Regardless of the GUI, I tried it. I like OpenBSD leanness and I gave Halon a try. Installed it, found updated version, made firmware upgrade and found out that my 'Free' subscription had automagically expired. Did'nt manage to find out how to renew. Could not get the darn thing work either, after it. After 15min of trying - gave up on it. If you wanted anything besides basic firewall/routing you needed to pay. Including for VLANs it would be cheaper to install OpenBSD itself and use it's pf accordingly. No nice GUI though

What KOM is saying is that there is nothing wrong with squid as part of squidguard.  Just make your cache smaller.  Alot smaller.  Not more than about 25GB.  Honestly it doesn't even need to be that big. Pfsense will work very well for you and can do so usually with a relatively small SSD.  Disk speed is your friend. But yeah.  You could run pfsense on 2 cores for your needs. I do suggest pfsense though.  Its much nicer and feature rich than pretty much everything else.

@Harvy66: 2.1.5 is the newest version, not 2.1.3. Can you create a basic graph of your network, and what technology you are using for your links? They hardware your PFSense is running on could also be useful. Hi Harvy , Thanks for your reply Here is the below Hardware Details of the pfsense server Vendor: Dell Inc.         Version: 6.3.0         Release Date: 07/24/2012         Address: 0xF0000         Runtime Size: 64 kB         ROM Size: 4096 kB         Characteristics:                 ISA is supported                 PCI is supported                 PNP is supported                 BIOS is upgradeable                 BIOS shadowing is allowed                 Boot from CD is supported                 Selectable boot is supported                 EDD is supported                 Japanese floppy for Toshiba 1.2 MB is supported (int 13h)                 5.25"/360 kB floppy services are supported (int 13h)                 5.25"/1.2 MB floppy services are supported (int 13h)                 3.5"/720 kB floppy services are supported (int 13h)                 8042 keyboard services are supported (int 9h)                 Serial services are supported (int 14h)                 CGA/mono video services are supported (int 10h)                 ACPI is supported                 USB legacy is supported                 BIOS boot specification is supported                 Function key-initiated network boot is supported                 Targeted content distribution is supported         BIOS Revision: 6.3 Handle 0x0D00, DMI type 13, 22 bytes BIOS Language Information         Language Description Format: Long         Installable Languages: 1                 en|US|iso8859-1         Currently Installed Language: en|US|iso8859-1 Handle 0x0800, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: DB-15 female         Port Type: Video Port Handle 0x0801, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: DB-15 female         Port Type: Video Port Handle 0x0802, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: Access Bus (USB)         Port Type: USB Handle 0x0803, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: Access Bus (USB)         Port Type: USB Handle 0x0808, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: Access Bus (USB)         Port Type: USB Handle 0x0809, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: Access Bus (USB)         Port Type: USB Handle 0x080A, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: INT_USB         Internal Connector Type: Access Bus (USB)         External Reference Designator: Not Specified         External Connector Type: None         Port Type: USB Handle 0x080B, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: INT_SD         Internal Connector Type: Other         External Reference Designator: Not Specified         External Connector Type: None         Port Type: USB Handle 0x080E, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: RJ-45         Port Type: Network Port Handle 0x080F, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: RJ-45         Port Type: Network Port Handle 0x0810, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: RJ-45         Port Type: Network Port Handle 0x0811, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: RJ-45         Port Type: Network Port Handle 0x0812, DMI type 8, 9 bytes Port Connector Information         Internal Reference Designator: Not Specified         Internal Connector Type: None         External Reference Designator: Not Specified         External Connector Type: DB-9 male         Port Type: Serial Port 16550A Compatible and here is the basic graph of the network https://www.dropbox.com/s/hjpx0buc7nwhh1p/Nework.JPG?dl=0

Thanks. Tried freeradius2 package by deleting it and installing it again. The patched bash binary is deployed on both i386 and amd64 platforms.

You would get better responses if you posted this in the Traffic Shaping forum… To see if your shaper is working, look at Status - Queues.  Traffic shaper uses floating rules to direct specific traffic into particular queue.  For example, if you have VoIP phones and use the Traffic Shaping wizard to handle VoIP, then make a phone call and see if qVoIP starts getting traffic.

I Think that line make error on web like this: The following error was encountered while trying to retrieve the URL: /     Invalid URL Some aspect of the requested URL is incorrect. Some possible problems are:     Missing or incorrect access protocol (should be "http://" or similar)     Missing hostname     Illegal double-escape in the URL-Path     Illegal character in hostname; underscores are not allowed. Your cache administrator

same here when I enable "LDAP Option" in General Settings all web sites open to all users , I make All deny in common page and create rule in Groups ACL to apply filter on Domain Groups with no luck I have Domain 2012 pfs 2.1.5 x64 Squid 2.7.9 SquidGuard  1.4_4 can any one help ?

I was following along on that page that day but didn't post anything. Sometimes I do if I catch the thread in time. It was mostly positive, aside from some complaints about our hardware prices (sure they're higher than they expect, but they include support and help fund the project)

Solved! Hey thanks Derelict.  :) :)

@stephenw10: I think this has already been discussed (in the thread even) but the advantages of using a VPS are that you can run whatever you want on it, so any VPN type you like, and that you will get an IP that's unlikely to be blacklisted as a VPN endpoint. I hadn't really ever considered security (or lack of) between virtual machines to be an issue. From a privacy/logging point of view is there much difference between a VPS and dedicated hardware? Currently I run neither but have often considered it. Srece I'd be more inclined to log the VPSs instead of the dedicated servers to be honest. In general VPSs attract more abusers than dedicated servers, in my experience, which considering an abuse report will come in, you need something to troubleshoot it with. YMMV

@jimp: They must have added/changed something on the VPC side, since I've never seen one be that easy. they didn't, but we did (in 2.1.5)  8)

It looks like I have this issue, I have the Win7 synchronize every 24 hrs with the 2.1.4 Pfsense ntp server, but after one or 2 days, I get a 30 sec difference. I switch the Win7 to the same external NTP server pfsense use, time was the same, now I  will see in a few days if the clock loose sync.

Hmm, yes more info needed. Do you mean using the same interface? Using two interfaces, WAN and LAN, to do that is how pfSense works normally. Set WAN to type 'DHCP' and it will receive an IP on that interface. The LAN runs a DHCP server as standard in the 192.168.1.1/24 subnet. Steve

A shot in the dark.. but did you install expect? Also invoke it as the shell you are using in the script? (have the #!/usr/bin/expect at the top of the script) If both of those are answered with yes, would you mind posting a) the version of pfsense b) the script you are trying to run c) expect version ? Thankie. :D

Have a look at schneier.com, iirc the bottom line was: NoScript kills it…

To add some more info… I was able to reproduce this on a second instance of pfSense 2.1.4-release.  I'm unable to reproduce the problem in two different instances of pfSense 2.1.2-release.  I enabled logging in the web server that handles the tests from the load balancer - I see them all and no errors. This is starting to feel like a pfSense issue... Thanks, Steve

@PokerMunkee: I've been using the ENDIAN Community firewall for the last 5 years.  Due to lack of development, I need to move forward with something else.  pfSense is my #1 choice and I'm just now diving into it. I'm used to DansGuardian and being able to have profiles for different filter configs.  I can have a "Receptionist" profile that either uses MAC/IPs and applies a whitelist of URLs that are allowed.  Then I have a "Main" profile that all other computers fall under and I filter out porn, etc. I have about 100 users. Which packages should I be using that allow me to setup different profiles?  I'd also like to add HAVP for anti-virus. I installed the squid package but don't see where to do the profiles. Just need some direction, as this is a bit overwhelming for me at the moment. hi there… try to watch this youtube video.. http://youtu.be/ybzQk-VZeac I think it could help you about the "content filtering" the video is about installing SQUID and SQUIDGUARD official package of pfSense.. then configure it to filter web browsing, block pornsites or any category that is on the blacklist database, also blocking downloads... in the later part, it show how to exclude/exempt some PC or IPs on your network... hope thats what you need..somehow.. :)

It is disturbing, but not "late breaking news". See: https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe It's one thing, letting another have physical access to your device…  With something like the "Rubber Ducky", you might never guess what's happening. It's quite another, to be the unwitting agent of the undoing of your own security schema. I would hope there would e a way to countermand such malicious firmware, and re-flash. Yes, also, a few years ago, I bought a Sandisk U3 Cruzer flashdrive.  I didn't like what I found!: http://www.google.com/search?lr=lang_en&hl=en&q=U3+AND+Sandisk+AND+evil On Ubuntu Linux, I found package: u3-tool @u3-tool: tool for controlling the special features of a U3 USB flash disk Tool for controlling USB flash devices that conform to the U3 specifications. You can do the following with your U3 flash: Replace the CD image Change the size of the virtual CD or completely remove it Enable and disable security Unlock and change the password of secured U3 device Obtain various device information I believe I still have the demon seed, and need to run it through the u3-tool grinder. http://packages.ubuntu.com/search?keywords=u3-tool Here, see how THESE grab ya!!! http://en.wikipedia.org/wiki/Splashtop_Remote  http://en.wikipedia.org/wiki/Splashtop I bought a used Dell XPS series desktop, without a hard drive.  On the top of the tower case, is an LCD screen, that had a game of MS Windows "Solitare" going.  Disabling the device in B.I.O.S. did NOT always mean this evil was vanquished and exorcised, not for EVERY boot.  I found where the ribbon cable header WAS attached to the motherboard, but I'm still not confident.  I also pulled the WiFi card & Bluetooth, because neither could be effectively and consistently managed, or killed/downed via software. Maybe I'll convert to using a "Hipster PDA" ;) [image: 240px-Hipster_PDA.jpg] https://en.wikipedia.org/wiki/Hipster_PDA