Hi Steve-
Yes, I tried both Serial/console memstick image, as well as the VGA memstick image, and both acted (to me) as if they were configured for VGA (as the console output stopped working at a point early on in the boot process).

I will try doing a fresh install of pfSense with a memstick on another embedded PC I have later today, and see if that works. If it does, I'll take that embedded PC over to the client's office tomorrow and do exactly what you suggested - use my embedded PC with their hdd to perform the install and then switch the hdd back over to their Soekris device.

Hi /CS-
Thanks for the response. The steps you've suggested are almost exactly what I have done. I'm not positive that the bios is updated to the latest version, but this is a brand spakin' new Soekris device.

I'll respond later today if I have trouble getting pfSense installed onto my own embedded PC using either the VGA or the console memstick image.

David

Delete the gateway, save/apply, re-add gateway with old name, save/apply.

Like I said above you should not have a gateway set on the LAN interface. Remove it.
In some rare circumstances you might want a gateway on LAN but here it has probably become the default system gateway which kills routing.

Steve

bump

I don't know about that package, but I've not seen any complaints yet EXCEPT that when you first install it you might have to clear your browser cache to see proper results.  I was really surprised to see how many people require that package, but seems like many.

More details please. What packages are you running? How is the box setup?
Others running that hardware do not seem to be suffering those symptoms.

Steve

I had a similar problem upgrading from 2.03 to 2.1, , after 6 hours the package installation were supposedly still running.  phil.davis suggestion helped me get rid of it. After that I reinstalled squid, and installed one missing upgrade, Openvpn client export.
My system log showed this:

Sep 21 08:08:43 php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '2', the output was '/usr/local/etc/rc.d/squid.sh: 10: Syntax error: "}" unexpected (expecting "then")' Sep 21 08:08:43 php: rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy' Sep 21 08:08:43 php: rc.start_packages: Reloading Squid for configuration sync

http://forum.pfsense.org/index.php/topic,66616.0.html

and others…

@infomaster:

Hi,

snort not work after upgrade how to fix it.

More information will be helpful.  What error messages, if any, are showing the in system log?

I have Snort working fine in both 2.0.3 and 2.1-RELEASE virtual machines (32-bit and 64-bit versions).  The very first thing to try is to remove Snort and then reinstall.

First, go to the Global Settings tab in Snort and be sure the checkbox near the bottom of the page is checked to keep Snort settings after a de-install.

Next, go to System…Packages and click the Installed Packages tab.

Locate the Snort package and click the X icon to remove it.

When that completes, go back to System…Packages under the Available Packages tab and reinstall it.

Bill

I finally decided to do a clean install.

Everything working ok now.

regards

Blank out the sync username. Even if you didn't set it, on 2.0.x your browser may have auto-filled it.

@jflsakfja:

@jwelter99:

NTP server behaviour has changed.  Instead of listing just the physical interfaces like in 2.0.3 all the virtual ip's are listed.  If you just set to listen on the interface (like in 2.0.x) it doesn't listen on the virtual ip's also on that interface.  This means during upgrade from 2.0.x -> 2.1 NTP breaks unexpectedly until you add the virtual ip's to the NTP config for listening.

I know I'm totally making assumptions here, but if you are using NTP in a CARP cluster, you shouldn't set it to listen on the virtual IPs. If on the other hand you meant that you set it up so that it listens on 2 IPs on the same interface, don't set it up like that. NTP should be set up so that the client (pc/laptop/smartphone/toaster-running-linux) behind pfsense sees two (2) NTP upstream servers. One (1) of those servers should be listening on box A and one (1) should be listening on box B.
Why it needs to be set up like that is beyond the scope of this thread. I know, I know, as always I'm recommending the exact opposite of what the entire Internet takes for granted. Someone will chime in and correct me. Don't.
NTP should never listen on all the IPs on an interface. only the primary IP (assuming your downstream network somehow communicates with that IP, ie same subnet). Never on the CARP (failover) IP. Something that stays static and attached to a single box.

That said, I have not noticed any NTP breakage. Everything is working as it did before the update.

Yes, it likely makes sense to specify the two servers and not the CARP VIP but that is how this was setup.  For both NTP and DNS.  On the 2.0.3 -> 2.1 upgrade NTP broke but DNS was fine.

It seems that in 2.0.3 any interface you enabled NTP on would enable any IP that FW had on that interface - so the CARP VIP's would just work.

For sizing, it really depends on a few factors. The most important is how many packages you are going to install and what packages they are.

If you run something like squid, you'll need a LOT more /var space. If you install large packages, you'll need to have more room there for the install process in /var and /tmp to manage the files they grab.

Log files and RRD do not grow once they are initialized. If you add an interface or a gateway, you would gain some more RRD graphs, but that doesn't happen too often, and you'd have to have your drives nearly full for that to be a concern.

Well, I moved to a newer box and I can state that 2.1 installs successfully using a mirrored config.

Thanx for all the help,
Garth

Uhm… The router should be in AP mode only. And I'd definitely discourage anyone from even thinking about using USB NICs.

Ill just add that the webgui listens on every interface, access to it is only restricted by the firewall rules. This means that you can access it on the WAN IP address from the LAN side even if your WAN rules block it. The default LAN to any rule allows it.

Steve