I am using ESXi 5.5 with VMXNET3 adapters.
Turning adapters on of off worked good with version 2.1.x

I use this function to identify the correct (ESXi virtual) adapter within pfSense.

Maybe this also helps:
When I install pfSense there is an page where you could "auto detected" the NIC's, this is also not working! :o

@Rewt0r:

Not sure what has broken it but if it's in the Dev build it will soon be rolled out to the standard version, hence my post here.

You're reporting it to the wrong place if that's the case. What we have works in every stable Chrome version ever released, Opera, Safari, Firefox, and IE. If it's broken in Chrome dev it's something Google needs to fix.

The key part there seems to be "Too many open files in system". What has a slew of files open is the question. Check output of 'fstat' for what all is open.

From a new pfSense user, many thanks for this theme it's more acceptable to my eyes than the inbuilt themes. Well done. :)

Oh man! Thank you guys! I have OpenVPN set to port 443/tcp, so no wonder the web configurator cannot bind to that port if it's too slow.

So yes, I will bind the web configurator to a different port then. Thanks!

/conf/config.xml

Here's how I'm doing it…

services->reverse proxy

general/web servers tab should be straightforward.  Jump in at mappings tab - you can create a mapping group like this:

.sub1.domain.com.$
.sub2.domain.com.$
.sub3.domain.com.$
.domain.com/URI1.$
.domain.com/URI2.$
.domain.com/URI3.$
.domain.com.*$

I've also had success playing with the Redirects tab rules, but that's been really unreliable.  I'll change something completely unrelated and the rules on that tab break.

anyway once you're passed to the apache server on your internal network, you can do yet more with redirects and RewriteRules.

Will this be fixed or?

I am running Supermicro server with no vlans. 2.1.5 - very annoying :)

@jcpolo:

Is there such a feature as to monitor services on pfsense? That way if a service died it would fire off a notification?

That is different than this original topic.

The Service Watchdog package can monitor services and restart them if they are down/crash, and it can send a notification if that happens.

The lack of redirection is a security measure.

If you must keep a browser open like that, either increase the session timeout (System > User Manager, Settings tab) or configure your browser (or an add-on) to refresh the page periodically to keep the session active. But those also lessen security, of course.

@spillemw:

My pfSense file system is read-only.  When I ssh to the machine and select shell, I am in the root directory, but obviously not a root user.  Note that I bought a Stonegate firewall with pfSense 2.1.5 pre-installed.
I am new to pfSense but not new to ubuntu.
Any suggestion?

–-------------------------

Update that may help other people : the file system was read-only so I had to remount it in the shell with rw enabled.  Then I could get the new them and apply it.
Do not forget to reboot the machine afterwards so that the ro is in place again for added security.

I have no idea what your post has to do with widescreen patch. But:

pfSense is built on top of FreeBSD (not Ubuntu) It is all configured from the webGUI - so do not use the shell to change anything unless you know what and why you are changing it. "disk" can be switched between ro and rw and back with:
/etc/rc.conf_mount_rw
/etc/rc.conf_mount_ro
No need to find the right mount commands yourself, no need to reboot to put it back.
Diagnostics->nanoBSD also has a button to switch to RW then switch back to RO.

Just found this thread. Sorry for the double post!

Ok, I'm sorry about this stupid question.
I find  the line in :

/etc/inc/system.inc: $lighty_config

I have a better result now :

Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA

Prefered Server Cipher(s):
    TLSv1  256 bits  ECDHE-RSA-AES256-SHA

Thanks to reader !
Best regards.

I'm always thrilled to see quick turnarounds on bugs  ;D

Thanks, will test it soon(ish), as work permits.

Hi

Do you mind posting the working around you found?

Thanks.

Factory default will give you WAN and LAN.
Then login to web interface 192.168.1.1 from LAN, Interfaces->Assign, make OPT1, OPT2 on the required hardware ports.
Enable them in Interfaces->OPT1, OPT2 and give them IP addresses in other subnets.
Then you have to add firewall rules to each interface to allow whatever traffic you wish to come in from those interfaces.

Not sure what you mean/require when you say "ideally i'd like to have the OPT ports as backup" - they will have different subnets to LAN.

I use startssl for my pfSense certs.  The root is trusted by all major browsers.  I import the Class 1 intermediate cert into CAs and the issued certificate in Certificates then tell webConfigurator to use the issued cert.  It all just works.

I would delete what you have done then reinstall the end certificate pasting in JUST the issued cert, no CAs.

pfSense should automatically see that it was issued by the intermediate and see that the intermediate was issued by the root.

You should also be able to safely delete the root cert from pfSense.  If that is trusted by the end browser it's already and there's no reason to have it on pfSense.

Suricata should not be the cause of the error.  The file with the foreach() error is not a Suricata file.  It is a pfSense system file.  The error is happening in the section of code where the firewall is attempting to iterate over the configured firewall interfaces.

Have you made any other changes to the firewalls or to the host you are connecting from?

Bill

LDAP only supports password authentication.

Here's one two-factor solution that does:

https://www.duosecurity.com/docs/ldap

I've been using a free account to add two-factor to pfSense OpenVPN using RADIUS for a while now.  Works great.  Can't imagine LDAP would be any different.