Patch for this issue for pfSense v2.0.3 is now attached herein, being back ported from the 2.1 branch.

Upload the patch

/etc/rc.conf_mount_rw patch -p1 < pfsense203_disable_update_check.patch /etc/rc.conf_mount_ro

pfsense203_disable_update_check_patch.txt

@cmb:

That IP has to exist either in the config (grep x.x.x.x /cf/conf/config.xml) or ifconfig output.

I found it only in the grep x.x.x.x /cf/conf/config.xml

Edit:

my pptp server gateway add the same gateway as my interface.
After i changed it no more problems.

I just loaded up the Thu Jun 13 16:43:07 EDT 2013 snapshot, and the problem is gone. I think there must have been a glitch with the snapshot I tried last time, all is fine with this new one.

Have done this one several times with no problem.

2.1-RC0  (i386)
built on Sat Jun 8 06:42:11 EDT 2013

(USB memstick image installed to USB Flash drive)

Ok, so after some further testing, this issue repeats itself on my windows 8 desktop.

Windows XP, Windows server 2012, OpenSuse and my VOIP phone get an address properly.
My pc however still gets 0.0.0.0 as a gateway address, and is unable to ping anything outside the lan.

Im guessing this must be an issue with my desktop, which is windows 8 pro x64, and has virtualbox installed.

I am just installing a vm with windows 8 to see if it is repeatable there.

Glad to report however that dhcp does appear to be working properly on everything other than my desktop! :)

Well this issue has magically fixed itself, no idea why :S

Issue resolved. for 1 &2. Thanks for the help, you pointed me in the right direction there.

@Rhongomiant:

Well the first question is will the gif tunnel close of fw1 and initiate on fw2 when there is a failover from fw1 to fw2. When I actually have the abaily to get my ISP running on both firewalls I will test this. If only ISPs would start offering IPv6!

There is no open or close with GIF tunnel, they just pass packets with the proper encapsulation, there isn't any tunnel setup as with a VPN.

In theory, the traffic would only go to/from the master, but that also assumes the slave itself wouldn't send any IPv6 traffic uninitiated. It may "just work", but I'm not aware of anyone who has tried it yet.

@Rhongomiant:

Often when there are two firewall, each is connected to a different switch. Are you telling me that if the switch connected to fw1 looses it's uplink, but the switch connected to fw2 is fine, there will be no failover? Then again I can't think of a situation where that would happen with out the firewalls being able to communicate with each other unless you have a bad network design with loops.

If FW1 and FW2 can communicate with each other on the segment, then no failover will happen. If they lose communication, the slave will attempt to take over, but unless FW1 loses interface link, it wouldn't demote itself.

In your case "Often" isn't really correct these days - more often than your scenario, at least with our customers, firewalls are connected to both switches using LACP (LAGG in pfSense) so each firewall has a connection to each switch in a stack.

@Rhongomiant:

The router idea is not terrible, but what I wanted to avoid. Do you know of good NAT router that is fast and does not have all the unneeded junk like a firewall since I have pfsense for that? Maybe I'll get something basic that can run ddwrt and I'll turn off everything but NAT, hmm. If only Verizon FIOS was not such a pain regarding static IPs!

I'm not aware of any specific models, but anything that would do decent throughput and could run DD-WRT should suffice. Some people just use their existing modem/router for that since those tend to be simplistic, but if what you have is purely a modem, then some other NAT device would be needed there.

@jimp:

For a binary change, it's typically best to uninstall and reinstall to ensure you have the most current package installed.

Thanks again jimp

Did a brute force shutdown , now i have access to ssh.

The pfsense is running, all 4 interfaces are properly configured (i have access to everything).
Its just like web died.

EDIT:Never mind everything seams to be running.(the magic of unplug the cord) ;D

I'll just update it to the new snapshot.

Do you happen to have a copy of your pre-upgrade config and the config from immediately after the upgrade?
You don't have to share them here, you can send them in privately.

The VIP naming scheme changed from 2.0.x to 2.1 so anything involving CARP VIPs should have been switched over, but this isn't the first report I've seen of trouble with the transition. We'll need to see the configs in order to track it down though.

It's right, it's just tricky. The text is dynamic and changes. :-)

If you have ONE interface only, it prints WAN, because WAN gets the anti-lockout rule when you have only one interface.

If you have 2+ interfaces, it shows LAN there.

I have also noticed the ZFS memory warnings and wanted to ask if the new 2.1-RC0 kernel has a larger memory footprint compared to a v2.1 kernel from a few months before.

I'm asking because a 256MB VM running the latest 2.1-i386 image with no packages installed, on a quiet network (only 17 states) consumes about 45% of memory, according to the Dashboard info …

@ASGH:

@Joe

By default this board has intel Atom CPU, can I know from where you bought AMD version?

Mine is also has an Atom CPU, this is the one I purchased: http://www.amazon.com/Jetway-NF9HQL-525-Intel-Quad-LAN-Mini-ITX/dp/B00CQBQZ3C/ref=sr_1_1?ie=UTF8&qid=1370987829&sr=8-1&keywords=jetway+quad

It came with a ddr3 2gb sodimm, case and power brick. I need to purchase another 2gb sodimm, and I will eventually move from the 20gb 2.5 inch HD to a 4gb compact flash card.

But honestly, as is, the device works incredible (now that I figured out the kinks with the build/device). I now have it configured with my vlans, and my additional business internet connection that I have 1:1 to a VIP subnet block.

It handles it all like a champ, I have not seen the CPU go above 20% with me saturating both connections, and memory has not gone past 10%.

Should work with tomorrow's snapshot, my test system is working now.

Should work with tomorrow's snapshot, my test system is fixed now.

It downloads each of the PHP script files for aa package 1-by-1. A progresss report is given for each one, but on the console I don't think the file name is echoed. So you see lots of "100%" come out.
If the "Packages being installed in the background" message stays there for a long time, then something really did go wrong inn the package download/install. There is a checkbox (somewhere  in the menus - don't remember now) to let you clear the package lock. Then you can install packages from the GUI.