Adding RAID long after original install - custom install partition sizes or factory defaults
-
Well IMO the odds of two SSDs failing at the same time are far lower than some other hardware component failing taking out the firewall. But, sure, the odds of 3 SSDs failing are even lower.
-
@stephenw10 Well you are a disrupter (Which is good... in this case.) I could move the 2 110 GB SSDs from my NAS into the pfsense box and move the larger SSDs which I purchased into the NAs making a more efficient use of the GBs.
-
@stephenw10 Hello, I need help. I went through the install process rebooted - missed inserting the USB with my old config.xml. Inserted the USB and rebooted from console and It appeared to not like my config.xml file - the bootup got stuck - something about "bad." I hit enter it defaulted back to the new fresh config.
Are there parts of my config file which are "bad" in terms of going from a single drive to RAID? -
@The-Party-of-Hell-No
Here is the complaint at bootup, and Line 135 it points to.
The two jpegs are following, did not like pulling off my phone
-
-
Nope the config doesn't reference the boot disk(s) or install type. It shouldn't care.
You can try booting with a default config then restoring the config in the gui. That might give you more useful errors.
The error it's showing there is actually secondary. It's trying to open the file to queue a notice about the bad config and failing during boot. But that's not actually related to the import error.
-
@stephenw10 So, I followed your directions and it appeared to work... as in all the interfaces, interface ip's were correctly displayed at the console.
However I could not get to the GUI from any browser on any of the LAN segments through LAN cables.
I am guessing the DNS resolver was not able to resolve.
My plan is to take down the Gateway Groups, turn off WireGuardVPN and OpenVPN Gateways and Interfaces and revert to the WAN as the default Gateway and Default DNS servers not the Surfshark forwarded DNS servers. Save this config. Boot into the new RAID version of pfsense, reset to factory defaults, get back into the the GUI - since I have done that previously and see if this will allow me to get to the GUI after uploading this new config file. Then rebuild what I turned off.
Is this a plan or folly? Do you have a different recommendation before proceeding?A related question... when I do a factory reset do I loose the RAID setup? The reason I ask is when I did the factory reset the first time to clear out my config and connected to the GUI I noticed only one disk listed under S.M.A.R.T status.
-
@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:
when I do a factory reset do I loose the RAID setup?
Nope. The config is defaulted but that's unrelated to the filesystem.
@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:
I am guessing the DNS resolver was not able to resolve.
Were you trying to access it by FQDN? Did you try connecting by IP directly?
I would expect it to respond if the config imported cleanly. I can only imagine the interface order was not what you expected.
-
@stephenw10 I tried using the IP of the firewall and the interface order appeared correct at the console. However, I can compare the two by booting into the RAID configured pfsense and confirm the match.,
-
I would also try pinging out from the console to be sure the firewall itself has connectivity.
-
@stephenw10 The interface order was a match for the working config, the assigned IP's matched also.
When I pinged to the outside from the console names did not work (Google, Yahoo) but IP's did - 1.1.1.1 and 9.9.9.9 returned packets.
Internally I can ping all wired desktops from the console - through switches
Cannot ping wireless access points - which are wired through the switches
I can ping from desktop to desktop - through switches
Cannot ping the firewall from any wired desktop
I can connect wireguard from external source but no data transfer
OpenVPN - Road Warrior will not connect - TLS negotiation failure to occcur within 60 seconds. -
How do you have DNS configured. Is it setup to use Unbound locally only? If so in Unbound running?
-
@stephenw10 General setup has the two DNS servers use by Surfshark VPN (With the same Gateways as used below.)
The DNS Resolver - General Settings - Network Interfaces - all the LAN segments(3),, the OpenVPN Server, Wireguard Server and Localhost are being used by Resolver.
For the Outgoing Network Interfaces I am using ONE WireguardVPN Surfshark Gateway and an OpenVPN Surfshark Gateway with DNS Query Forwarding - Enable Forwarding Mode checked.
-
Oh, then you can only get DNS at all if the VPN is connected. And that may not happen until the second boot after restoring a config since the first boot creates the interface.
So, yeah, check the VPN status.
-
@stephenw10 To clarify... if I reboot a second time after loading the config file it should work? I have been booting into the raid setup for a while now and this has not happened.
Wondering if adding the WAN as an Outgoing Network Interfaces would bypass the VPN's if they are not connecting.?
Also wondering since I can ping outward to 1.1.1.1 and 9.9.9.9 from the console, does this mean my DHCP lease with my provider is good? Or is my WAN connected to my ISP's system? I have had difficulties in the past with having to reboot the modem with pfsense off and then turning on the router to connect.
-
If you either added WAN as an outgoing interface or added some other server in general setup then it would work without the VPN.
You might be in the chicken-egg scenario if you have entered the VPN server by FQDN and it cannot be resolved until the VPN is connected! -
@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:
why only mirroring with two drives, instead of my three would be best
ZFS is used because it's very resilient, way better as UFS for example.
Double them, like a RAID 1, and you're even better.
Of course, use RAID n where n > 2 would be better still.
Like nuking a ants nets with an "1 billion" F35 it would do the job.Instead of opting for a N>2 situation, use the extra money for an UPS.
And be ware : writing BS to N drives will still get you ... BS. So, think about an automated config backup plan : use ACB and something local that you script yourself.@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:
what might be the best sizes of partitions starting fresh
That's like asking : what your favorite color ?!
Tell is what are your needs, and we tel you what you need ^^These are the days of gigabytes, so, something around 50 Mbytes or more will do just fine.
You want to install and use every disk space eating packages like, pfBlockerng, ntopng, etc ? Or just be able to forget to admin pfSense for several years, come back, and find is still up and running ? Then go big and Gig.
Don't forget : this is a router/firewall, not some server device. -
@stephenw10 My question about the lease, I answered myself by thinking and realizing that in the past when the lease was in question pfsense gave the WAN a generic 192..... IP.
I plan to do both: add the two IP's for my cable provider in the general settings and turn on the WAN in the outgoing interfaces in general setup of DNS Resolver.
I will try first with forwarding continuing to be checked and then uncheck if I do not make progress.
-
@Gertjan Hey, thank you for your input! Very helpful to see others thinking and resolution to different scenarios.
Mostly, I decided I had to create a problem not needing fixing to expand my knowledge and skills. And practice for the inevitable day of catastrophe!
I really don't need to auto save config since once it works, I rarely alter things until updates. Usually a pre and post config save. Although sometimes I get lazy and then I might have to guess what got changed since the last config save. Thus the need for automated saves?
Well I have to disagree with you the 128GB disks I have came via Amazon for $23.00 apiece. A lot of SSD's for the price of a UPS I would think?
Since you have suggested this what would you suggest (As in make and model and maybe a link to buy or links in the pfsense support group about other's recommendations.) for a home user who wants to connect pfsense, a NAS, cable modem, and three switches via a UPS with three of those devices on switchable plugs (meaning I can reboot remotely by turning off - via pfsense accessed through either Wireguard or OpenVPN Road Warrior - and back on.)
Now I have investigated a series of UPS's and the resulting poor showing in user reviews makes me more warry (Fire, sparks flying, melting power cords, etc.) of just letting everything go down and reboot upon power returning - which has worked well in the past. pfsense is very resilient itself. In fact I am surprised at the difficulties I am having in loading my config into this new build and not just having it work!Actually, yes I would like the ability to do just that, "install and use every disk space eating packages" if I so choose. I mean heck I have gobs of GB's and unused memory. Why would I not want to try and utilize it all? Of course I would, but as you clearly and wisely put it (Paraphrasing) Should you - probably not! Maybe that is not a wise goal. Agreed. I guess the question I should ask is does pfsense using ZFS expand into the "gobs of GB's" as I move forward adding and subtracting ... "every disk space eating packages?"
Again, I really do appreciate your input; even though I have ten to twelve years using pfsense I really do no almost nothing. There are always new things to learn and new perspectives to be had.
