Pfsense needs very long for booting
-
I tried it and it is like you said.
If i put 8.8.8.8 to dns it boots very fast. But i didn't really like external dns servers and i never did this befor.Is it possible to activate routing functions first and than enable ipsec?
-
I'm not sure how that process unfolds these days under the hood. I had thought it did just that, or used to, but there may be some other factor I'm not aware of.
Do you use hostnames in aliases? I thought that was supposed to load empty tables up in that case and populate them once DNS resolved (I may be misremembering the details of that though), but it may be holding up on that as well. Anywhere that uses hostnames in place of IPs in the config will require working DNS at some point.
-
I don't use hostname with aliases yet.
Perhaps you can reduce the dns timeout on boot time.
After booting you flush the dns cache and reload the rules. -
That's just a kludge to hide the real issue. The firewall needs real working DNS to function properly when given hostnames to deal with, there is no way around that.
-
It's not useable to wait 15 minutes for booting.
And it's not good to trust external dns servers.Perhaps it's possible to define some pre boot rules to allow dns requests from lan to wan.
-
It's not useable to wait 15 minutes for booting.
And it's not good to trust external dns servers.Just to put my $.02 here - you always have to trust external DNS servers if you want name resolution to work on the Internet at all.ย ;)ย Even if you have a local name server with your local domains in it, it queries the millions of other ones on the net all the time, recursively, when you look up a domain name that does not exist (or is not cached) in your local name server.
-
It's right.
But I only have to trust the chain from root servers to dest server and not a single one from google, t-systems, โฆ
It's time for secdns, but this doesn't mean they cann't block some requests. And you will know with secdns if they block. -
Ermal just committed a change to do a filter reload before it gets to the vpn setup. Try a snapshot dated after this post and it should be included.
-
Sorry.
Just tried it. No speed up. 14 min for booting.2.0-BETA4 (i386) built on Thu Dec 9 13:24:37 EST 2010
-
What is displayed in the boot log when it pauses for that long? Or does it stick in any one place?