MD5 not matching File



  • As the name says I AM A total noob. I have tried to search a solution and have not found one as yet so here is my problem.

    I am trying to create a bootable usb stick with Win32DiskImager and ended up with a blank usb most everytime. Tried different usb sticks and tried cleaning with Diskpart AND tried different formats Fat32 , NTFS.

    So, I go back to the beginning and check files md5 and cannot get anything to match. I have tried to match a zipped file, an unzipped file etc against the md5 and nothing.
    I even tried the CD version against IT'S MD5 and no match. I am using winMd5Sum as well as another menu contextual mD5 checker neither got a match.

    No doubt I am messing things up somewhere but darned if I know where to go from here.  I really wonder at the likelyhood of corrupt files from the main server as being my cause of failure to make a bootable USB but I think checking the MD5 as the logical 1st step. If they dont match then what ?


  • Banned

    @TIm:

    tried different formats Fat32 , NTFS.

    Eeeeeeeeeeeh???!!!  :o May I suggest re-reading the wiki docs couple more times?



  • Well I appreciate your response even if it feels a little like scolding for not doing my homework. I have actually read the wiki and even re-read it after your suggestion and am still at a loss as I feel like I have followed the directions correctly. Not to say I have not missed something, I'm sure I have and that is why I am asking for help. I assure you I have made many Google efforts  to try to resolve this to no avail. If you are seeing what I have overlooked please be specific so I am not further confused.
    I only refer to this forum after I feel like I have exhausted all my options and am at a loss as to how to continue.

    I have….

    1. DL the original file for i386 for mem card
    2. DL the MD5 hash for this exact file
    3. Opened WinMD5Sum and generated a hash for the Installer and compared to the HASH and got no match
    4. Tried all above for CD versions of the installer and no HASH match.

    5. Tried to write the memory stick version to 2 separate memory sticks with seeming success only to look at the contents of the memory stick in explorer and find it empty.
    6. Thinking perhaps I cannot see the contents of a bootable Memory stick I tried to boot to it without success.
    7. Used DiskPart to clean the memory stick each time.
    8. Tried to write the file in both Fat32 and NTFS.
    9. Sign up for this forum and plea for help........

    Thank you ....


  • Banned

    MD5 should fit to the .zip file you download. If not: download again. I recently had some problems with downloading. The dark side is aganinst us…

    If you have a .zip matching the MD5 / SHA unzip it and use win32diskimager (if you like Windows...)

    https://doc.pfsense.org/index.php/Writing_Disk_Images

    old file system on USB does not matter, the image of pfsense is burned down bit-by-bit, as an image of a CD/DVD ;-)

    Details here

    https://doc.pfsense.org/index.php/Install_pfSense_nanobsd_2.0_to_thumb_drive

    I havn't done the USB thing for some months, but worked nicely in the past.

    Start with verifying your download, otherwise the rest won't work.



  • Thank you for your reply I will continue DL'ing and Hash checking some more . I will let y'all know if it works.



  • Well now for 2 days I've been trying to DL i386 for memstick ,vga  and I either get the untrusted sites or  "unable to connect. "

    My main browser is Firefox and I tried IE and same responses.  My internet seems to be working fine for everything else.

    I was hoping to continue DL'ing files to try to eventually get a MD5 hash match.

    I only get a list of 6 mirrors. Options ?


  • LAYER 8 Netgate

    I just went to:

    Full install 2.2.4
    i386
    Memstick
    VGA
    and was given this as an option:

    http://files.atx.pfsense.org/mirror/downloads/pfSense-memstick-2.2.4-RELEASE-i386.img.gz

    Downloaded it then:

    $ openssl md5 pfSense-memstick-2.2.4-RELEASE-i386.img.gz
    MD5(pfSense-memstick-2.2.4-RELEASE-i386.img.gz)= f45cd3be36e5c44704352caa9172b723

    $ cat pfSense-memstick-2.2.4-RELEASE-i386.img.gz.md5
    MD5 (pfSense-memstick-2.2.4-RELEASE-i386.img.gz) = f45cd3be36e5c44704352caa9172b723

    $ openssl sha256 pfSense-memstick-2.2.4-RELEASE-i386.img.gz
    SHA256(pfSense-memstick-2.2.4-RELEASE-i386.img.gz)= e83ba04ee81d7b8652608b7874fee8e98c2a78369b995007c3e2639849d5e6dd

    $ cat pfSense-memstick-2.2.4-RELEASE-i386.img.gz.sha256
    SHA256 (pfSense-memstick-2.2.4-RELEASE-i386.img.gz) = e83ba04ee81d7b8652608b7874fee8e98c2a78369b995007c3e2639849d5e6dd

    Where are you downloading from?  Is there a proxy or something else mucking up your interwebs?


  • LAYER 8 Global Moderator

    This came up before with someone else saying the mirrors were all messed up.. All testing I did was fine then, you got something messing with your downloads.. You trying to use some sort of download accelerator?



  • I go here to DL the files

    https://pfsense.org/download/mirror.php?section=downloads

    Select 1386 memstick vga and get these mirrors

    Country Hosting by Location
    US ESF Austin, TX USA                                    …Untrusted
    NL Coltex Amsterdam, Netherlands            ...connection timed out
    IE Webcore Cloud Ireland                      ... unable to connect try again
    US BluegrassNet Louisville, KY USA                ... unable to connect try again
    US NYI New York City                                    ...Untrusted
    GB Peer Point Internet London, UK                ... unable to connect try again

    This is copy and paste of the message I get...

    This Connection is Untrusted

    You have asked Firefox to connect securely to files.nyi.pfsense.org, but we can't confirm that your connection is secure.

    Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
    What Should I Do?

    If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

    This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

    I am not using any kind of Downloader I am on Comcast currently using a sbg6580 and my main reason for going down this road is I cannot use the firewall and portforward through it.

    I tried the link you put in your response and got the "Untrusted ....get me outa here" message.

    To note I CAN get the MD5 download instantly no problem.



  • In addition I just downloaded Sandboxie and got a hash match so that all works at least for sandboxie.

    My thought is to try to DL from the untrusted site from within sandboxie to at least see if I can get a hash match file.



  • Silly me I went to Dl from the Untrusted site through Sandboxie and realized there is NO option to Continue to the site its not just a warning its a roadblock.

    This process is really killing my enthusiasm for the whole deal.


  • LAYER 8 Netgate

    I do not get https links on any of the mirrors. You have something like https everywhere forcing https when it shouldn't?

    I do agree it's bad form to have a site respond to https with a bad certificate, but it shouldn't stop you from downloading it.

    Copy the link for the mirror you want, paste it in the location bar, and remove the s from https.


  • Banned

    Haaaaaaaaaaaaahahahahaha. Please, uninstall your browser "improvements". There's been a thread about this not even a month ago.


  • LAYER 8 Global Moderator

    pretty sure even if you download via https still works..  But yeah with dok on this, those links are not https - so your running something that is switching it.

    I show for example those links as http://files.atx.pfsense.org/mirror/updates/pfSense-Full-Update-2.2.4-RELEASE-i386.tgz

    If you have tried to go there before with https then browser can remember that, etc.

    You should not be getting pointed to https in those links, they are all http.


  • Moderator


  • LAYER 8 Global Moderator

    So I just got this to happen with firefox 41, it likes to use https if you have on https for that site before.  So I was getting links to https even though they don't work because I had been playing around with https on the previous threads about this.

    i just cleared firefox cache, website prefs, etc.. And now it goes to http for all those mirrors like it suppose too.


  • Banned

    @BBcan177:

    https://www.reddit.com/r/PFSENSE/comments/3notso/pfsenseorg_seems_down_docs_forums_any_alternates/

    https://twitter.com/pfsense

    Hmmm, so all those 3 DNS servers are behind a single switch? Sounds like that needs some redesign.



  • Ok heres one for all you beautifully smart people I do not have "https everywhere"  as an addon in Firefox Chrome or IE.

    The only reference to it was in Eset NOD32 my AV but the selection was greyed out so I temp disabled Nod32 and still no DL

    Since its effecting all 3 browsers Im thinking it must be Windows or perhaps a Arris router setting that forces Https.  ???? If possible ???

    BUT I just tried DL from Firefox in NEW PRIVATE WINDOW  and VIOLA !!!!!!  It worked ! Hurray

    now to see if hashes match….......


  • Banned

    Aaah, the famous ESET MITM thing… @TIm:

    The only reference to it was in Eset NOD32

    https://forum.pfsense.org/index.php?topic=93188.0

    This "feature" is exactly as helpful in every AV out there.



  • OK I looked for an add-on for force HTTPS everywhere and found nothing.

    There is a setting in Eset Nod32 for HTTP scanning but that's all greyed out so I didnt try to mess with it.

    Disabled Nod32 and still didn't work.

    Firefox, Chrome and IE would not go HTTP alone.

    What finally did just work is 'New private window"

    SO I just DL the first file and here are the hashes

    pfSense-memstick-2.2.4-RELEASE-i386(1).img.gz              f45cd3be36e5c44704352caa9172b723

    MD5      12e914c5fe740ee55c8ebfa958fe16c2

    Back to the beginning…... no matching  hash


  • Banned

    Yeah, dude. Reinstall that superscrewed box. (And skip ESET.)



  • @doktornotor:

    Yeah, dude. Reinstall that superscrewed box. (And skip ESET.)

    I can actually appreciate difficult issues like this because they are learning opportunities. I thank all of you for taking the time to help me out BUT when you just basically say F'  it just reinstall

    I'd at least like an explanation as to why you think that would be the best course. To me that sounds like 1st level tech support.  Are there certain circumstances that can effect the hash process

    to cause mismatch ?


  • LAYER 8 Netgate

    Your internet is messing up your downloads.  Call your ISP.



  • I thank all of you for taking the time to help me out BUT when you just basically say F'  it just reinstall

    A lot of us maintain these firewalls in corporate settings, and you often don't have the luxury of drilling down to the _n_th level to find out the source of a problem.  Oftentimes it's pragmatism that drives everything, and Get 'Er Done is more important than Who? How? Why?


Log in to reply