Nanobsd upgrade from 2.0.1 to 2.1 using web GUI

xbipin

can any1 confirm upgrading from nanobsd 2.0.1 to 2.1 works as of now without issues using the auto update in pfsense web GUI?

jimp

It worked last time I tried it a couple months ago, is there some specific problem you've had with the process before that you're worried about?

xbipin

i havent tried because the last time i did from v1.2 to 2 it almost broke my system, good thing i had a config backup but i lost the file patches i had so wanted to confirm if any1 had tried it. i also hope the below things work after the upgrade as they r main things i use as of now

pppoe
wifi access point
alias
advanced outbound NAT
firewall rules
schedules
traffic shaper
limiter
dhcp server with static arp
upnp
openvpn client
cron package

it would be good to be able to take a system image from the gui rather than just a config backup.

jimp

You can make a system image in the GUI on 2.1 when doing an auto update there is a checkbox to make a full backup image (Or you can use /etc/rc.create_full_backup on 2.0.x as well).

I use all of the things you mention actively on 2.1 except for static arp. Though as far as I know that code hasn't changed so I don't have any reason to suspect it's broken.

xbipin

can u provide me the complete commands list based on nanobsd as i guess the system will be read only so it wont save the image, once image is created i would need to downlaod it from the box and a way to restore also would be appreciated

jimp

Just /etc/rc.create_full_backup - it'll work on NanoBSD if you do /etc/rc.conf_mount_rw first, but it'd probably be pretty slow.

If you're that worried, just image a fresh CF with 2.1 and then restore your config there. If it goes bad, just swap the CF back.

xbipin

this is what i get when i run it from console

[2.0.1-RELEASE][root@firewall.xbipin]/root(1): /etc/rc.create_full_backup
>>> Creating full backup to /root/pfSense-full-backup-20120828-1747.tgz
tar: Failed to open '/root/pfSense-full-backup-20120828-1747.tgz'
>>> Backup completed.  Note: this backup includes config.xml!
>>> To restore this backup run this command:
    /etc/rc.restore_full_backup /root/pfSense-full-backup-20120828-1747.tgz
[2.0.1-RELEASE][root@firewall.xbipin]/root(2):

jimp

Did you run /etc/rc.conf_mount_rw first?

xbipin

ok that worked but i go these errors or warning

[2.0.1-RELEASE][root@firewall.xbipin]/root(1): /etc/rc.conf_mount_rw
[2.0.1-RELEASE][root@firewall.xbipin]/root(2): /etc/rc.create_full_backup
>>> Creating full backup to /root/pfSense-full-backup-20120828-1911.tgz
tar: --exclude: Cannot stat: No such file or directory
tar: --exclude: Cannot stat: No such file or directory
tar: var/run/*: Cannot stat: No such file or directory
tar: --exclude: Cannot stat: No such file or directory
tar: root/*: Cannot stat: No such file or directory
tar: --exclude: Cannot stat: No such file or directory
tar: var/empty/*: Cannot stat: No such file or directory
tar: --exclude: Cannot stat: No such file or directory
tar: var/empty: Cannot stat: No such file or directory
tar: --exclude: Cannot stat: No such file or directory
tar: var/etc: Cannot stat: No such file or directory
tar: /var/dhcpd/var/run/log: tar format cannot archive socket
tar: /var/run/check_reload_status: tar format cannot archive socket
tar: /var/run/log: tar format cannot archive socket
tar: /var/run/devd.pipe: tar format cannot archive socket
tar: /var/run/logpriv: tar format cannot archive socket
tar: /var/run/hostapd/ath0_wlan0: tar format cannot archive socket
tar: /var/etc/openvpn/client1.sock: tar format cannot archive socket
tar: /tmp/php-fastcgi.socket-0: tar format cannot archive socket
tar: /tmp/php-fastcgi.socket-1: tar format cannot archive socket
tar: /root/pfSense-full-backup-20120828-1911.tgz: Can't add archive to itself
tar: Error exit delayed from previous errors.
>>> Backup completed.  Note: this backup includes config.xml!
>>> To restore this backup run this command:
    /etc/rc.restore_full_backup /root/pfSense-full-backup-20120828-1911.tgz

jimp

That's probably fine then, the errors are normal as certain things can't be backed up. Though if you want to check, you can download a copy and then later on try to restore it with /etc/rc.restore_full_backup

xbipin

the upgrade went smooth, though few problems, i keep getting an error for this rule i have for icmp

	[ There were error(s) loading the rules: /tmp/rules.debug:165: illegal dscp value EFpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [165]: match proto icmp from any to any dscp EF queue (qOthersHigh) label USER_RULE: ICMP]

Aug 29 04:54:59 	php: : There were error(s) loading the rules: /tmp/rules.debug:165: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [165]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"

Aug 29 04:55:08 	php: : The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit code '1', the output was '/var/etc/relayd.conf:7: syntax error no redirections, nothing to do unused protocol: dnsproto'
Aug 29 04:55:10 	check_reload_status: rc.newwanip starting ovpnc1
Aug 29 04:55:12 	check_reload_status: Updating all dyndns
Aug 29 08:55:36 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded'
Aug 29 08:55:39 	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"
Aug 29 08:55:39 	php: : There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"
Aug 29 04:55:44 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded'
Aug 29 04:55:44 	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"
Aug 29 04:55:44 	php: : There were error(s) loading the rules: /tmp/rules.debug:185: illegal dscp value EF pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [185]: match proto icmp from any to any dscp EF queue (qOthersHigh) label "USER_RULE: ICMP"

other than that i had to goto the wan interface and click save so pppoe would connect coz after upgrade it was connected but pfsense wasnt routing packets to and from the internet

xbipin

the other issue after upgrade was that i had cron package installed earlier on 2.0.1, it didnt reinstall after upgrade but due to its info present in the config, the cron link shows under services tab but when u try to configure says not found. after reinstalling it manually then it starts working

xbipin

some other issue, my openvpn client account is connected but im not able to route through it at all, under status gateway keeps saying status as pending, i guess it has some issue related to ipv6 as my isp is totally ipv4 so basically i dont use ipv6 as of now

xbipin

the issue related to openvpn client is, earlier i had 2 entries under system->routing, one for wan and other for openvpn, both dynamic IP but after the upgrade, i see an extra one for openvpn client with ipv6 although i have set ipv6 config type to non for interface configured for openvpn as well as blocked ipv6 from system->advanced->networking and to be able to route packets through this tunnel i have to edit the openvpn ipv6 entry and set it to disale monitoring then only will i be able to route through the tunnel and also the routing entry for openvpn ipv4, i have set monitoring ip but under status->gateway it keeps showing status as pending, it actually doesnt monitor

xbipin

the other issue which few others mentioned about slowness, its true and the web gui seems to work very slow compared to older versions as well as i noticed that when u issue some command through the serial console and at the same time u save or edit something on the web gui, both seem to freeze untill the web gui command has completed after which only the serial console will complete its task. im on the nanobsd on alix box

jimp

DSCP issue seems to be a bug - will need some research but I am able to replicate it here

NanoBSD slowness is a known issue, it only happens to certain CF cards, others are fast.

Not sure why OpenVPN wouldn't be routing - that wouldn't have anything to do with the gateways under System > Routing for typical VPN usage. Even if it were being used in a Gateway Group it should still get used, iirc.

The IPv6 gateway is automatic, and not hurting anything, safe to ignore.

xbipin

DSCP issue meaning that cron package or status-> gateway issue?

the openvpn created gateway keeps showing pending, even same for the ipv6 entry it creates and openvpn doesnt work due to that untill i set the ipv6 entry to disable monitoring, once done openvpn starts working but the ipv4 entry still keeps showing pending under gateway monitoring, in v2.0.1 the monitoring worked perfectly fine

xbipin

can u recommend which CF card works fast so i can get that, already have 3 but is slow on all of them

xbipin

also under status->system log->system->gateways i get a flood of this constantly

Aug 29 18:19:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:20:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:24:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:25:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:29:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:30:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:34:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:35:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:39:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:40:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:44:06 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:45:06 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:49:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:50:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:54:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 18:55:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 18:59:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:00:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:04:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:05:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:09:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:10:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:14:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:15:07 	apinger: rrdtool respawning too fast, waiting 300s.
Aug 29 19:19:07 	apinger: Error while feeding rrdtool: Broken pipe
Aug 29 19:20:07 	apinger: rrdtool respawning too fast, waiting 300s.

xbipin

also my openvpn client tunnel says this, so is there any way to disable ipv6 for openvpn client config?

Aug 29 18:42:53 	openvpn[55431]: WARNING: 'tun-ipv6' is present in local config but missing in remote config, local='tun-ipv6'