Thanks.  Thinking I might stay with 2.0.1 for a while.  I think I know why we're having slight issues with it.  Somehow, the second box has a different password.  That means the two aren't working in CARP. I have a monitor and keyboard in the Comms Room and, I believe I can change the password easily with those. If I do upgrade, I'll try and image the disks first.  Have bought some 8Gb Kingston USB sticks for that and got a copy of Clonezilla from Tuxboot.

@cmb: You can with the embedded version, quite a few people do that. I'd advise against cheap no-name USB sticks as they tend to not be very reliable for always-on long term usage (judging from the experiences of those here in the past who've tried them). If you have to boot from USB, my recommendation is these: http://www.amazon.com/dp/B00IVPU894/ http://www.amazon.com/dp/B002HGFKR8/ (buy whatever color is cheapest) The Samsung MicroSDHC/XC "PRO" cards all use MLC flash.  I've been using these with full installs for a while now and have had no failures.  I also use them in my home PBX, my RetroPie box, my micro voice recorder, and my car.  Amazon had them on sale a while back and I bought like 20 in varying sizes… Lexar actually makes a better card reader, one that supports USB 3.0 speeds and really lets the Samsung cards fly, but unfortunately they don't sell it separately.  If you want a cheaper SDHC card for use elsewhere though, you could always buy this and then just use the reader for your pfSense install. http://www.amazon.com/dp/B00IF4OC1G/

hi, thx, for your time, for now i am on v2.2.0 x64 (at start point) with all working well. Pleas can you help me, how to check logs (where are located, i upload all here) if i am on start position (are overwriten or append)?

Dredging up an old thread here but seeing as nobody responded… If you're monitoring the thread and havne't got this working please ask again.  :) Steve

hello havent seen that same prob on nanobsd versio 2.2.1 TRIED installing full version of 2.2.1 =tested for 2 hours and was okay =booted the following morning and dhcp not working =statically put ip address on PC and start the webgui which gives again 503 =checked the console on bootup messages and found fcgicli: Could not connect to server(/var/run/php-fpm.socket)   pfSense (pfSense) 2.2.1-RELEASE amd64 Fri Mar 13 08:16:49 CDT 2015   Bootup complete

@Gertjan: Set up by hand and then do a restore, selecting ONLY DHCP settings … from your config.xml  ;) I didn't know you could selectively restore bits of the config.  If this problem persists, I will definitely check that out.

You're on the correct version. The system must be sane given you've done multiple clean installs, so it must be something with the config. Could you PM me your config, or otherwise get me a copy? Manually browsing to status.php will get you a somewhat cleaned version (no keys, passwords, etc.) that you can copy/paste. Or if you wouldn't mind opening up access WAN-side from my IP so I can log in and check it out, I'll do that. PM me.

Should be straight forward. We've upgraded a few ALIX boards from even 1.2.3 straight to 2.2.x for support customers with no issues. There aren't any hardware-specific issues with the ALIX, which eliminates a good deal of the potential upgrade issues with the jump from FreeBSD 8.1 to 10.1. You're not using IPsec, which is where the bulk of the other behavior changes that could be problematic exist. Go to Diagnostics>Nanobsd, and click "View upgrade log". If that button's newer than 2.0.3 (don't recall for sure offhand), check the contents of file /conf/upgrade_log.txt.

Interfaces: WAN is where both the assigned static IP address and the gateway IP address are configured. The CIDR network (mask bits) must also be set correctly.

OK, this is a serious and confirmed PEBKAC.  ::)

This is the completed system…... [image: 20150430_173515.jpg] [image: 20150430_173515.jpg_thumb]

Looks like I had a couple of issues. 1:  Putty wasn't showing me the right stuff and even when it did it wouldn't let me type. 2:  While the 64-bit archive downloaded for the Tx site ine and unpacked fine it appears to have been corrupt.  I downloaded it from the Ky mirror and it loads fine. 3:  I forgot about the whole assigning NICs thing before it would load.  DOH!  Using Hyperterminal I was able to get in and assign them.

I had the same issue after updating from 2.1.5 to 2.2.2. The dashboard show the OS updated, the widgets had a new look but the system never really rebooted.  The old kernel was still being used.  Uptime was the same: –------------------------------------------------------------------------------------------------------------------------------------------ Version 2.2.2-RELEASE (i386) built on Mon Apr 13 20:10:33 CDT 2015 FreeBSD REDACTED 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:25:41 EDT 2014 root@pf2_1_1_i386.pfsense.org:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386 You are on the latest version. Platform pfSense CPU Type Intel(R) Pentium(R) D CPU 3.00GHz Uptime 238 Days 23 Hours 24 Minutes 25 Seconds I tried multiple times rebooting via the webGUI it didn't work.  I ended up having to push the power button on the server to get a clean shutdown and reboot.  Then the Uptime looked fine.  Error message went away.  After login, pfSense said that it was regenerating SSH keys.  This procedure worked for two server updates.

You can do a few things. 1. Set up your workstation to be behind that vm in general. I do something similar with virtualbox on one of my work computers, and I have virtualbox using my NIC as the WAN for pfsense, and I have another virtual NIC that is 'LAN' or equivalent that my laptop uses as if it was it's only network interface. The pfsense VM's wan gets whatever is at the physical ethernet port of the machine, and then my laptop gets it's route through a virtual NIC and is behind pfsense. Yes, pfsense has to be booted before packets flow at all, so that may not be ideal. Works great for me, pfsense boots fast enough it makes almost no difference. Once you do this, you can usually pass whatever captive portal exists because you are natted behind the MAC and IP they are seeing. 2. Create a script that uses cURL to do a POST or whatever action is normally taken to get you into the system. For example, pfsense captive portal just wants a POST to a certain URL (when it's configured with no auth), and so you could do something like curl --data "" http://firewall.ip:port/ At that point, you figure out how long before they idle you off, and schedule your script to run accordingly. 3. Clone the MAC address of a device that already passed the hotel's auth This is a little trickier, I use an old smartphone for this. Basically, use the mobile device to pass the portal, then make your pfsense WAN interface bound to that MAC. I've done this many many times over the years with varying success.

I have a friend who runs an ISP.  He provides Internet to a condo building in Downtown Atlanta somewhere.  One of the issues he has run it to (and since solved) is end users plugging in their consumer router/firewalls "backwards"  with the LAN side connected to the WAN.  The built-in, on by default, DHCP server on these devices would take down the whole building. So, to make a point…yes you only want one DHCP server enabled or your network will not work right, at all.  Basically you'll DOS yourself. Modern switch software allows you to lock down which port DHCP requests can be replied from to guard against this kind of problem.

Upgrade are generally fine, but depending on how old the hardware is (especially the disk), it may be a good time to reinstall. Reinstall+restore should work identically to an upgrade except for a few bits that may be left over during an upgrade. Usually if it doesn't appear to work properly it's due to some difference in the image or configuration's console settings, interfaces, etc. Looks like you submitted the same question via the support portal this morning and someone responded similarly. Probably best to continue there if you'd like to pursue figuring out why the reinstall didn't work as expected.