Problems upgrading from 1.2.3 to…
Hi all! Very happy pfSense fan here, and most of my offices are up-to-date, but I've got that one installation…
Hardware is: AMD AthlonX2 64bit (new at time of installation!), 2GB RAM, 80GB hard disk; Broadcom Gigabit NIC (sk0); dual-port Intel 10/100 server NIC (fxp0, fxp1).
The office has two WAN connections - DSL on fxp0, cable on fxp1; failover & load balancing between the two.
The office connects to a hosted line-of-business app via a static IPSec tunnel on fxp0*; the remote subnet (10.1.100.x) is reachable from the LAN subnet. There's a "road-warrior" OpenVPN server bridged with the LAN subnet so that remote VPN clients can reach machines on the 10.1.100.x subnet.
I've tried twice now to upgrade from 1.2.3(Release) to 2.0.1, and now to 2.1.1; both times - after wrestling with it all night - I've restored my backup and put it back the way it was so the office can work; as a result, I can't currently show logs/screenshots - so this question is more "what should I try next time?"
Right now, it's back on 1.2.3 and working; I really do want to get it up-to-date, though.
After the upgrade:
- I have to restart WebConfigurator from the console before I can connect, and even then I have to give my PC a static IP (no DHCP)
- once I sign into WebConfigurator, the usual services (dhcp, dnsmasq, arpinger, openvpn, etc.) aren't started - however, I can click to start all except openvpn
- After I start the services, DHCP and (local) DNS do seem to work
- From WebConfigurator,
I can ping:
Internet hosts (e.g. 22.214.171.124 ) via DSL (fxp0)
Hosts on the 10.1.100.x subnet via LAN
I can't ping via cable (fxp1) at all.
- From a PC on the LAN subnet,
I can ping:
other hosts on the LAN;
the LAN, DSL and cable interfaces of the pfSense box;
I can't ping:
hosts on the Internet;
hosts on the 10.1.100.x subnet
I won't try to list everything I tried (up to and including deleting all gateways, routes, and rules and adding them back one at a time), but eventually I said "to Hell with it" and selected "Reset to factory defaults" from the console, then added back the interfaces (I figured I'd save the VPN stuff for later). After doing that - and adding a default Pass rule - I STILL couldn't ping the Internet from the LAN. At that point I re-installed 1.2.3, restored my backup, and went home.
- Am I out of luck as far as an upgrade is concerned (i.e. do I need to install 2.1x from scratch and then try to get Multi-WAN, IPSec, OpenVPN bridging etc. working again)?
- Could there simply be a compatibility issue with my aging hardware?
- Any thoughts or suggestions?
*I would LOVE to have failover/load-balancing for the IPSec tunnel too, but the hosting company doesn't support it.