Like I said above you should not have a gateway set on the LAN interface. Remove it. In some rare circumstances you might want a gateway on LAN but here it has probably become the default system gateway which kills routing. Steve

bump

I don't know about that package, but I've not seen any complaints yet EXCEPT that when you first install it you might have to clear your browser cache to see proper results.  I was really surprised to see how many people require that package, but seems like many.

More details please. What packages are you running? How is the box setup? Others running that hardware do not seem to be suffering those symptoms. Steve

I had a similar problem upgrading from 2.03 to 2.1, , after 6 hours the package installation were supposedly still running.  phil.davis suggestion helped me get rid of it. After that I reinstalled squid, and installed one missing upgrade, Openvpn client export. My system log showed this: Sep 21 08:08:43 php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '2', the output was '/usr/local/etc/rc.d/squid.sh: 10: Syntax error: "}" unexpected (expecting "then")' Sep 21 08:08:43 php: rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure' returned exit code '1', the output was 'squid: ERROR: No running copy' Sep 21 08:08:43 php: rc.start_packages: Reloading Squid for configuration sync

http://forum.pfsense.org/index.php/topic,66616.0.html and others…

@infomaster: Hi, snort not work after upgrade how to fix it. More information will be helpful.  What error messages, if any, are showing the in system log? I have Snort working fine in both 2.0.3 and 2.1-RELEASE virtual machines (32-bit and 64-bit versions).  The very first thing to try is to remove Snort and then reinstall. First, go to the Global Settings tab in Snort and be sure the checkbox near the bottom of the page is checked to keep Snort settings after a de-install. Next, go to System…Packages and click the Installed Packages tab. Locate the Snort package and click the X icon to remove it. When that completes, go back to System…Packages under the Available Packages tab and reinstall it. Bill

I finally decided to do a clean install. Everything working ok now. regards

Blank out the sync username. Even if you didn't set it, on 2.0.x your browser may have auto-filled it.

@jflsakfja: @jwelter99: NTP server behaviour has changed.  Instead of listing just the physical interfaces like in 2.0.3 all the virtual ip's are listed.  If you just set to listen on the interface (like in 2.0.x) it doesn't listen on the virtual ip's also on that interface.  This means during upgrade from 2.0.x -> 2.1 NTP breaks unexpectedly until you add the virtual ip's to the NTP config for listening. I know I'm totally making assumptions here, but if you are using NTP in a CARP cluster, you shouldn't set it to listen on the virtual IPs. If on the other hand you meant that you set it up so that it listens on 2 IPs on the same interface, don't set it up like that. NTP should be set up so that the client (pc/laptop/smartphone/toaster-running-linux) behind pfsense sees two (2) NTP upstream servers. One (1) of those servers should be listening on box A and one (1) should be listening on box B. Why it needs to be set up like that is beyond the scope of this thread. I know, I know, as always I'm recommending the exact opposite of what the entire Internet takes for granted. Someone will chime in and correct me. Don't. NTP should never listen on all the IPs on an interface. only the primary IP (assuming your downstream network somehow communicates with that IP, ie same subnet). Never on the CARP (failover) IP. Something that stays static and attached to a single box. That said, I have not noticed any NTP breakage. Everything is working as it did before the update. Yes, it likely makes sense to specify the two servers and not the CARP VIP but that is how this was setup.  For both NTP and DNS.  On the 2.0.3 -> 2.1 upgrade NTP broke but DNS was fine. It seems that in 2.0.3 any interface you enabled NTP on would enable any IP that FW had on that interface - so the CARP VIP's would just work.

For sizing, it really depends on a few factors. The most important is how many packages you are going to install and what packages they are. If you run something like squid, you'll need a LOT more /var space. If you install large packages, you'll need to have more room there for the install process in /var and /tmp to manage the files they grab. Log files and RRD do not grow once they are initialized. If you add an interface or a gateway, you would gain some more RRD graphs, but that doesn't happen too often, and you'd have to have your drives nearly full for that to be a concern.

Well, I moved to a newer box and I can state that 2.1 installs successfully using a mirrored config. Thanx for all the help, Garth

Uhm… The router should be in AP mode only. And I'd definitely discourage anyone from even thinking about using USB NICs.

Ill just add that the webgui listens on every interface, access to it is only restricted by the firewall rules. This means that you can access it on the WAN IP address from the LAN side even if your WAN rules block it. The default LAN to any rule allows it. Steve

Ah - also good to know.  Thanks again.

Referring to the end of that other post: from pfsense to AP - There is Ping That would go out from 192.168.2.1 on pfSense directly to the AP. So pfSense OPT1 and the AP have compatible (hopefully the same) subnets. from AP to pfsense - no ping I guess that was from AP, ping 192.168.1.1 - the pfSense LAN IP. In that case the AP probably does not know how to route to that. If you tried to ping 192.168.2.1 then that is good, but you will need to have added a pass rule on OPT1 after booting the LiveCD version. I can't understand what has happened here - the symptoms look a lot like an AP subnet/mask/default gateway problem. But it is pfSense that has been upgraded - so what is the real cause of the problem??? Can you post the actual AP: IP address network mask default gateway for LAN (or tell us that there is no setting for that) and confirm that OPT1 is 192.168.2.1/24 and has a pass rule with source any (or OPT1 net).