Recently having issues with my IPSec tunnels to my AWS VPC created with the "AWS VPC VPN Wizard", I opened a ticket with AWS support. I ended up sharing my IPSec settings and logs with AWS VPN support. They wrote me back an informed me that the IPSec tunnels were not configured correctly! AWS said that both tunnels were not supposed to be active at the same time, and their logs and my logs showed that traffic was traveling across both tunnels. They said that only one tunnel was supposed to be active and have traffic routed over it, and the second tunnel was only to be a standby to be used if the first tunnel was down or not passing traffic. I have opened a ticket with NetGate (the current developer of pfSense who offers commercial support), to investigate these issues. I'll post back the results of their findings here.

I had to add pass rules in opt1, traffic was blocked by default.

Reinstall resolved issue.  I think I shut it down improperly once during initial install.

When looking at the possible deploying of dozens of units I am factoring in the potential savings of going opensource.  Zen..,etc I also use on hyper-v on 5 dedicated servers in OVH including hyper v replication. Though I just deployed hyperv 2016 and having issues with latest pfsense image.

@linuxjunkie: Hi I have pfSense 2.3.3-1 AMD64 running on VMWARE ESX 5.5u3. It is installed according to this KB https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi The firewall performs great but the vmware console stops responding to input after about 2 minutes of inactivity. The https interface works fine and so does SSH access into the firewall. Just the virtual console in vmware is impacted. The only way I can get back to the virtual console is to reboot the firewall which is a bit of a pain. Any ideas? Does this issue impact any other VMs on the same host?  I'm running pfSense 2.3.x on several ESXi hosts, from ESXi 6.5 down to ESXi 5.0 and have never seen this.

Have you tried with different drivers versions for physical nic that you are using for Wan? IE the driver in the host operating system? In worst case it might even be worth to try another nic (If it doesn't do anything else it will rule out the nic as the cause)

are you on W10 pro or better? if so you got hyper-v available and in my eyes it's better for this jobb

Well.. I've found the problem, and boy do I feel stupid!  :-[ Turns out I hadn't allocated enough RAM to my Dom0. Whenever I launched the pfSense HVM, the Dom0 would run out of RAM and crash xl. Changed the allocation on the boot line from 256M to 2G, and it works beautifully.  8)

Thank you very much for the reply Migrating to 2012 R2 is not a valid option for me right now. I will continue searching for something or waiting for an update of the FreeBSD kernel in which pfSense runs  :-\

Does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?? If so then its rfc1918..  Ie private IPs If it starts with pretty much anything else its public ;) See my wan is a public IP..  If you look up 24.13 its owned by comcast.. http://lmgtfy.com/?q=rfc1918 [image: wanpublic.png] [image: wanpublic.png_thumb]

I made some tests with Iperf and at first seems to be like gbit nic. Thanks for your help JorgeOliveira! :D

AWS has a Netgate official AMI.

"pfSense is currently based on FreeBSD 8.x." Huh??  That is OLD pfsense 2.3.3p1 is current running on freebsd 10.3-RELEASE-p17 https://www.freebsd.org/doc/handbook/disks-growing.html Simple enough to test this..  But since this is a VM.. Why don't you just fire up a new vm.. With the correct sized disk and partitions, etc.  Then restore your config to it..

I have the same configuration. Dual nic, both connected to virtual switches. The nic connected to the virtual lan switch is connected to a physical switch. The nic connected to the virtual wan switch is connected to a bridged port on the modem. The management interface for the hyper-v server is connected to the virtual lan switch.