Here you go. At 04:00 the PPPoE connection was terminated. After the reconnect the IPSEC tunnel does not come up again (for hours) without a reload as the remote peer IP address has changed. It does not seem to lookup the hostname again. Mar  7 03:20:37 fw racoon: INFO: initiate new phase 2 negotiation: X.X.219.99[500]<=>X.X.197.44[500] Mar  7 03:20:37 fw racoon: INFO: IPsec-SA expired: ESP/Tunnel X.X.197.44[500]->X.X0.219.99[500] spi=143188784(0x888e330) Mar  7 03:20:37 fw racoon: INFO: IPsec-SA established: ESP X.X.219.99[500]->X.X.197.44[500] spi=201427959(0xc018bf7) Mar  7 03:20:37 fw racoon: INFO: IPsec-SA established: ESP X.X.219.99[500]->X.X.197.44[500] spi=13656620(0xd0622c) Mar  7 04:00:13 fw racoon: INFO: caught signal 15 Mar  7 04:00:13 fw racoon: INFO: racoon process 30653 shutdown Mar  7 04:00:20 fw racoon: INFO: @(#)ipsec-tools 0.8.0.RC (http://ipsec-tools.sourceforge.net) Mar  7 04:00:20 fw racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/) Mar  7 04:00:20 fw racoon: INFO: Reading configuration from "/var/etc/racoon.conf" Mar  7 04:00:20 fw racoon: INFO: X.X.200.246[4500] used for NAT-T Mar  7 04:00:20 fw racoon: INFO: X.X.200.246[4500] used as isakmp port (fd=19) Mar  7 04:00:20 fw racoon: INFO: X.X.200.246[500] used for NAT-T Mar  7 04:00:20 fw racoon: INFO: X.X.200.246[500] used as isakmp port (fd=20) Mar  7 04:00:20 fw racoon: INFO: unsupported PF_KEY message REGISTER Mar  7 04:00:20 fw racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.254/32[0] 192.168.1.0/24[0] proto=any dir=out Mar  7 04:00:20 fw racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.1.254/32[0] proto=any dir=in Mar  7 04:00:20 fw racoon: ERROR: such policy already exists. anyway replace it: 192.168.1.0/24[0] 192.168.10.0/24[0] proto=any dir=out Mar  7 04:00:20 fw racoon: ERROR: such policy already exists. anyway replace it: 192.168.10.0/24[0] 192.168.1.0/24[0] proto=any dir=in Mar  7 04:00:29 fw racoon: INFO: IPsec-SA request for X.X.197.44 queued due to no phase1 found. Mar  7 04:00:29 fw racoon: INFO: initiate new phase 1 negotiation: X.X.200.246[500]<=>X.X.197.44[500] Mar  7 04:00:29 fw racoon: INFO: begin Aggressive mode. Mar  7 04:01:01 fw racoon: [X.X.197.44] ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP X.X.197.44[0]->X.X.200.246[0] Mar  7 04:01:01 fw racoon: INFO: delete phase 2 handler. Mar  7 04:01:19 fw racoon: ERROR: phase1 negotiation failed due to time up. 1f856cf72bf9c322:0000000000000000 Mar  7 04:04:55 fw racoon: INFO: IPsec-SA request for X.X.197.44 queued due to no phase1 found. Mar  7 04:04:55 fw racoon: INFO: initiate new phase 1 negotiation: X.X.200.246[500]<=>X.X.197.44[500] Mar  7 04:04:55 fw racoon: INFO: begin Aggressive mode. Mar  7 04:05:26 fw racoon: [X.X.197.44] ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP X.X.197.44[0]->X.X.200.246[0]

I do not think ftp works correctly with nat reflection. Please create a dns entry for your internal LAN to resolve to the internal ip.

Should be in now. I don't think it made the current snapshot run but try the next one after.

That's why there are several themes available for use. People with low resolution devices are generally happier with the "pfsense" theme. It gets switched automatically for people on Android/iPhone/iPad.

Sounds like your /var/ and/or /tmp/ slices are full.

I fixed the gateway issue after RC1 went out. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/e121bebdceb095d5b905dc184c1a189f054c3656 https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d7b4e38faa5fb6843d768bda76475e9db3f31f4e https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/566193a579a45683e9d82d8cba34db2a8d638784 Should be OK on new snapshots.

Logon to what? The firewall interface? No. User certificates should show up fine under both the user's entry and under System > Cert Manager on the Certificates tab.

and I also confirm that the issue is not present if the sticky sessions option is disabled !

@_igor_: That looks like an i386-file on an amd64-system or vice versa. You can rename or delete the file and see which package(s) offend to start. The problem is nothing starts anymore after that. I barely get into the shell and can do an slogin, if I have it enabled first. None of the menu options except to break to the shell work anymore, web configuration won't work anymore etc. So the system is pretty much unusable once that happens.

ping-pong  ;D

No one seem to be having solution to route SSDP broadcast to another subnet, huh? sigh .. then I'll just have to settle with bridging/filter the 2 interfaces for the time being …

I have solved the problem with these steps: Run pfSense 2.0 RC1 without install it but in Live mode from usb cd restore config xml from the webgui but when the webgui ask for interfaces remapping don't press apply (this avoid the reboot) just press SAVE button in the bottom of interfaces now the backupped config is loaded without reboot from the firewall console (with a monitor attached on the firewall box) type 99 for install using the loaded config file These steps worked for me and all is working, the old config and the boot after reboot. Im sure that this RC1 have some bug when normal load config file from webgui. Its something related with the bootloader. I hope some pfsense programmer will take a look for fix this problems because atm for example i can't UPDATE via webgui or the boot fuck up. Regards

You can assign IP by Mac address and in DHCP server only allow available range for 1 IP address and block this IP on firewall rule. That the way I use to manage IP by Mac address.

Thank you for the info. I'll report back as soon as I have it updated. Recently, some bugs are fixed but more bugs are introduced so it is hard to decide when to update.

coldfusion, this has worked perfectly, thanks. hopefully the devs will work on a fix for this.

Hello, The log i attached is directly after startup.  I cleaned the log before i rebooted so no events have been missed as far as i can tell. Very strange.

Just install the Avahi package. That lets you route Apple Bonjour through different subnets…