Alix Nano 1.2.3 IPSec Service stopped on cold boot
-
I've been installing and running full version 1.2.3 boxes with atom processors for about a year and a half. Last week I ordered my first Alix board and loaded nano 1.2.3 release. I tested it in the lab for a week. Everything looked to be working great until I was just about to pack it up/ship it out and I tested something. Cold boots. Pulled the power plug on the board, powered it back up, waited until console shows everything is up. I find that IPSec service is stopped! I can either, manually start it, or do a restart (warm boot) and service comes right up. I found that if I pull power plug 9 times out of 10 ipsec service won't start automatically. I even disabled the one and only tunnel (leaving the IPsec service enabled) and it still exhibits the same behavior so that eliminates (in my mind) a tunnel misconfiguration (when you bring up the tunnel it's rock solid but just in case I disabled it.) I've tried things for hours and nothing helps. One other issue that occurs when you hard boot…WAN GUI access (management) also won't work 9 out of 10 times. Restart and that works again also. Everything else works great everytime...Internet access 100% perfect every hard boot. LAN GUI access also works everytime. The only package installed is blinkled. Could it be the board itself? The CF Card? (This is the model http://www.newegg.com/Product/Product.aspx?Item=N82E16820208338) Is there a way I can see a log of where it tries to start IPsec? The Ipsec log won't show anything UNTIL it starts the service. The general log doesn't show anything significant. I upgraded this board out of the box straight to 0.99j BIOS. I wish now I would have left it alone as it had 0.99h and that seems to be what everyone is running.
I love pfSense and love this idea of these Alix boards and have read the success others have had. I really hope I can solve this!
-
Well it's not the CF card. I switched to a Sandisk Ultra II. It's also not the configuration, as I have reinstalled it with ONLY the tunnel configured and no packages.
I did figure out that if the WAN port is set to a static IP it works every single cold boot. Obviously this won't work for me as I'm installing a couple of these, one with a cable provider and the other with DSL and both are dynamic. So it seems it is a timing issue, ipsec gets ahead of the cart so to speak, before the WAN has it's IP. Can someone help me with that?
-
Well it must be a problem with the 6E1 boards and 1.2.3 because I got 5 new boards in today and tried them. They had 0.99h BIOS and IPSec failed to start just as the original board from cold boot.
2.0RC3 does not have this problem so I have decided to abandon 1.2.3 with my Alix boards (at least until I find that another model works) and just run 2.0.