This is great stuff. 'pfSense HQ' seems to have an excess of tote bins.  :) Steve

I just think pfsense is ace! Got no real massive complaints about it at all! I just really need to start getting more experimental like the good person that said I needed to add a rc.d script to check on if Snort was not running run it, but using the great service (I think Squid Guard is), I have not had one single bit of malware accidentally run like that annoying system cleaner is it on the web, that instantly causes havok with Windows and many more have never infected my computer. With my easy to configure wifi access point (which in the end was easier than I imagined to setup), I now have a flat thats fully capable of using wifi for my tablet and android phone! LOVE PFSENSE END OF! I decided to turn a feature off on one of the network cards or sorry pfsense's appreciation of it I think it was (so to avoid this) using interrupts, for some reason I don't think's supported on my cards, weird yea? Because the router kept crashing and creating loads of crash dumps ugh annoying, turned that feature back on and now is stable, I was gutted at the time I thought my routers (because it's an ancient machine, I mean going back to 1999ish date when this computer was made, maybe slightly earlier, I don't know) hardware was failing ugh! Oh well fixed that with a bit of power of knowing what I had done prior to these errors happening, I was sure though I had that sorted before, oh well probs didn't if its all working fine for me now, I just wanted to see if I'd speed up the network traffic but to be honest even when it didn't reboot/crash at the times between them, no increase in performance really, I think that's when you have allot of people demanding things off the router and it's just me on my network.

Cheers Steve for the response. Yes you are correct in basically making 2 switches out of 1. I've just finished my cable run job today..well more like cable tidying so am glad I thought of my vlan option. Thanks again.

3rd that! Wicked product!

I prefer virtual! Best setup in my opinion!

I had an email exchange with the developer and I pointed out that while the raw SMP-pf performance stats are indeed very impressive, unless FreeBSD-pf will be aimed at big ISPs seeking to maximize performance, other users of pf could also benefit from features in post-OpenBSD4.7 pf like flexible nat, divert sockets, prio (or dummynet) integration, pflow. One area where pf lags behind Linux's netfilter/iptables (http://www.netfilter.org/), is the multitude of modules that significantly enrich the latter's functionality, and perhaps divert sockets can help close that gap.

Actually BSD-based systems are descendents of UNIX and not really "UNIX-like" the same way that Linux is, but in general that is correct. BSD systems evolved from older/existing UNIX code, whereas Linux was coded to be "like" UNIX from the start. Po-tay-to, po-tah-to, six of one half a dozen of the other, etc. :-) There's a Wikipedia doc explaining all the nuances of the term for the curious. As for the passwd accounts, root and admin are tied together by us. The toor account is locked out by default can't be used, though it does exist we don't make use of it. Like many of the other accounts in that list, there are reasons in the underlying OS that they remain there. Various bits of FreeBSD docs would cover that part.

http://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems ;) Steve

first i tried with FreeBSD 8.1 got same error then now trying in  FreeBSD 8.3 .For pfsense version I've selected  first form ./menu.sh RELENG_2_0 FreeBSD 8.1 + RELENG_2_0 It succeded but at point ./build_iso.sh it got stuck. I've read on forums that RELENG_2_1 should work so tried Option RELENG_2_1 FreeBSD 8.3 + RELENG_2_1  from ./menu.sh in both FreeBSD 8.1 and 8.3 but same occurred at time of build_iso.sh as it goes into loop that libtool is already built on this run .skipping same for gettext,pkgconf,gmake etc…  (in between it builds some packages like perl,cpustatus ,libevent etc..and some of failed to build like p5-Locale-gettext,automake,help2man ..) may be should i wait to finish?how long?Ia m doing this in virtual box .could that be an issue?So i can arrange separate machine for that. can you advice which version of FreeBSD and which version of pfsense are stable and can be used to build? Thanks in advance.

There have been IPsec+L2TP patches around for a long time, the problem is they require allowing anonymous PSKs, which is a bit of a security risk. I haven't looked at this guy's code yet though, for some reason the list archive isn't loading for me right now.

thank you very much..that would really help..

I am not sure what you are trying to do.  I realize from reading your post that English is probably not your first language so what you said is not very clear, but let me try to anticipate what you're asking. I think that you have some computers that are allowed access to the Internet through a pfSense firewall based on their static IP address.  The problem you are having is when you move a computer to a branch office they no longer can use that static IP and therefore lose access to the Internet. I don't know how your network is set up, but let me just say here how useful DHCP is.  You can use DHCP to assign a reserved IP address to a particular MAC address.  This means that a computer will always have a known IP address every time it connects to the network.  At your main office, it might be 192.168.1.200.  At a branch office, it might be 192.168.2.200.  You just assign a reservation at the DHCP server for each office for that particular MAC address.  Then in the firewall you allow all the IPs that are reserved for that computer and MAC address access to the internet. If this doesn't help, I hope at least it has given you a good idea or two!  Good luck.

@pf2.0nyc: The problem with the older stuff is it's SATA 1 or 2 at best and the power consumption is crazy. I go in on drives with a friend and we buy in BULK so my price is closer to $100 per drive… maybe a slight bit more but we buy a lot of these drives. That's my real challenge, it needs to be SATA2 or ideally 3 so the older stuff is out. <$400 is a goal... <$500 is not terrible... You know how these things go, set a target price and before long you are at $1000 a box. I just need something cheap and easy. The HP DC7700's are SATA 2.  Also, being Core 2 Duo, their power consumption is pretty decent, actually, probably about 60 watts at 10-40% cpu with 2 standard hard drives. For new stuff, maybe look at cheap Home Theater PC setups: http://www.newegg.com/Product/Product.aspx?Item=N82E16856115047 "Mini" system with full height PCI Express for $165 (after shipping) http://www.newegg.com/Product/Product.aspx?Item=N82E16819116410 Celeron G440 for $40 (free shipping, also you can go to Dual Core Celeron for $10 more) http://www.newegg.com/Product/Product.aspx?Item=N82E16820313102 4GB DDR3 for $22 (more free shipping, double it if you want 8GB, it's got 4 slots.) $230 after shipping for the bulk machine, if hard drives are $100 each, that's $430 total.

No problem.  :) Steve