Menu

Posts Tagged ‘pfSense’

remote logging with rsyslogd

April 7, 2016 |  by  |  Computer Stuff, Doku  |  No Comments
  • http://www.rsyslog.com/doc/rsconf1_allowedsender.html
  • http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
  • https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
  • https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/

pfSense: Install pfSense on PC Engines APU.1C4

July 20, 2014 |  by  |  Computer Stuff, Doku  |  No Comments

This information is outdated. I have done a fresh install on a new device with 2.2.3 and now you have to use the installer. Boot from a USB-stick, press “I” during bootup to invoke the installer and just walk through the installation process.

How to fail and recover:

I have had some troubles to install pfSense on the new PC Engines APU.1C4. I have tried to dd the image directly to the mSATA-disk and somehow managed to wreck the BSD-disklabel by doing this.

The pfSense installer was then throwing messages like the following, stopped and threw me back to a shell.

I’ve been able to fix that by low level formatting the mSATA disk with the HDD LLF Low Level Formatting Tool (needs Windows) which I have found here. It did not help to just delete the partitions with gparted or fdisk or to partition and format the mSATA-disk with Windows.

How to do it right:

Prerequisites:

  • USB-Stick
  • USB to serial converter
  • Null Modem Cable
  • mSATA Disk plugged into the mSATA-port of the PC Engines APU.1C4-board
  • pfSense-memstick-serial-2.1.4-RELEASE-amd64.img

Installation:

First you have to unpack the image-file.

Then dd the image to the USB-stick

Plug the USB-stick into one of the USB-ports of the APU.1C4 and connect the null modem cable to the RS232-port. Then connect to the serial console with 115200 baud.

You will see the BIOS of the APU and at some point it will ask you to hit F12 to select a boot-device. Hit F12 in the appropriate moment and choose your USB-stick as boot-media.

Disconnect from the serial console and reconnect with 9600 baud because pfSense will use 9600 baud instead of 115200 baud.

Do not interrupt the boot-process, wait until pfSense has started up, do not invoke the installer during boot up.

After pfSense has booted invoke the installer and go with the quick install option. This will give you the opportunity to choose between serial- and VGA-console (you have to choose serial here of course). If you choose the advanced install routine you will not get the chance to choose serial-console – so don’t do it.

pfSense: “Unable to check for updates”

May 6, 2014 |  by  |  Computer Stuff, Doku  |  3 Comments

What to do if pfSense says that it is unable to check for updates.

The situation was:

  • pfSense was throwing the error message “Unable to check for updates” at the dashboard and at the “Auto Update”-tab.
  • traffic to and from the internet was passing through my pfSense-box
  • DNS-resolution was working for hosts at the LAN-interface

pfSense - Updater SettingsThe first thing which wasn’t correctly configured was the “Updater Settings” under “firmware” – “Updater Settings”-tab. I needed to select the “Firmware Branch” with the drop-down labeled “Default Auto Update URLs”. In my case it’s “pfSense amd64 stable updates (current architecture)” which automatically populates the “Base URL” in the “Firmware Auto Update URL”-section and also ticks “Use an unofficial server for firmware upgrades” (btw. why unofficial?).

After that, the situation was the same as above, only that I now had the Base URL “http://updates.pfsense.org/_updaters/amd64” in the Update URL text box. In the pfSense-diagnostics my pfSense-box was able to ping and traceroute “updates.pfsense.org”. I’ve been able to resolve and browse that URL from a PC behind the LAN-interface but pfSense was still complaining that it is “Unable to check for updates” at the dashboard and at the “Auto Update”-tab.

pfSense WAN-interface settingsThen I have corrected another issue at the WAN-interface configuration. Since my pfSense-box is sitting between a FritzBox and my local networks, I have unticked “Block private networks” since my gateway is in a private IP-address-range (10.0.0.X/24). I still wonder why my setup was working initially because as I understand this option, it should have blocked traffic from all private IP-ranges. I also have unticked “Block bogon networks” because (in my case) the source will allways be my FritzBox in 10.0.0.X/24.

pfSense DNS-Forwarder settingsThe root of the problem was hiding in the settings for the DNS-forwarder under “Services” – “DNS-Forwarder”. Since the option “Strict Interface Binding” was selected, I had to select “localhost” under “Interfaces” for that my pfSense-box was able to resolve “updates.pfsense.org”. After that change everything was working fine and I’ve been able to run the “Auto Updater” successfully.