@Escorpiom:

Config backup and restore will be no problem I presume.

Yeah your backup config will be fine, none of that hurt anything in the config itself.

Just did a fresh install of 2.2 64-bit on a new pfsense box for my lab. It's installed on a 128GB Samsung 840 Pro SSD. I don't use squid or any disk write intensive plugins, and that SSD is supposed to be pretty rugged but I thought I'd enable trim just for my own peace of mind.

I was able to get trim enabled by booting into single-user mode and issuing the commands as detailed in a post on another thread:

/sbin/tunefs -t enable /
/sbin/reboot

…and then verified it after rebooting:

[2.2-RELEASE][root@pfsense.<my domain="">.com]/root: tunefs -p /
tunefs: POSIX.1e ACLs: (-a)                                disabled
tunefs: NFSv4 ACLs: (-N)                                  disabled
tunefs: MAC multilabel: (-l)                              disabled
tunefs: soft updates: (-n)                                disabled
tunefs: soft update journaling: (-j)                      disabled
tunefs: gjournal: (-J)                                    disabled
tunefs: trim: (-t)                                        enabled
tunefs: maximum blocks per file in a cylinder group: (-e)  4096
tunefs: average file size: (-f)                            16384
tunefs: average number of files in a directory: (-s)      64
tunefs: minimum percentage of free space: (-m)            8%
tunefs: space to hold for metadata blocks: (-k)            6408
tunefs: optimization preference: (-o)                      time
tunefs: volume label: (-L)

Many thanks to posters on the 2.1 SSD trim thread, and big kudos to Chris and the pfsense team. This is one solid product that I've used for many years without a single glitch and which I've recommended over and over.

Hope this helps.</my>

Hi.

The 'sure' - 'safe' and 'long road' solution is:
Go back to 2.1.3.
Keep a backup of the config for this '2.1.3' version.
Now, remove ALL packages.
Keep your '2.1.3' running a while - be sure all is good.

Now, upgrade to 2.2.
As soon as it is up and running, make a config backup.
[Now, take a break, and check for every package you used before in the "package sub forum" if there are any problems being signaled]
Add ONE of your old  packages - set it up.
WAIT a moment ….. observe if verything is fine. Reboot. Everything comes up and goes well ?
If yes, install the NEXT package from your list.

As soon as things blow up, you will know what package you should avoid.

Go back to "2.2" 'clean' redo your list, do not install the package(s) that was/were brook - you could find more 'broken' packages.

Most 'Packages' are NOT being written by the authors of pfSEnse - so any issue might arrive when pfSense was upgraded, when FreeBSD was upgraded, etc.

If you want to use a package, you should:
Check very often for the development of that package (this forum - elsewhere)  - never ever touch/use a package that has NO regular version changes - only use package that are under constant development. In case of doubt: just stay away from it and you will be fine.
A package that isn't regularly being authored (upgraded) by the author will probably NOT survive a pfSense release.

Before every upgrade of pfSense, CHECK your packages. Like checking your apps when you update your (Windows or MAC) PC, check your plugins when you update your CMS, etc.

net.inet.ip.portrange.reservedhigh

Thanks, this worked.

@ashwani_km:

Hi

My default gateway is wan only.

I do not understand your answer. Post your LAN and WAN Interface settings, LAN and WAN firewall rules, and Outbound NAT settings. Then we can see what might be the problem.
नमस्ते

This problem is still not resolved
Maybe that's why antivirus does not work

During the upgrade from 2.1.5 to 2.2
The program installs the Antivirus extension
before the Antivirus

And it gives an error message
Does not recognize the path

I can second @gpfsenser's experiences.

I too had an issue with the squid3-dev package not being available under 2.2, requiring the work around with manual config edit - perhaps something for the release notes so it can be avoided by others?

My reverse proxy functionality no longer works - I'm yet to figure out why. Using Squid3 and SquidGuard3 from 2.2 package list.

I have a hard-crash when remotely accessing the web configurator interface over IPSec - different thread is discussing that at the moment.

The upgrade of the base FreeBSD to 10.x is very helpful for me, especially for the Hyper-V hosted instances.

The UI is also better for me.

Thanks for the great work!

I must confess that I didn't try rebooting the box(es) after the upgrade - I just assumed (wrongly?) that the generation of both keys was triggered by the upgrade, and not something that would happen again if they weren't there during the startup process.

Anyway, as mentioned before all my twenty or so pfSense installs are now on 2.2, and everything is working smoothly - my sincerest thanks to the developers, I wish every other piece of software in use on my customers was as reliable as this. Kudos!

Marcello
São Paulo - SP - Brazil

yep :)
10x cmb
how I succeeded:
*moving the firewall WAN rule to the top/down(which makes no sense to me)- not working
*delete/recreate rule in NAT - same result
*change admin access port  from 80 to 8080,create rule in NAT(without moving anything)…..working  8)

just for the record:
i don't know how,but if i change again admin access port from 8080 to 80,web server continues to be accessible from 'outside'

anyway,thanks for help,i appreciate it.
-in 2.2 i lost startup/shutdown/login beep

@stig.voss:

This is not a request for help or an attempt to revive the thread for a new question. But I would like to inform potential users of this device a bit about my experience it.

Since around Christmas I attempted to implement this device as the firewall appliance in my home network. At first it did show some symptoms of being unstable under heavy load and upon that cause some "re0: watchdog timeout" errors. I left home for some weeks and let it run as my gateway and firewall. During the weeks with low activity on the network, it showed no signs of this problem. Now, as I got home and have started using my network again, the device is doing the same tricks again. From time to time after pushing a couple of megabytes per second on my connection or on VPN, it will crash the connection. When streaming it will crash the connection. A basic synchronization with Google Drive seems to be able to do it. I have yet not found a specific pattern in the issue. There might be a solution out there, but I have not experimented further.

To visualize my experience, I will provide a chart of ping logging.

Performance wise, ignoring the timeouts, it easily handles my 150/150 Mbps connection and it pushes some 90-110 Mbps on OpenVPN.

Does this issue only occurs while connected through the VPN?

Ok I've now replicated this. The issue is a BIOS setting. The critical setting is that ACPI must be enabled in the Power Management Setup menu. It isn't if you've loaded the default values. If you've upgraded from an earlier bios without clearing the CMOS then it might be, hence the confusion. Nothing else seems to prevent it booting though you probably also want to enable DMA/UDMA in the Integrated Peripherals, On-board IDE menu.
Edit: The actual cause of this appears to be a regression in the gpioapu driver. https://redmine.pfsense.org/issues/4363. By enabling ACPI you are providing a value of some sort for smbios.system.product (even if that value is 0) and working around it.

So you must set this:

                    Phoenix - AwardBIOS CMOS Setup Utility                             Power Management Setup +=====================================================+========================+ |    ACPI Function            [Enabled]              |        Item Help      | |    Power Management          [Disabled]            |------------------------| |    Video Off Method          [Blank Screen]        | Menu Level  *        | |    Video Off In Suspend      [No]                  |                        | |    Suspend Type              [Stop Grant]          |                        | |    MODEM Use IRQ            [3]                    |                        | |    Suspend Mode              Disabled              |                        | |    HDD Power Down            Disabled              |                        | |    Soft-Off by PWR-BTTN      [Instant-Off]          |                        | |    CPU THRM-Throttling      [75.0%]                |                        | |    Wake-Up by PCI card      [Disabled]            |                        | |                                                    |                        | |    ** Reload Global Timer Events **                |                        | |    Primary IDE 0            [Disabled]            |                        | |    Primary IDE 1            [Disabled]            |                        | |    Secondary IDE 0          [Disabled]            |                        | |    Secondary IDE 1          [Disabled]            |                        | |    FDD,COM,LPT Port          [Disabled]            |                        | |    PCI PIRQ[A-D]#            [Disabled]            |                        | +=====================================================+========================+   ^V><:Move  Enter:Select  +/-/PU/PD:Value  F10:Save  ESC:Exit  F1:General Help     F5: Previous Values    F6: Fail-Safe Defaults    F7: Optimized Defaults

You probably want this:
Edit: Although some basic testing showed almost no improvement in drive speed.  :-\

                    Phoenix - AwardBIOS CMOS Setup Utility                               OnChip IDE Device +=====================================================+========================+ |    IDE HDD Block Mode        [Enabled]              |        Item Help      | |    IDE DMA transfer access  [Enabled]              |------------------------| |    On-Chip Primary  PCI IDE [Enabled]              | Menu Level  **        | |    IDE Primary Master PIO    [Auto]                |                        | |    IDE Primary Slave  PIO    [Auto]                |                        | |    IDE Primary Master UDMA  [Auto]                |                        | |    IDE Primary Slave  UDMA  [Auto]                |                        | |                                                    |                        | |    *** On-Chip Serial ATA Setting ***              |                        | |    On-Chip Serial ATA        [Disabled]            |                        | |  x PATA IDE Mode              Secondary            |                        | |    SATA Port                  P0,P2 is Primary      |                        | |                                                    |                        | |                                                    |                        | |                                                    |                        | |                                                    |                        | |                                                    |                        | |                                                    |                        | |                                                    |                        | +=====================================================+========================+   ^V><:Move  Enter:Select  +/-/PU/PD:Value  F10:Save  ESC:Exit  F1:General Help     F5: Previous Values    F6: Fail-Safe Defaults    F7: Optimized Defaults

Steve

Yep so use the memstick-serial image and write it to a USB flash drive. Boot from that and use the serial console to reinstall to the SSD.

Steve

you can gitsync RELENG_2_2 to get what's currently 2.2.1-DEVELOPMENT. Snapshots will be coming back soon.

@johnkeates:

Anyway, for now, disabling tx/rx offloading on pfSense's VIF/TAP is pretty much 'the fix'.

In my setup disabling TX offloading alone was sufficient and also consistent with my reasoning: Only the sending of packets from/via dom0 to pfSense (i.e. the TX-side) needs to have a correct checksum. RX offloading - whatever that does - is only relevant for the dom0/domU receiving packets from pfSense and that has never been an issue as for any packet received on the vif interface the checksum is anyways ignored in any case.

@johnkeates:

Furter investigations regarding pf or any other part after the interface on the pfSense domU might be useful to determine the source of the dropped packets and if it's configurable to stop dropping them.

Unfortunately I have no idea what's going on inside pf or pfSense, so that's for somebody else to comment …

Regards Atom2

Steps 4-8 should be enough with pfSense 2.2.

Seems to be layer 8 issue ;)  Having a lot of those of late.

Silly question  ;D  Have you "assigned" the interfaces ?

https://doc.pfsense.org/index.php/Installing_pfSense#Assign_Interfaces_on_the_Console

@stephenw10:

Nice.  :)

defently yes! i was about to get insane :D i think i tried to install it like 20 times