Thursday, April 22, 2021

Do I have to reinstall packages after a restore on PFSense?

Short answer: Yes

I did a restore of a config after reloading the pfsense software, and did a test of installing the packages before I did a restore of the configuration. When I did the restore of the config, I did have to go reinstall the packages again.  

Wednesday, April 21, 2021

Site To Site IPSec issue with 21.X release of PFSense

I ran into this issue a few months back where I upgraded the Netgate SG-5100 from 2.4.5 to 21.01.  That night I noticed that I had issues with my IPSec site to site VPNs.  I also have several OpenVPN site to site VPNs, but they were unaffected.

Last night, I ran into the same issue when upgrading from 2.4.5 to 21.02-2.  Same customer.  When I did this upgrade (to fix another problem), this IPSec issue came back again.  In doing some research, I found this link in the Netgate forum: https://redmine.pfsense.org/issues/11524 

After reading through this, I verified my settings.  Sure enough, I was using SHA256 as my hash for my VPN settings.  I made the following changes:

1.  Changed from SHA256 to SHA512 (from what I read, use anything but SHA256 or SHA1)

2.  Disabled AES-NI by going to System --> Advanced --> Miscellaneous --> Cryptographic Hardware, and changing that setting from "AES-NI and BSD crypto device" to "Intel QuickAssist (QAT)".

 

Thursday, April 1, 2021

Update from Console access

 I was reloading a Netgate SG-3100 and did an upgrade from the console.  Select 13 to do the update.


 0) Logout (SSH only)                  9) pfTop

 1) Assign Interfaces                 10) Filter Logs

 2) Set interface(s) IP address       11) Restart webConfigurator

 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools

 4) Reset to factory defaults         13) Update from console

 5) Reboot system                     14) Enable Secure Shell (sshd)

 6) Halt system                       15) Restore recent configuration

 7) Ping host                         16) Restart PHP-FPM

 8) Shell


Enter an option: 13


>>> Updating repositories metadata...

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: . done

Processing entries: . done

pfSense-core repository update completed. 8 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: .......... done

Processing entries: .......... done

pfSense repository update completed. 449 packages processed.

All repositories are up to date.

>>> Upgrading pfSense-upgrade... done.

>>> Setting vital flag on pfSense-upgrade... done.

>>> Updating repositories metadata...

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: . done

Processing entries: . done

pfSense-core repository update completed. 8 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.txz: .......... done

Processing entries: .......... done

pfSense repository update completed. 449 packages processed.

All repositories are up to date.

Your packages are up to date


*** Welcome to Netgate pfSense Plus 21.02-RELEASE-p1 (arm) on pfSense ***