PfSense 2.1 Installation



  • Hi everyone,

    I'm going to install pfsense release 2.1 on a new machine cause my old pfSense firewall (release 1.2.3) has definitely crashed.

    Two questions:

    • May I import 1.2.3 settings in 2.1 version?

    • If the answer is yes every single feature is maintained (e.g. OpenVPN with certificates)?

    Thanks in advance.

    Enrico


  • Netgate Administrator

    Yes.
    Should be.  ;)

    Have a read through the upgrade guide for any gotchas that might apply to your situation.
    https://doc.pfsense.org/index.php/Upgrade_Guide

    Steve



  • Hi guys,

    installing 2.1 and importing 1.2.3 settings it's a great mess. NAT rules are broken, VPN certificates disappeared…. but the main issue is that every time I reboot pfsense the machine looses interface configuration.

    Please any advices?

    Thanks.

    Enrico


  • Netgate Administrator

    More information please.  :)

    What install type are you using? What hardware are you running? Packages?

    Steve



  • Thank you Steve,

    I installed through LiveCD 2.1 I checked right now pkg_info.txt on the CD and the installer is bsdinstaller-2.0.2013.0911.

    Maybe I did something wrong during setup?



  • Steve, I just rebooted and I disovered this error:

    Fatal Error: Allowed memory size  bytes exhausted (tried to allocate xxxxxxxxxx bytes) in /etc/inc/pfsense-utils.inc on line xxxxx

    I have 4gb onboard.

    Have I to do some changes?



  • That sounds like some dodgy calculation of the size needed to convert something (maybe RRD data or?).
    Let us see the numbers you xxxx'd out - particularly the line number in pfsense-utils.inc - that is not anything confidential and will allow us (or you) to go straight to the relevant line in GitHub - https://github.com/pfsense/pfsense/blob/RELENG_2_1_0/etc/inc/pfsense-utils.inc



  • Sure Phil.

    tried to allocate 134217728 bytes
    line 2207

    I just had a look in my xml. The only code about RRD is this one:

    <rrd><enable></enable></rrd>

    Thank you very much for your support.



  • The magic line is:

    xml_parse_into_struct($parser, trim($contents), $xml_values);
    

    I have a feeling this is related to restoring a 1.2.3 config but having some RRD data that was generated already on that box during its initial boot. Even if it is a small amount, I think it is in a newer format. The 1.2.3 config restore will then try to up-convert the RRD data (that it thinks has also come from 1.2.3) and it explodes the memory available to PHP.

    You could try:

    1. Get 2.1 going again - default system and login
    2. Status->RRD Graphs - uncheck "Enable…" and Save.
    3. Click "Reset RRD Data" (hopefully deletes the files in /var/db/rrd - if not, then delete them yourself from console)
    4. Restore your 1.2.3 config and let it reboot

    Then it should up-convert your config but not find any RRD data to mess it up.



  • Phil you did a great job!

    I did step 1-2-3 and rebooted and now it works like a charm!

    Tomorroy I'm gonna check if NAT rules and VPN config are ok but IP mapping it's the most important thing to bring up.

    Thank you so much I'll give you some updates Tomorrow.

    Enrico



  • Hi Phil almost everything is fine. NAT are ok and VPN seems perfect.

    If I disable and re-enable WAN pfsense alerts me with a IPv4 conflict. "This IPv4 address is being used by another interface or VIP."

    I have a VIP that's my default LAN out but if I delete it nothing happens.

    What d'you think?

    Thanks.

    Enrico


  • Netgate Administrator

    Is your WAN address a public IP or are you behind another router?
    When you diasable/re-enable WAN does it come back with the same address?
    Why/how are you disabling WAN?

    Steve



  • I Steve,

    I revert my config and now I'm ok. I don't wanna investigate further.

    My WAN address is public and I'm behind another router with another public ip address. During this period of crash I asked to my provider to change the configuration of their router to act like a "firewall". Now I'm going back hoping that my brand new machin will work like the old one…

    config seems perfectly ok... cross your fingers....

    I hope not to bother you anymore but sound possible....

    Thank you very much for your support.

    Enrico


Log in to reply