Adding RAID long after original install - custom install partition sizes or factory defaults

The Party of Hell No · Apr 5, 2025, 7:32 PM

@stephenw10 General setup has the two DNS servers use by Surfshark VPN (With the same Gateways as used below.)

The DNS Resolver - General Settings - Network Interfaces - all the LAN segments(3),, the OpenVPN Server, Wireguard Server and Localhost are being used by Resolver.

For the Outgoing Network Interfaces I am using ONE WireguardVPN Surfshark Gateway and an OpenVPN Surfshark Gateway with DNS Query Forwarding - Enable Forwarding Mode checked.

stephenw10 · Apr 5, 2025, 9:54 PM

Oh, then you can only get DNS at all if the VPN is connected. And that may not happen until the second boot after restoring a config since the first boot creates the interface.

So, yeah, check the VPN status.

The Party of Hell No · Apr 5, 2025, 10:53 PM

@stephenw10 To clarify... if I reboot a second time after loading the config file it should work? I have been booting into the raid setup for a while now and this has not happened.

Wondering if adding the WAN as an Outgoing Network Interfaces would bypass the VPN's if they are not connecting.?

Also wondering since I can ping outward to 1.1.1.1 and 9.9.9.9 from the console, does this mean my DHCP lease with my provider is good? Or is my WAN connected to my ISP's system? I have had difficulties in the past with having to reboot the modem with pfsense off and then turning on the router to connect.

stephenw10 · Apr 7, 2025, 7:10 PM

If you either added WAN as an outgoing interface or added some other server in general setup then it would work without the VPN.
You might be in the chicken-egg scenario if you have entered the VPN server by FQDN and it cannot be resolved until the VPN is connected!

Gertjan · Apr 7, 2025, 7:54 PM

@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:

why only mirroring with two drives, instead of my three would be best

ZFS is used because it's very resilient, way better as UFS for example.
Double them, like a RAID 1, and you're even better.
Of course, use RAID n where n > 2 would be better still.
Like nuking a ants nets with an "1 billion" F35 it would do the job.

Instead of opting for a N>2 situation, use the extra money for an UPS.
And be ware : writing BS to N drives will still get you ... BS. So, think about an automated config backup plan : use ACB and something local that you script yourself.

@The-Party-of-Hell-No said in Adding RAID long after original install - custom install partition sizes or factory defaults:

what might be the best sizes of partitions starting fresh

That's like asking : what your favorite color ?!
Tell is what are your needs, and we tel you what you need ^^

These are the days of gigabytes, so, something around 50 Mbytes or more will do just fine.
You want to install and use every disk space eating packages like, pfBlockerng, ntopng, etc ? Or just be able to forget to admin pfSense for several years, come back, and find is still up and running ? Then go big and Gig.
Don't forget : this is a router/firewall, not some server device.

The Party of Hell No · Apr 7, 2025, 7:10 PM

@stephenw10 My question about the lease, I answered myself by thinking and realizing that in the past when the lease was in question pfsense gave the WAN a generic 192..... IP.

I plan to do both: add the two IP's for my cable provider in the general settings and turn on the WAN in the outgoing interfaces in general setup of DNS Resolver.

I will try first with forwarding continuing to be checked and then uncheck if I do not make progress.

The Party of Hell No · Apr 7, 2025, 7:54 PM

@Gertjan Hey, thank you for your input! Very helpful to see others thinking and resolution to different scenarios.

Mostly, I decided I had to create a problem not needing fixing to expand my knowledge and skills. And practice for the inevitable day of catastrophe!

I really don't need to auto save config since once it works, I rarely alter things until updates. Usually a pre and post config save. Although sometimes I get lazy and then I might have to guess what got changed since the last config save. Thus the need for automated saves?

Well I have to disagree with you the 128GB disks I have came via Amazon for $23.00 apiece. A lot of SSD's for the price of a UPS I would think?

Since you have suggested this what would you suggest (As in make and model and maybe a link to buy or links in the pfsense support group about other's recommendations.) for a home user who wants to connect pfsense, a NAS, cable modem, and three switches via a UPS with three of those devices on switchable plugs (meaning I can reboot remotely by turning off - via pfsense accessed through either Wireguard or OpenVPN Road Warrior - and back on.)
Now I have investigated a series of UPS's and the resulting poor showing in user reviews makes me more warry (Fire, sparks flying, melting power cords, etc.) of just letting everything go down and reboot upon power returning - which has worked well in the past. pfsense is very resilient itself. In fact I am surprised at the difficulties I am having in loading my config into this new build and not just having it work!

Actually, yes I would like the ability to do just that, "install and use every disk space eating packages" if I so choose. I mean heck I have gobs of GB's and unused memory. Why would I not want to try and utilize it all? Of course I would, but as you clearly and wisely put it (Paraphrasing) Should you - probably not! Maybe that is not a wise goal. Agreed. I guess the question I should ask is does pfsense using ZFS expand into the "gobs of GB's" as I move forward adding and subtracting ... "every disk space eating packages?"

Again, I really do appreciate your input; even though I have ten to twelve years using pfsense I really do no almost nothing. There are always new things to learn and new perspectives to be had.

The Party of Hell No

@stephenw10 Hello. I am about to give up on the RAID configuration. I am at the point of wanting to ; rather than RAID, install pfsense+ on one drive and then pull in the config file to see if the problem is the config file or the RAID setup.

However when I went to reinstall using the loader I have downloaded from Netgate (02/22/25) it kicked me out and asked me to go purchase another pfsense+ license or install the Community Edition.

So is it possible to purchase another license? Is there a limit on number and times when it is not available? Do you think it worth doing just to diagnose whether it is the config or RAID?

Also on a similar subject. I have preserved my old setup of pfsense+ on a separate SSD and have been moving - as I try to get the RAID setup to work - back and forth from new RAID setup to old (one SSD) setup. I am thinking the notice: "check_upgrade: "Updating repositories metadata" returned error code 1 @ 2025-04-25 13:09:44." is because I have downloaded and tried to create a new setup with RAID with Netgate moving my "verification" to the new setup. How do I remedy this problem?

Really appreciate your time walking me through this, thank you!

stephenw10

Most likely the NDI changed somehow so it's no longer recognised as a registered device that's eligible for Plus. Did you add or remove a NIC from that system?

Send me the NDI shown by the installer in chat and I can check it.

The Party of Hell No

@stephenw10 Ohhhhh! I did remove one, but not one assigned. Is it possible an unused NIC being removed would cause this?

Is this the same problem with my non-Raid setup also?

Current NDI - as in non-RAID, single Hard drive: [NDI - removed]
I guess I can experiment and reinsert the NIC and try again.

Again, thank you for the information and time you are giving.