Thanks for testing that. I was pretty sure but it's nice to know for certain.  :) Steve

@robi: The easiest way would probably be to just implement a message box on the package manager tab, The problem is that the Package Manager does not know what files and/or config changes were made by the package… Those particulars are handled by each package specifically. Having the option to select "Complete De-install" or "Keep Settings" in the package manager is a great idea, but it would need some integration with the packages. So for example... Snort.xml has the following tags for Install/Deinstall <custom_php_install_command>include_once("/usr/local/pkg/snort/snort_post_install.php");                 ]]></custom_php_install_command>         <custom_php_deinstall_command>snort_deinstall();                 ]]></custom_php_deinstall_command> The file snort.inc has the functions for Install/De-install [ [color=blue]function snort_deinstall() ] If the keep setting is not enabled in the package it will remove the custom settings in the config and also remove the modified files/downloaded files. /* Keep this as a last step */         if ($config['installedpackages']['snortglobal']['forcekeepsettings'] != 'on') –-------------------------------------------------------------------------------------- So I think it would be best to introduce a new tag say "Custom _php_keep_deinstall" <custom_php_install_command></custom_php_install_command> <custom_php_deinstall_command></custom_php_deinstall_command> <custom_php_keep_deinstall_command></custom_php_keep_deinstall_command> Then each package could have a function that will handle "keep settings" on De-Install. Its also worth noting, that even on a Re-Install. The de-install function is called first.

The hard drive is the only SATA device in the system.  The DVD ROM is IDE (That's how old the thing is.  lol) So, to end my tale…  ;) I wiped the box and installed 2.1.5 64-bit from disk without incident.  I couldn't find a backup anywhere, so I had to reconfigure everything. All in all it will be a good thing.  I got the BIOS straightened out (the HD controller was in IDE compatibility mode; it is now in SATA mode), the OS is now 64-bit (the original was 32-bit), and I'm far more familiar with the system than I was 2 years ago when I built the original so the reconfig only took a couple of hours.  I still need to redo the Dansguardian, Squid, Squidguard, Snort, etc., but the major stuff is back online. Hopefully we can figure out what in 2.2 doesn't like what in my box so I can eventually upgrade it to get the latest goodies.  Or maybe I just need to use a more modern box...  ;) Thanx to all who helped out.  :)

Nice to see that I'm not going crazy  :P Forgot to say that they boxes are also running suricata, cron and system patches as packages.

Another thing to add… Went and downloaded the fresh install iso for 2.2. Built a brand new vm on ESXi 5.5 and tried using vmxnet3 drivers.  pfSense detected them fine, but the up/down status detection totally wrong and would not respond to pings or web console.  Reverted to legacy e1000 and no problems at all. Another gotchya.

@marcelloc: @beyondcrazy: Sooo… I reverted to fresh 2.2, then started loading all the parts of the upgraded 2.2 config, one at at time, using the dropdown menu for 'restore area'. I didn't even notice that menu option before. But it turned out to be a life saver. IMHO, this is the best way to upgrade if possible to sysadmin. I completely agree. @marcelloc: @beyondcrazy: Using the broken 2.2 upgraded config, I restored aliases, dhcp server, firewall rules, interfaces, nat, rrd data, and static routes. Rebooted, and it worked great. I was mostly back to where I was in 2.1.5. I did have to manually create my fw schedules, but otherwise, it works great. I also was able to export the now working 2.2 config, and load it into a fresh 2.2 system w/o any difficulties. It would seem that some aspect of the upgrade is broken. But if you can at least get the web interface up and dump the config, you can then load specific pieces of the upgraded config into a clean 2.2 system. It's far from perfect, but it works pretty well. On the good side – CPU utilization is improved for the kvm instance -- cpu utilization would be at 50% for the vm, but pfsense only reported approx 10ish%. Now, they seem to be much more aligned -- 10% in vm guest is 10-15% on host. For those of you using kvm, you still have to use the hw.mca.enabled="0" trick to boot. Otherwise, it seems to be running more smoothly, at least over the last few hours. Excellent product! Can you create a diff between upgraded config to configured 2.2 config? This could help core to to find bugs on config migration tool. I could, but almost every line is going to get flagged. While the data itself might be similar, the order of the config lines varies quite a bit between the two files. I'm happy to provide anonymous version of both files if it will help. Jon

Thanks. that is not enabled.

Oke thats a great tip. I'm really curious whats going on while i'm walking circles here while waiting for the firewall to come up. I'm definatly going to check that out the next time I reboot pfSense. Thanks again Steve.

Running 2.2 for about 24 hours here.  I played it safe and installed to a spare SSD on a second machine, swapped drives and restored the 2.1.5 configuration backup.  Only running a few packages, snort, nut, avahi and they reinstalled fine after the restore reboot. The only minor thing I've noticed is that the gateway dashboard widget is showing impossibly low RTT values, on average about 5ms when it should really be about 25ms, which is what 2.1.5 was showing (ping shows about the same, mid 20's). Thanks to those involved in this release!

Looks like the same issue as this: https://forum.pfsense.org/index.php?topic=87290.0 If you post in that thread perhaps the two of you can find something you have configured similarly. Steve

I'll have to take a look when I can shut it down again..  It had been working without issue on 2.1.5 with the current bios settings.. nothing was touched on the motherboard between 2.1.5 and 2.2. The motherboard is pretty ancient, maybe 5 years old at this point.

Success.  While I was not able to run pfsense 2.1.x on Soekris net5501 and Alix2d13 hardware platforms after restoring my configurations without kernel panics … Now that pfsense 2.2 Release is available ... I have successfully updated both hardware platforms from pfsense 2.0.3 Release to 2.2 Release and all is well after restoring my 2.0.3 configuration.  I'm happy.  I've learned to be patient in life as in the end it's very worthwhile. p.s. for OVPN I had to disable a deprecated option for tls-remote and optionally add an option for auth-nocache -- Anthony Tzouris

@TieT: Is it also fully enabled on the WAN or LAN ? Services - snort - interfaces - the little arrow is green ? WAN Enabled.

Hopefully the package reinstall has finished by now. If not, then go to Diagnostics->Backup/Restore and press the "Clear Package Lock" button. Then look in the logs for error messages about what went wrong during the package install. Then (re)install your packages.

The bug report is the way to go… last i knew there was no real maintainer for vnstat2.. Its been worked on by different people.. I was going going to fix the paths this morning but someone beat me to it :-)  Other packages have the same issue with the paths being wrong

Yup i'm glad pfsense finally moved to freebsd 10.1 ! that freebsd 8 was so legacy it made the project look "outdated" ;-) I was able to upgrade one of my boxes just fine and the installer re-installed the packages automagically and all works except unbound … but, i hope somebody replies to my "unbound" post soon :) I'm just excited that i get to use VMXNET3 now since Freebsd 10 supports it ( on my home machine that sometimes has to deal with 1GBPS routing between VLANs ), other than that ... i guess a "multi core" pf with freebsd 10 is good too !

Update:  So I rebooted again and now ssh does auto start? Not sure if it fixed itself, or if running the commands below helped.  Found them in a post about ssh problems with the prerelease 2.2.  There was a quote from the script that I assume is part of the clean install process. https://forum.pfsense.org/index.php?topic=83333.msg456428#msg456428 /usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_ecdsa_key /usr/bin/ssh-keygen -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key So at this point I think am working.