On 1.2.x it's really hard to tie specific OpenVPN instances to their config. It's much easier on 2.0. I'm not sure I'll ever get it working 100% on 1.2.x, it may not be worth the extra effort.

Sounds like something may be a little off with the image you used. Unfortunately there have been some images that didn't behave quite as well as they should have due to various builder issues and the like, but overall it's been pretty reliable for me. I've got two ALIX boxes running nano in production with customers and they're working OK, but it's just simple NAT+IPsec+PPTP on them. Worked fine and passed my tests before they went out into the wild. I can understand being skittish about remote upgrades since nano is still being implemented, but it has worked for most people. Typically it doesn't leave a system unbootable, if the upgrade fails it shouldn't switch to the alternate slice, but depending on the date of your image it may not have all of the safety precautions.

thanks

Also, the automatically configured network cards are now defaulting to vr(4) cards, which are found in ALIX and some Soekris hardware. The default for embedded used to be sis(4) which are on the old WRAP boards. To use those now you will have to configure the interfaces via the serial console or inject a working config into the CF card after imaging and before booting.

IP… no host name... It has been a while, but from what i remember, the log was full with just the errors above. EDIT: Also...Connection has been stable since...

We were trying ipsec-tools 0.8 during that timeframe to fix a number of DPD issues with tunnels not re-negotiating. This proved to cause lot's of issues with parallel tunnels. So we backed out the change and went back to 0.7.2. We will be merging 0.7.3 soon which was just released. It has a few small fixes but unlikely to break things.

There was a error on the snapshot ports builder and included the wrong port in 1.2

If the RRD database for queues and actual queues on the system do not match the RRD file will be automatically removed and a new one with the extra data sources will be created.

:) thank all Saludos.

That was a cosmetic bug, the logic was messed up so it always logged that every time it ran through part of the code. I fixed it, so it only logs if there really is an error.

In the context that the current 1.2.3 code base is beta+, I always upgrade to a different CF and put the old one aside in case there are problems.  I agree that any upgrade that requires a screwdriver is not fun.  I figured out today that web-based upgrade works if you manually download the image and "upload" it to the router through the web interface.  Auto-update is still broken it would appear, but the manual workaround will allow me to retire my screwdriver.  ;D If you write a disk image to a slice and then fsck and/or label the slice (what the pfSense upgrade logic does), you could get a different checksum than that of your original image.  The logic in the upgrade has you booting off the slice that got the upgrade.  The fall back is to boot from the known good slice.  How much effort is made to determine the success of the alternate slice upgrade could perhaps be a matter of debate.  IMHO, stability of the recent builds has been quite good. With ALIX, there's just no substitute for a serial connection at boot time.

more specifically: https://rcs.pfsense.org/projects/pfsense/repos/mainline/logs/RELENG_1_2 not many changes, none of those are holding up release, just a couple FreeBSD issues we are trying to get resolved.

Scott was working on the build system for a while, everything is back to normal (aside from 8 builds, where patches are broken). @DeCex: ??? I happy to probl be the first to raise both my hands and ask how to upgrade from full image file to nanobsd versions?. Does this mean i haveto do a new installation again?, but from nanobsd builds or can i grab a file and flash my current box with? If you have a full install, stay with it. Nothing is changing with it. If you want to upgrade your old embedded, reflash with nanobsd.

@blewis: Just curious, why does each image need to be "generated" assuming rebuilding from the source.  Couldn't the images be "resized" with a script? It's not that simple. To see why, check out the tools source at rcs.pfsense.org.

I had an issue where the install would error out after so many bytes and found someone with instructions on formatting the cf card but stopping the format right after you start and closing out of the windows format window and then begin the nano installation and it then proceeds normally using physdiskwrite. Yes … I also use physdiskwrite - u space for more than 2 GB. However, after several HD formats are still the result bootstrap loader can not run normally. I install the os freebsd / tools / nanobsd, has been running well. But up to 05082009, when trying to image with pfsense nanobsd can not walk.

@loula: This is a package issue: http://forum.pfsense.org/index.php/topic,18269.0.html loula, Thanks for the info!

Thanks for those links as well cmb. They may be referenced elsewhere but I was not aware. Nice to be able to follow along.

It's probably a bug, I just added the code for traffic shaping queues recently, and I probably missed a check for that case. I'll try to have a look at it tomorrow.