I like to do this also - have an offline backup system ready to go in places where I have spare hardware. (With CARP or any solution with multiple boxes powered up together, all the hardware can be killed by the 1 lightning strike…).
You can restore the config, then it is good to get it to load all the packages when it first boots, so it is ready to go when needed. In practice, I find I need to plug it in as the real pfSense during some after hours period, let it boot up, download the packages it wants and start up. Actually, you can then leave it in place as the production unit and keep the previous production unit as the disaster backup hardware.
If your WAN uses DHCP, then you can plug the backup unit into some other internet connection, and it will get DHCP on WAN and download packages... But if it has a static IP set on WAN in the config, then the only way to get it to download packages is to plug it in as the real production unit. (Otherwise you have to change the config to make it connect on some other WAN, and then make sure you correctly reverse the changes you made so that the backup unit really is an identical config to the production unit.)

2.1 Has some ease-of-use improvements. First is with a Wizard after you assign your NICs on the console.  Wish there was a wizard for rules and port forwarding for morons like myself.

I believe so, I tried it by setting a firewall rules as follows:

allow all traffic on interface IPSEC from remote IP > internal LAN
allow all traffic on interface INTERNAL LAN from remote IP > internal LAN

I didn't reset states though.

I did read a post later on that suggested allowing traffic on your EXTERNAL interface from remote EXTERNAL IP but my thinking is that once the VPN tunnel is established the traffic would appear to come from the remote IP network addresses rather than EXTERNAL IP address?

Drac

Got It, Thank you

Thanks for the reply.  I had set my Virtual IP addresses as lfAlias rather than CARP (not 100% sure what the difference is).
I noticed from your post that your external virtual IP's are each pointing to a different internal machine, whereas in my scenario I had set one virtual IP to NAT to 4 different internal IP's with some on different subnets.  In the end I disabled the NAT 1:1 mappings and just used NAT port forwards and this seems to be working fine now.

Regards
Drac

Thanks for the help, you two. Resetting states seems to have done the trick.

So I will have to re-configure the packages, if needed. Not really an issue in the particular situation, but for other installations.

Best

Kostas

If you can find deals on thin clients with proper spec, that is an option.  I found some that were better priced than the Alix boards I've used.  These were also new.

See this post.  I have 2 of them with upgraded disks of 4 GB, and run offices which averages 5 GB-10GB daily using Squid, Snort, etc.

http://forum.pfsense.org/index.php/topic,64393.0.html

Automatic or manual upgrade? If manual, what is the name of the file you are attempting to use in the upgrade?

@Reiner030:

mmh, I try to cut/clean the video I made of it with our last firewall switch…

Gateway just crashed because of TRAP 12 bug…. The good thing: I found in crashdump the console output while re-installing package ;)

<118> <118> <118> <118> <118> <118> <118>done. <118> Starting package iperf... <118> <118> <118> <118> <118> <118> <118>done. <118> Starting package OpenBGPD... <118> <118> <118> <118> <118> <118> <118>done. <118> Starting package pfBlocker... <118> <118> <118> <118> <118> <118> <118>done. <118> Starting package Cron... <118> <118> <118> <118> <118> <118> <118>done. <118> Starting package bacula-client... <118> <118> <118> <118> <118> <118> <118>done. <118> Starting package System Patches... <118> <118> <118> <118> <118><118> <118> <118>done. <118>Bootup complete

The rl message may or may not be related, hard to say really. If you have to try it again, jump right to a 2.1 snapshot.

http://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_CARP
http://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide

There is nothing wrong with running a completely virtualised test setup.

@uberwebguru reading back through this thread it seems quite clear that you have somehow managed to connect the pfSense LAN interface to a physical(bridged) NIC an that is connected to your network. Hence both pfSense and your Netgear router are both trying to be the network router.
In a fully virtual setup as you're describing only the pfSense WAN interface should be connected to a real NIC. Inside virtual box the pfSense LAN interface is connected to your other VMs via a virtual switch.
Since both pfSense and the Netgear router are using 192.168.1.* for their LAN interface you will have to change one of them. I suggest changing the pfSense LAN.

Steve

You could try a 2.1 RC snapshot.

Chances are either one of two things is happening:

1. The other changes on 2.0.3 are interacting poorly with that NIC
2. The other changes on 2.0.3 are driving that hardware a little harder and exposing some other electrical issue

The base OS on 2.0.1 and 2.0.3 is the same, but some drivers were updated there.

The base OS on 2.1 is a bit newer and has even more recent drivers, so it would be the next thing to try.

Maybe may last posting is a bit long. That's why I ask in short terms: Is there anybody out there who could solve the "/tmp/filterdns_cpah.pid" issue by gitsyncing? For me it did not work.

Peter

Hi,

My observations:
  CF card detected by BIOS during cold and warm boot
  CF card detected by FreeBSD only after warm boot

Changing hw.ata.atapi_dma="1" in /boot/loader.conf (did it directly using vi hoping that is ok) gave the same results as above.

I changed from 2.0.2 to 2.0.3 and have the same issue. (I don't know why 2.0.3 don't give me a loop anymore, but I added bs=16k when using dd)

My Lexar 4GB CF card is 80x (which I calculate to 12MB/s)
I have also tried with a SanDisk 4GB 30MB/s (which I calculate to approx. 200x)
(I base my calculatons on a 1 gen. CD-ROM reading at 150KB/s, correct or….?).

Using the Lexar CF I have to wait several seconds after BIOS have counted onboard memory. 5-10 secs. There is no waittime when using the SanDisk CF,  FreeBSD starts right away.
Without going into much detail the Sandisk gives a completly different error which I won't add to this thread.

One question pops up. Does it matter that they have different metrics, while both claims to be 4GB, BIOS shows the LBA differs?
From BIOS:
Pri Mas  LEXAR ATA FLASH CARD            LBA Xlt 971-128-63  3915 Mbyte
Pri Mas  SanDisk SDCFH-004G                  LBA Xlt 968-128-63  3906 Mbyte

Regards,

Bjørn

Excellent suggestions, Steve and that moved me much further along: after running the 2.1 snapshot, the text scrolls down the page as it should and the system didn't hang at SCSI-0. We got all the way to "Do you want to Proceed [y:n] which after I entered "y" displayed "Writing configuration…". Unfortunately this is where the system hung.

I searched the forum and found a post where someone else experienced this "Writing configuration..." problem and they solved it by auto selecting the interfaces instead of entering them manually; however, for me that produced the same problem with a freeze at "Writing configuration...".

It appears like it's not recognizing the NIC. Has anyone had this problem?

Regards,