Questions about migrating pfSense to a new server

bimmerdriver

I'm in the process of migrating pfSense from one hyper-v server running windows server 2019 to another server running windows server 2022. I have one VM running 2.7.0 release for my "production" network and another vm running the development version for testing. The client of this system is another VM running Windows 10. There is an intel I350 NIC for the WAN, which is connected to the bridged port of the ISP router, which is connected to an ONT. Inside the hyper-v server, there is a WAN virtual switch and both pfSense VMs are connected to that virtual switch. The LAN interface of the production system is connected to another I350 NIC. The LAN interface of the test system is connected to a virtual switch. I've had this configuration running with no problems for several years. The server is tired, so I got another server.

I saved a back up of each of the pfSense VMs, then did fresh installations of pfSense on the new server using the restored backups. The VMs all have unique MACs. I had the new production pfSense and the new test pfSense running and working fine. They were all getting prefixes and there were no obvious problems. The new server also has a dual port I350. Initially, the LAN is disconnected and there is only a VM running Windows 10 for testing.

Based on both systems working, my impression was that it's an acceptable practice to duplicate the configuration by restoring a backup. However, I had to reboot the new server and after I did this, I was noticing that the DHCPv6 gateways of the pfSenses on the new server were not starting. I looked in the logs and there were a bunch of messages about duplicate address detection. I noticed that the MACs were still set to dynamic, so I checked them all to be unique and saved them as static. This did not change anything. I also was careful to use the same network adapter settings on the new server as are on the existing server.

So now I'm wondering if there is possibly something in the restored backup that is causing there to be duplicated addresses. Perhaps a DUID? I'm not clear exactly what is included in the backup.

stephenw10

What exactly is reported as duplicate?

Is it the dhcpv6 servers that are not starting?

jimp

IPv6/DHCPv6 is governed by DUID/IAID and NOT by MAC address.

You can store a unique DUID in config.xml, if it's not present, it attempts to read the DUID from /var/dhcp6c_duid.

• https://github.com/pfsense/pfsense/blob/master/src/etc/inc/interfaces.inc#L4749
• https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.inc#L3418

If you cloned the drive you can rm that file and reboot, or override it with a unique DUID in the GUI.

You'd have similar problems cloning Windows or Linux installs these days.

bimmerdriver

@jimp I'm pretty sure at this point that the problem was caused by the MACs changing. Since I set the MACs to static and the problem has not reoccurred.