Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Moving PFSense to duplicate hardware?

    Scheduled Pinned Locked Moved Hardware
    6 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rantech
      last edited by

      I have Pfsense running on a soekris 6501 box (call it Box A) and everything is working fine.  I recently purchased an identical box to keep as a backup in case anything ever happened to the first (call this Box B).

      I thought I could just unplug the SSD from Box A, plug it into Box B, then boot up Box B and everything would work exactly as it did previously in Box A, since the hardware is identical.  However, this doesn't appear to be the case.  Note: I'm fairly inexperienced with PFSense and bought identical hardware so I could just clone the SSD and keep a complete standby box available so I wouldn't have to rebuild my configuration if anything ever died - just swap in box B and keep going.  However, so far I have not cloned the drive and have just tried moving the original drive between boxes.

      When I boot up in Box B, everything seems to work fine locally, and the WAN gets an IP address from my ISP (via DHCP) but the box doesn't actually seem to have full internet access.  For example, it can't check the update status for pfsense, the dynamic DNS can't update, and the package manager can't check and report on the status of packages. Interestingly, when I run the diagnostics to ping google (8.8.8.8) - the ping works fine; However, nothing else internal to PFsense seems to be able to connect to the internet.

      When I put the SSD back into Box A and boot, everything works perfectly again.  No problems at all.

      I have looked and while the two boxes have a different NIC with different MAC addresses for the ports, the basic port names are the same EM0, etc. and PFSense is showing the correct MAC addresses on both boxes under Interface assignments (eg., EM0 (xx:xx:xx:xx:xx:01) on Box A and EM0 (xx:xx:xx:xx:xx:02) on Box B).

      Any assistance that can be provided would be greatly appreciated.  The only thing I can think to do is reset to factory default on Box B and then manually configure everything but that would take hours and would be problematic to keep current.  I'm assuming there is some simple way to resolve this problem without a factory reset but I have no idea how at this point.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Should work fine. Maybe you are not accurately describing your situation. When MAC addresses change sometimes ISP gear needs to be kicked/restarted. Sometimes the ISP has to change things.

        Maybe the other gear is somehow defective?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rantech
          last edited by

          I've done some more playing around including rebooting both the ISP modem and the Soekris box with PFSense.  I also ran the diagnostic checks listed on the "connectivity troubleshooting" page here: https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

          Current Symptoms:

          • Ping from firewall works
          • DNS lookup from firewall works
          • Ping using LAN as source address (from firewall) works
          • Dashboard is still reporting "unable to check for updates"
          • package manager is still reporting "unable to retrieve package information"

          Very interestingly, devices connected to the LAN port now seem to have full internet access.  I'm posting this update from a computer connected to the LAN port on the firewall.

          Any ideas on what would allow connected devices to work but would prevent the firewall itself from connecting the internet ?

          1 Reply Last reply Reply Quote 0
          • A
            Alup
            last edited by

            I am thinking that Derelict is probably correct on this, I have pfsense embedded on a CF card and I move it to completely different hardware all the time and never had an issue with it picking up the new hardware. In fact, This same card has been in at least 4 different devices all running different generations of hardware with no issues on any of them.

            The other possibility is that the bios settings are different on the 2 boxes. Have you checked those?

            1 Reply Last reply Reply Quote 0
            • R
              rantech
              last edited by

              I've sent an inquiry to soekris to find out if there is anything different about the new board as compared to the old board and will wait to see if they respond.

              In the meantime, any suggestions for settings I could tweak in Pfsense to fix the communication problems? The symptoms I'm reporting seem to be fairly common on this forum but I haven't yet found a posting with a solution that works.

              I'm almost at the point of restoring Pfsense to default to see if it works correctly with a factory reset.

              1 Reply Last reply Reply Quote 0
              • R
                rantech
                last edited by

                Reset Pfsense 2.3.2 p1 to factory defaults and no change in behavoir - firewall still can't check for updates etc.

                Reimaged my SSD to a copy of my install just before I upgraded from Pfsense 2.2.4 to 2.3.2 and then tried it.  The SSD worked perfectly, no problems at all !!

                Conclusion:  A number of other people on the forums reported the same symptom of "can't check for updates" after upgrading to 2.3.2 and so I'm concluding two things:

                1. Soekris has made some change to the hardware or bios for the 6501-50 board they sent me a year ago vs. the 6501-50 board they sent me last month. The two boards are not identical and this change is enough that the same SSD (with Pfsense 2.3.2 p1) works perfectly on the 1 yr old board but when plugged into the new board does not work properly.

                2. This is likely a glitch/bug with Pfsense 2.3.2 since I can't see why it should not work with hardware that worked perfectly with version 2.2.4.

                If anyone wants to try and track down the glitch I'm happy to provide whatever information I can as this might be an excellent opportunity to try and figure out what the issue in 2.3.2 is.  I'm using the exact same SSD and have two boards that are supposed to be identical, but obviously must have some minor difference, which should point to exactly where the glitch is and how to resolve it ?

                Regards

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.