pci2
em0: Ethernet address: 6c:b3:11:50:c6:c6
em0: netmap queues/slots: TX 1/256, RX 1/256
em1: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc00-0xdc3f mem 0xef9a0000-0xef9bffff,0xefa40000-0xefa7ffff irq 19 at device 2.1 on pci2
em1: Ethernet address: 6c:b3:11:50:c6:c7
em1: netmap queues/slots: TX 1/256, RX 1/256
em2: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc40-0xdc7f mem 0xef9c0000-0xef9dffff,0xefa80000-0xefabffff irq 19 at device 3.0 on pci2
em2: Ethernet address: 00:1b:21:32:da:42
em2: netmap queues/slots: TX 1/256, RX 1/256
em3: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc80-0xdcbf mem 0xef9e0000-0xef9fffff,0xefac0000-0xefafffff irq 16 at device 3.1 on pci2
em3: Ethernet address: 00:1b:21:32:da:43
em3: netmap queues/slots: TX 1/256, RX 1/256
fxp0: <Intel 82801GB (ICH7) 10/100 Ethernet> port 0xdcc0-0xdcff mem 0xef97f000-0xef97ffff irq 20 at device 8.0 on pci2
miibus0: <MII bus> on fxp0
inphy0: <i82562ET 10/100 media interface> PHY 1 on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
fxp0: Ethernet address: 00:12:3f:b3:58:75
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf irq 16 at device 31.1 on pci0
ata0: <ATA channel> at channel 0 on atapci0
atapci1: <Intel ICH7 SATA300 controller> port 0xfe00-0xfe07,0xfe10-0xfe13,0xfe20-0xfe27,0xfe30-0xfe33,0xfea0-0xfeaf irq 20 at device 31.2 on pci0
ata2: <ATA channel> at channel 0 on atapci1
ata3: <ATA channel> at channel 1 on atapci1
orm0: <ISA Option ROMs> at iomem 0xc0000-0xca7ff,0xca800-0xcb7ff,0xcb800-0xcc7ff,0xcc800-0xce7ff,0xce800-0xcffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 102d0000102d
device_attach: est0 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 102d0000102d
device_attach: est1 attach returned 6
Timecounters tick every 1.000 msec
hdacc0: <Sigmatel STAC9221 HDA CODEC> at cad 0 on hdac0
hdaa0: <Sigmatel STAC9221 Audio Function Group> at nid 1 on hdacc0
pcm0: <Sigmatel STAC9221 (Rear Analog 5.1 Speaker)> at nid 13,15,12 on hdaa0
ugen4.1: <Intel EHCI root HUB> at usbus4
uhub0: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
ugen0.1: <Intel UHCI root HUB> at usbus0
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen3.1: <Intel UHCI root HUB> at usbus3
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen2.1: <Intel UHCI root HUB> at usbus2
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen1.1: <Intel UHCI root HUB> at usbus1
uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ata0: timeout waiting for read DRQ
(aprobe0:ata0:0:1:0): ATAPI_IDENTIFY. ACB: a1 00 00 00 00 40 00 00 00 00 00 00
(aprobe0:ata0:0:1:0): CAM status: CCB request completed with an error
(aprobe0:ata0:0:1:0): Retrying command
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
uhub4: 2 ports with 2 removable, self powered
uhub0: 8 ports with 8 removable, self powered
ugen2.2: <American Power Conversion Back-UPS RS 550G FW857.L4 .I USB FWL4> at usbus2
(aprobe0:ata0:0:1:0): ATAPI_IDENTIFY. ACB: a1 00 00 00 00 40 00 00 00 00 00 00
(aprobe0:ata0:0:1:0): CAM status: Command timeout
(aprobe0:ata0:0:1:0): Error 5, Retries exhausted
ada0 at ata2 bus 0 scbus1 target 1 lun 0
ada0: <WDC WD3200AAKS-00G3A0 40.00A40> ATA8-ACS SATA 2.x device
cd0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: Serial Number WD-WMAUC0015474
ada0: 300.000MB/s transferscd0:  (SATA 2.x, UDMA5, PIO 8192bytes<PHILIPS DVD+-RW DVD8701 5D24> Removable CD-ROM SCSI device
cd0: Serial Number MY0M9753701595AD01HQ
cd0: 33.300MB/s transfers)
ada0: 305245MB (625142448 512 byte sectors)
 (UDMA2, ATAPI 12bytes, PIO 65534bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present
Trying to mount root from ufs:/dev/ufsid/54ca20c41b3d50b0 [rw]...
random: unblocking device.
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz (3192.07-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0xf43  Family=0xf  Model=0x4  Stepping=3
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x649d<SSE3,DTES64,MON,DS_CPL,EST,CNXT-ID,CX16,xTPR>
  AMD Features=0x20100800<SYSCALL,NX,LM>
  TSC: P-state invariant
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 102d0000102d
device_attach: est0 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 102d0000102d
device_attach: est1 attach returned 6
lo0: link state changed to UP
em3: link state changed to UP
fxp0: link state changed to DOWN
gif0: link state changed to UP
tun1: changing name to 'ovpns1'
ovpns1: link state changed to UP
pflog0: promiscuous mode enabled
gif0: link state changed to DOWN
gif0: link state changed to UP
DUMMYNET 0 with IPv6 initialized (100409)
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched FQ_CODEL loaded
load_dn_sched dn_sched FQ_PIE loaded
load_dn_aqm dn_aqm CODEL loaded
load_dn_aqm dn_aqm PIE loaded
fxp0: link state changed to UP
em1: link state changed to UP
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to accept, logging disabled
IPFW: starting up interface tracker
em3: link state changed to DOWN
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
em3: link state changed to UP
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
gif0: link state changed to DOWN
arpresolve: can't allocate llinfo for 192.168.10.1 on em3
gif0: link state changed to DOWN
gif0: link state changed to UP
gif0: link state changed to DOWN
gif0: link state changed to UP
gif0: link state changed to DOWN
gif0: link state changed to UP
ovpns1: link state changed to DOWN
ovpns1: link state changed to UP
arp: 192.168.2.132 moved from f8:a2:d6:4b:dc:bd to fa:a2:c5:4b:64:44 on fxp0

The logs shows the hardware inventory of the kernel.
Could be interessting, because

** Power Savings Activate Enable PowerD

and if the MB doesn't support that FreeBSD approach of implementing PowerD, anything can happen (just an example).

What about rebooting when you reached the "Backup -1-Post " : if it comes back fine, you know you can proceed oen step ...

WhiteTiger-IT

@Gertjan
I can't even connect to SSH, which I'm sure I have enabled.
I also thought it might be PowerSaving.
The Motherboard expects this and the CPU is a Celeron. So this shouldn't be the problem.
However I install pfSense again and don't enable the option. I had already "discarded" the standby of the disc.
Considering that little is used, I would not mind that they would consume less, if everything does not stop.
Now I reset pfSense another time

WhiteTiger-IT

@Gertjan
Is it normal that after installation I cannot surf the Internet from the LAN?
I have to use a second PC connection on a Hotspot of my Smartphone to be able to surf the Internet and access the documentation.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

Is it normal that after installation I cannot surf the Internet from the LAN?

If the LAN NIC is ok, your PC NIC is ok, the cable is ok - and at least one of the NIC's support MDX (rather standard these days, before you needed a hub/switch/or cross over cable), then all you need is a cable and your connected.

Do understand that I use just one line for something that needs to meets hundreds of conditions to work.

Your PC will use it's default DHCP client to obtain an IP (and mask and gateway and DNS) from the DHCP server on pfSense - this is something every router on earth does, pfSense does the same thing.
This can be sen in the DHCP server log right away.
On your PC, a Windows thing ? Enter

ipconfig /all

and you see the other side.

edit : just by any chance : when you set up the DHCP pool on LAN, it's bigger as "1" - something like 192.168.1.10 to 192.168.1.100 and the LAN's mask is /24, not /32 (yep, this happens).

WhiteTiger-IT

@Gertjan said in First installation, but PC no longer connects:
The cable is OK, the switch is a good HP and it's OK.
On the other hand, the problem occurs after switching off and on.
pfSense refuses the connection.
Now I do a new installation of Win10Pro.
Mine is a clean PC with only very few applications installed: Dropbox, OpenVPN, VMWare Workstation, Evernote.
I do a new installation since on the net we talk about the problems with the latest Win Updates, but I'm sure that's not the problem.
Now I'm going by attempts.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

problems with the latest Win Updates

2004 ?
Runs fine on several machines here.

@WhiteTiger-IT said in First installation, but PC no longer connects:

VMWare Workstation

This one can do 'things' with the NIC of your PC .... Never sued it myself, although I have a VM using Windows Pro Hyper-V running pfSense just fine @home.

edit : side note : I wouldn't call a today fresh Windows machine a "clean" thing.
Bought two news PC's from dell this morning, equipped with Win10Pro and probably lose my temper (again) when I see that Candy & family popping up in my phase. These two PC's will get probably de-bloated first.

WhiteTiger-IT

@Gertjan
New installation from scratch of pfSense.
New installation from scratch of Win10 Pro.
No configuration neither in pfSense, nor in Win 10; not even an update.
A failed connection error returns from Edge http://192.168.1.1 and https://192.168.1.1.
I also tried with Xubuntu 20.04 Live. Always mistake.

With the PC clean and from a Live there are no more potential conflicts with other particular programs or configurations.
On the other hand, this PC has always connected to IPFire, OpnSense, Proxmox, VMWare ESXi, Debian & Ubuntu Server.
I have never had connection problems, both when SSH was needed and when I had to use a web panel.

Tomorrow I change the firewall PC, but I don't understand why since it never gave problems.

Then I give up because I don't know what to do anymore.

P.S .: I don't think it's some game that MS downloads in the Start Menu to create problems since I haven't even opened it.

Gertjan

@WhiteTiger-IT said in First installation, but PC no longer connects:

I change the firewall PC

What firewall ? where ? WinPro10 ?
When you buy a new PC, and you hook it to to some SOHO router - any router - it will obtain IP settings, and "connect to the net". Exception : the upstream network isn't using default settings, your you're behind a captive portal, you're using a company network with an "admin" above you. Or your WinPro10 found an Microsoft AD server, and that one forbid any network activity. But these things are rare and known in advance.

Have a look at these : https://www.youtube.com/results?search_query=pfsense+setup - look at any of them and see for yourself that there is really nothing special.

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

A failed connection error returns from Edge http://192.168.1.1 and https://192.168.1.1.

As you configured pfSense UI to port 1020 without redirection, that would be expected?

In System / Advanced / Miscellaneous

** Power Savings Activate Enable PowerD

** Cryptographic & Thermal Hardware / Thermal Sensors = Intel CPU

** NO! Hardware Settings / Hard disk standby time = 12 (I tried with this settings)

That makes me curious. I never ever had to configure anything on any hardware for PowerD. Yes I could, but what's the sense of it? It's a firewall it has to run 24/7 so why should I even think about sending it to sleep or configuring standby things? I'd leave PowerD off and set up the HDD standby to off, too. Makes no sense to me. Setting the Intel CPU for thermal on a Celeron is OK, if it has AES-NI capabilities switch that on, too. Otherwise leave the defaults.
Hardware can behave like a bitch with faulty ACPI/Power/Standby settings and BSD has had a few strange things in corner cases with few ACPI BIOS implementations, so I'd rather play it safe here and configure it to run 24/7 and NOT go into any kind of sleep mode. Would check the BIOS/UEFI for that, too.

Done Backup -1-Post Installation

So after a new installation, does your pfSense have proper internet via WAN? (you didn't write anything about the WAN side, only LAN and OPT1) Are the diagnostic options like Ping, DNS check etc. working? Can you install e.g. the sudo or cron package without a problem?

Is it normal that after installation I cannot surf the Internet from the LAN?

No it's not. If the above is true (my block above with checking WAN connectivity) and your pfSense has working WAN connection and can install e.g. a package without effort, a client connected to your LAN interface should work immediatly as the defaults allow any client on the LAN to access anything (default LAN any any rule and default auto. outbound NAT are enabled). So if your PC wouldn't work then, there's some other/bigger issues at play.

A PC on OPT1 will not work out of the box as there is no default firewall rule on OPT1 and it is blocked to access anything.

But as @Gertjan wrote, we'd need more info and probably screenshots about your interface settings and NAT and firewall rules as well as the DHCP server and DNS settings to see why that wouldn't work.

The Motherboard expects this and the CPU is a Celeron. So this shouldn't be the problem.

Nope it doesn't. No MB expects any form of power saving to be enabled. It's just an option to use.

If you tell me where I find the log from the console, I'll go and see it

You need to have console access to the machine (if it's a PC/Server, attach keyboard and monitor, for an appliance some kind of serial console etc.). If you have that available you can check the system like @Gertjan showed.
For the logs you also see in "System Logs", go to /var/log

cd /var/log
ls -la

# should show something like this:

[2.4.5-RELEASE][root@fwl01.lab.test]/var/log: ls -la
total 798
drwxr-xr-x   4 root  wheel      27 Jun  2 23:54 .
drwxr-xr-x  28 root  wheel      28 Jun  2 23:54 ..
-rw-r--r--   1 root  wheel   72179 Sep 23  2019 bsdinstall_log
-rw-------   1 root  wheel  511488 Jul  1 11:17 dhcpd.log
-rw-r--r--   1 root  wheel   12580 Jun 17 21:04 dmesg.boot
-rw-------   1 root  wheel  511488 Jul  1 11:19 filter.log
-rw-------   1 root  wheel  511488 Jun 17 21:06 gateways.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 ipsec.log
-rw-------   1 root  wheel  511488 Sep 23  2019 l2tps.log
-rw-r--r--   1 root  wheel       0 Sep 24  2019 lastlog
drwxr-xr-x   2 root  wheel       3 Sep 23  2019 nginx
-rw-------   1 root  wheel  511488 Jul  1 11:18 nginx.log
drwxr-xr-x   2 root  wheel       2 Sep 23  2019 ntp
-rw-------   1 root  wheel  511488 Jun 17 21:06 ntpd.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 openvpn.log
-rw-------   1 root  wheel  511488 Sep 23  2019 poes.log
-rw-------   1 root  wheel  511488 Sep 23  2019 portalauth.log
-rw-------   1 root  wheel  511488 Sep 23  2019 ppp.log
-rw-------   1 root  wheel  511488 Sep 23  2019 relayd.log
-rw-------   1 root  wheel  511488 Jul  1 11:17 resolver.log
-rw-------   1 root  wheel  511488 Jun 29 15:52 routing.log
-rw-------   1 root  wheel  511488 Jul  1 11:19 system.log
-rw-------   1 root  wheel   29744 Jun 17 21:05 userlog
-rw-r--r--   1 root  wheel    1182 Jul  1 11:19 utx.lastlogin
-rw-------   1 root  wheel    7155 Jul  1 11:19 utx.log
-rw-------   1 root  wheel  511488 Sep 23  2019 vpn.log
-rw-------   1 root  wheel  511488 Sep 23  2019 wireless.log

# you can then read a log with "clog" (tail -100 only shows the newest 100 lines)

[2.4.5-RELEASE][root@fwl01.office.nroute.de]/var/log: clog system.log | tail -100
...
Jul  1 11:15:06 fwl01 sshd[86395]: Received disconnect from 10.100.1.130 port 33390:11: disconnected by user
Jul  1 11:15:06 fwl01 sshd[86395]: Disconnected from user nbackup 10.100.1.130 port 33390
Jul  1 11:17:29 fwl01 sshd[18858]: Connection closed by 10.0.0.217 port 56214 [preauth]
Jul  1 11:19:03 fwl01 sshd[84209]: user root login class  [preauth]
...

Hope that helps in getting to know why it behaves so strange.

Gertjan

@JeGr said in First installation, but PC no longer connects:

you configured pfSense UI to port 1020 without redirection

Me slam head hard ..... I didn't even see that one.
Your brand of coffee is better as mine....

( I'm still somewhat presuming that @WhiteTiger-IT means http://192.168.1.1:1020 when he writes http://192.168.1.1 .... (== http://192.168.1.1:80)

@WhiteTiger-IT : Stop watching those 'bad' Youtube videos. Do what other (should) do : read the official manual - watch the official Netgate videos. Live will be so easy afterwards.

WhiteTiger-IT

Today I can't work on pfSense, I'm too late with other jobs.
I hope tomorrow.
Thus I answer only a few things.

Normally a firewall is always on, but this is in a test environment.
I thought about activating the power saving features because it should be used very little.
To avoid problems, I have not activated these functions since the last installation.

I have read all the pfSense documentation except the things that don't interest me right now.
On the other hand, I'm still stuck at the starting point.
I read other pages on the Internet, but they were related to rule management.
I haven't even opened the rules and interfaces menu yet.

The WAN is active with DHCP.
I honestly don't remember if from console a ping on 8.8.8.8 or google.com worked. I did many of those tests that I am confused by now.

Obviously there are no other firewalls, either upstream or downstream of pfSense.
The router is a Teltonika with a Vodafone SIM.
There are some ports (80, 443, 25, 53, 22) addressed on the pfSense WAN card, but have not yet been configured.
So I didn't ask myself the problem.

The last installation was in a totally clean environment.
No configuration of pfSense, Win 10 installed from the beginning, Ubuntu Live.
And yet even 192.168.1.1 was not accessible.

I'll reinstall everything tomorrow and if it doesn't work I'll change the PC.

For the moment, thank you for your support.

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

The last installation was in a totally clean environment.
No configuration of pfSense, Win 10 installed from the beginning, Ubuntu Live.
And yet even 192.168.1.1 was not accessible.
I'll reinstall everything tomorrow and if it doesn't work I'll change the PC.
For the moment, thank you for your support.

That's alright. We all miss having time we'd like to have to work on lab setups. Comes with the job so no worries :)

If you haven't even looked into the Firewalls/Rules section, then just keep in mind, that any interface other than LAN won't work out of the box with the default setup/rules generated. Only LAN will have that. Also if unsure, check after a fresh installation of pfSense and setting WAN to DHCP (and perhaps quick configuration of LAN), if you can ping/DNS/etc. from the firewall itself. Easily tested by e.g. installing the sudo packge. As that only requires one package from the update servers, it should go quick and painless. If that works, it's very much assured, that the firewall itself can access upstream/internet correctly. Then you can go on to testing the LAN side of things.

Regards,
Jens

WhiteTiger-IT

From console:

• Ping Google is OK
• pkg install sudo nano OK

From PC I'm able to surf Internet.

Everything is working fine. Hopefully everything stays that way!
It is true that I am installing the bare minimum.
Or that the green goblins are sleeping.
If tomorrow I still find everything stuck, I mean I will set the goblins' traps!

==== Update ====
Turned everything off and on again is still OK.
I'm thinking about the differences between this installation and those made so far.

On the console, in addition to the installation, I limited myself to assigning the interfaces.
Then I did it all via the browser.
1- enabling of the OPT1 interface and changed name in DMZ;
2- assignment of addresses;
3- activation of DHCP;
4- I have NOT activated any Power Saving function;
5- I also activated the temperature diagnostics here through the Intel core;
6- I haven't changed the port for the browser;
7- I have not disabled IPV6;
8- in addition activated the static lease and assigned my PC to the WOL.

Aside from the green goblins, if there is anything that bothered you, it is in these differences.
We will see what happens tomorrow morning

JeGr

@WhiteTiger-IT said in First installation, but PC no longer connects:

From PC I'm able to surf Internet.

Great so far :)

We will see what happens tomorrow morning

I'm excited to hear it. Hopefully the goblins still sleep (or even better are now extinct) ;)

WhiteTiger-IT

Everything is working well and frankly I do not understand what may have bothered it in recent days.
Perhaps the problem is just in power saving.
I can try enabling it again to see if it crashes all over again.
But then I have to be able to disable it from Console if I don't want to reinstall everything again.
For the moment I consider in any case the problem solved.
Thanks everyone for the support and help.

valentinius

everything worked well and then suddenly stopped working, I am puzzled over this question which is disturbing me more than anything else, i see that i not only me encountered such a challenge but i am unlike others not. I had to be able to disable it from Console too otherwise i would need to make reinstallation..