You can get in line and join the club over there:

http://forum.pfsense.org/index.php/topic,59996.0.html

@jimp:

I tracked down the cause of this. The next new snapshot will work again.

Great thanks, all seems to be working as it should with the 19th june snapshot.

I have seen some weird things to like when making a VLAN and assigning that VLAN to an interface you have to look at the assignments carefully. Pfsense will sometimes rearrange your previously last VLAN and assign it to a different interface. I always double check before clicking apply now. This just happened to me yesterday and I'm running 2.1RC0 i368 built on Thu May 23 19:52:31 EDT 2013. I hope this makes sense, let me give an example:

I have a parent interface of lets say em0 and on em0 I will make the following VLANs:

10 - core
20 - admin
30 - research

Now if I make another VLAN 40 and want to assign that to em0 I click the (+) symbol to make the assignment but the Pfsense will move VLAN 30 to a different interface or VLAN. So I always double check before I click apply to make sure things haven't changed.

This might be what is happening to you which could explain why Pfsense is reporting the IP range conflict. I think this problem is repeatable.

Hope this helps.

http://forum.pfsense.org/index.php/topic,51396.0.html

Seems that the error mentioned in this post:

http://forum.pfsense.org/index.php/topic,63580.0.html

caused the NAT failure as a side effect. I disabled the floating rule mentioned in the other post and NAT worked again.

Yes that was probably from a failed filter reload on the slave. Once the fix is on both units they should be OK.

Go back to bed and get up on the other side. ;)

Saw the fix.  Will test it later.  Fully expect that it will correct the issue.

It requires a manual reboot after such a switch because the binaries are 64-bit after the update, so the reboot can't fully complete since it can't run 64-bit binaries on a 32-bit OS.

If the CPU and such support 64-bit then it will come up after the manual reboot, though you'd need to reset the RRD data.

THX

The figures are correct - the pfSense LAN interface is sending 2.22 Mbps out. The first host in the table is receiving 2.13 Mbps in (to it). The graph is from the  point of view of the pfSense interface being graphed. The table is from the point of view of each client system.

I just upgraded one system (non HA) without removing the packages and it came up just fine and reinstalled the packages.  I did see some errors in the logs related to snort and pbi but right after that it mentioned uninstalling and then re-installing snort and it came up just fine on it's own just like a good little firewall.

Seems to have worked perfectly.  I am doing the same thing on a cluster now locally.  Upgrading the secondary first and will test for awhile on the secondary before going back to the primary.

Jun 17 17:07:59 check_reload_status: Starting packages Jun 17 17:08:04 php: : Restarting/Starting all packages. Jun 17 17:08:12 php: : rc.newwanip: Informational is starting ovpns1. Jun 17 17:08:12 php: : rc.newwanip: on (IP address: 192.168.x.1) (interface: ) (real interface: ovpns1). Jun 17 17:08:12 check_reload_status: Reloading filter Jun 17 17:08:13 php: : pfSense package system has detected an ip change -> 192.168.x.1 ... Restarting packages. Jun 17 17:08:13 check_reload_status: Starting packages Jun 17 17:08:16 php: : Restarting/Starting all packages. Jun 17 17:08:18 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:18 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:18 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:18 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:18 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:20 php: : Could not find the libsf_ftptelnet_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_smtp_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:20 php: : Could not find the libsf_pop_preproc file. Snort might error out! Jun 17 17:08:21 php: : Could not find the libsf_imap_preproc file. Snort might error out! Jun 17 17:08:21 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:29 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:29 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:29 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:29 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:29 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:31 php: : Restarting/Starting all packages. Jun 17 17:08:31 php: : Could not find the libsf_ftptelnet_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_smtp_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_pop_preproc file. Snort might error out! Jun 17 17:08:31 php: : Could not find the libsf_imap_preproc file. Snort might error out! Jun 17 17:08:31 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:32 check_reload_status: Syncing firewall Jun 17 17:08:35 php: : PBI dir for zip-3.0-i386 was not found - cannot cleanup PBI files Jun 17 17:08:35 php: : PBI dir for p7zip-9.20.1-i386 was not found - cannot cleanup PBI files Jun 17 17:08:41 SnortStartup[52268]: Snort START for Lan(22290_rl1)... Jun 17 17:08:41 php: : Beginning package installation for OpenVPN Client Export Utility . Jun 17 17:08:41 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:41 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:41 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:41 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:41 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:42 check_reload_status: Syncing firewall Jun 17 17:08:43 php: : Could not find the libsf_ftptelnet_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_smtp_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_ssl_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_sip_preproc file. Snort might error out! Jun 17 17:08:43 snort[52668]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules": No such file or directory. Jun 17 17:08:43 php: : Could not find the libsf_dce2_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_dns_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_pop_preproc file. Snort might error out! Jun 17 17:08:43 php: : Could not find the libsf_imap_preproc file. Snort might error out! Jun 17 17:08:43 php: : [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them Jun 17 17:08:45 SnortStartup[76208]: Snort START for Lan(22290_rl1)... Jun 17 17:08:46 SnortStartup[85053]: Snort START for Wan(7417_rl0)... Jun 17 17:08:47 snort[96411]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules": No such file or directory. Jun 17 17:08:47 snort[82686]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules": No such file or directory. Jun 17 17:08:49 SnortStartup[10729]: Snort START for Wan(7417_rl0)... Jun 17 17:08:49 snort[11057]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules": No such file or directory. Jun 17 17:08:55 SnortStartup[36283]: Snort START for Lan(22290_rl1)... Jun 17 17:08:55 snort[36584]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_22290_rl1//usr/pbi/snort-i386/etc/snort/snort_22290_rl1/rules/snort.rules": No such file or directory. Jun 17 17:08:58 SnortStartup[43686]: Snort START for Wan(7417_rl0)... Jun 17 17:08:58 check_reload_status: Syncing firewall Jun 17 17:09:02 snort[45025]: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules(0) Unable to open rules file "/usr/pbi/snort-i386/etc/snort/snort_7417_rl0//usr/pbi/snort-i386/etc/snort/snort_7417_rl0/rules/snort.rules": No such file or directory. Jun 17 17:09:36 php: : PBI dir for snort-2.9.4.1-i386 was not found - cannot cleanup PBI files Jun 17 17:09:37 check_reload_status: Syncing firewall Jun 17 17:09:38 php: : [Snort] Snort package uninstall in progress... Jun 17 17:09:46 php: : [Snort] Package deletion requested... removing all files... Jun 17 17:09:48 check_reload_status: Syncing firewall Jun 17 17:09:49 php: : Beginning package installation for snort . Jun 17 17:10:25 php: /index.php: Successful login for user 'admin' from: 192.168.y.3 Jun 17 17:10:25 php: /index.php: Successful login for user 'admin' from: 192.168.y.3 Jun 17 17:10:42 php: : [Snort] Saved settings detected... rebuilding installation with saved settings... Jun 17 17:10:42 php: : [Snort] Downloading and updating configured rule types... Jun 17 17:10:44 php: : [Snort] There is a new set of Snort VRT rules posted. Downloading... Jun 17 17:11:08 php: /index.php: Successful login for user 'admin' from: 97.z.z.z Jun 17 17:11:08 php: /index.php: Successful login for user 'admin' from: 97.z.z.z Jun 17 17:12:03 php: : [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading... Jun 17 17:12:04 php: : [Snort] Snort GPLv2 Community Rules file update downloaded successfully Jun 17 17:12:05 php: : [Snort] There is a new set of EmergingThreats rules posted. Downloading... Jun 17 17:12:06 php: : [Snort] EmergingThreats rules file update downloaded successfully Jun 17 17:12:29 php: : [Snort] The Rules update has finished. Jun 17 17:12:29 php: : [Snort] Updating rules configuration for: LAN ... Jun 17 17:13:00 php: : [Snort] Enabling any flowbit-required rules for: LAN... Jun 17 17:13:03 php: : [Snort] Building new sig-msg.map file for LAN... Jun 17 17:13:11 php: : [Snort] Updating rules configuration for: WAN ... Jun 17 17:13:11 php: : [Snort] Warning - no text rules selected for: WAN ... Jun 17 17:13:11 php: : [Snort] Building new sig-msg.map file for WAN... Jun 17 17:13:11 php: : [Snort] Finished rebuilding installation from saved settings... Jun 17 17:13:11 php: : [Snort] Package post-installation tasks completed... Jun 17 17:13:13 check_reload_status: Syncing firewall Jun 17 17:13:14 syslogd: exiting on signal 15 Jun 17 17:13:15 syslogd: kernel boot file is /boot/kernel/kernel Jun 17 17:13:16 php: : Restarting/Starting all packages. Jun 17 17:13:28 SnortStartup[90969]: Snort START for Lan(22290_rl1)... Jun 17 17:13:29 login: login on ttyv1 as root Jun 17 17:13:29 sshlockout[95402]: sshlockout/webConfigurator v3.0 starting up Jun 17 17:13:29 login: login on ttyv0 as root Jun 17 17:16:51 kernel: rl1: promiscuous mode enabled Jun 17 17:16:54 SnortStartup[40873]: Snort START for Wan(7417_rl0)...

It could be done, yes, but the code did not already exist as it did for the other items.

Looks like somehow the files got messed up on that disk. I'd be extremely suspicious of your CF failing.

That's still a memstick, you'd need NanoBSD to do that.

Normally you should provide the log of what is going wrong.

From ipsec side of things this does not matter at all.
As soon in pfSense you define the natting the other side will not see the private ips at all.

So it does not matter how you express policies of NAT here since the other side will not look ever at that.
Its just some parameters do not match there and that is what the log will express hence the need for it.

Warning - The following rrdtool commands will reset the gateway quality RRD and all existing data will be lost.

Apinger sets the gateway quality RRD's like this.  Which is not consistent with the other pfSense RRD's.

rrdtool create /var/db/rrd/WAN_DHCP-quality.rrd \ DS:loss:GAUGE:600:0:100 \ DS:delay:GAUGE:600:0:100000 \ RRA:AVERAGE:0.5:1:600 \ RRA:AVERAGE:0.5:6:700 \ RRA:AVERAGE:0.5:24:775 \ RRA:AVERAGE:0.5:288:796 \

To make the gateway quality RRD's consistent with the other pfSense RRD's, you might try this:

rrdtool create /var/db/rrd/WAN_DHCP-quality.rrd \ --step 60 \ DS:loss:GAUGE:120:0:100 \ DS:delay:GAUGE:120:0:100000 \ RRA:AVERAGE:0.5:1:1000 \ RRA:AVERAGE:0.5:5:1000 \ RRA:AVERAGE:0.5:60:1000 \ RRA:AVERAGE:0.5:720:3000 \

Replace "WAN_DHCP" with the target gateway's name.

Great.  I will make this change tomorrow and see where it leaves me and also see if I can get some additional info from my ISP, Verizon FIOS.

Thank you.