Thursday, April 1, 2021

Update from Console access

 I was reloading a Netgate SG-3100 and did an upgrade from the console.  Select 13 to do the update.


 0) Logout (SSH only)                  9) pfTop

 1) Assign Interfaces                 10) Filter Logs

 2) Set interface(s) IP address       11) Restart webConfigurator

 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools

 4) Reset to factory defaults         13) Update from console

 5) Reboot system                     14) Enable Secure Shell (sshd)

 6) Halt system                       15) Restore recent configuration

 7) Ping host                         16) Restart PHP-FPM

 8) Shell


Enter an option: 13


>>> Updating repositories metadata...

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: . done

Processing entries: . done

pfSense-core repository update completed. 8 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: .......... done

Processing entries: .......... done

pfSense repository update completed. 449 packages processed.

All repositories are up to date.

>>> Upgrading pfSense-upgrade... done.

>>> Setting vital flag on pfSense-upgrade... done.

>>> Updating repositories metadata...

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: . done

Processing entries: . done

pfSense-core repository update completed. 8 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: .......... done

Processing entries: .......... done

pfSense repository update completed. 449 packages processed.

All repositories are up to date.

Your packages are up to date


*** Welcome to Netgate pfSense Plus 21.02-RELEASE-p1 (arm) on pfSense ***

Wednesday, March 31, 2021

Reinstall SG-3100

 I had a Netgate 3100 go down after a storm recently and I had to do a reinstall of the software.  Below is the process I went through.

1.  Create USB install with pfSense-plus-SG-3100-recover-21.02-RELEASE-p1-armv7.img.gz image. I used etcher to create the USB stick.

2.  Insert USB and boot the 3100.

3.  Stop the boot to where you have the Marvell prompt.

4.  Type "run recovery". (You may have to type "usb reset" first if it does not recognize the USB drive).

5.  Walk through install.

6.  Reboot and take out USB.

Saturday, March 27, 2021

OpenVPN Site To Site

 pfSense has the ability to do site to site VPNs either with IPSec or OpenVPN. Both are capable of being very secure. But one of the things I like about the OpenVPN site to site is that you can configure a firewall to be a vpn server and the remote as a client.  This is especially good when the remote has dynamic address assigned to it. No messing with dynamic dns and you never need to know the remote power IP.  It's not that hard to setup and it's a good solution. There are many things that I do like about the pfSense box, and this is one of them. 

Thursday, February 25, 2021

Restoring To Factory Default

 Recently, I had some IPSec problems with the new version of code and I had to revert back to the 2.4.5 code to try to resolve the issue.  The thing I did was to do a "factory default" while I was on the new image.  In most vendors, when you do a factory default, it defaults to the image that came from the manufacturer at the time of shipping.  However, on the Netgate box, the image you factory default to is the image that you are currently running.  Just FYI.

Sunday, January 31, 2021

Route Reflection

 I had a call from a customer who needed to be able to get to an internal server by way of the external public IP address, from the INSIDE of the network.  This is not uncommon when you have an application on a cell phone that has not been setup with external DNS, but has instead a public IP put in.  This is not a problem for the PFSense firewall.  The option you need is called Route Reflection.

Go to System --> Advanced --> Firewall and NAT --> and under the Heading "Network Address Translation".  

Change the setting of "NAT Reflection mode for port forwards" to "Pure NAT".

Change the setting of "Enable NAT Reflection for 1:1 NAT" to a checked box.

Change the setting of "Enable automatic outbound NAT for Refletion" to a checked box.