I've been trying to get this to work for a long time but just can't get HAproxy setup correctly with Ombi. Any chance you can do a step by step? Also, are you using SSL? Cheers, Zane

https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&n=1 urgent Generate debug messages only for serious errors. The pfSense devs are using "debug urgent" so it only shows debug messages for serious errors.

Probably not.  All your traffic is going to be within your switch but it depends on where you're putting these clients relative to your bridge. I don't know why you don't just create a fake WAN and LAN.  Make the WAN a bridged adapter on your LAN, and make the LAN an intnet interface.  Then put server on LAN and attacker on WAN.  Then you have pfSense acting as routing firewall between them.  You can use pfSense's Suricata package instead of needing a third system.

@johnpoz: Huh… Where did Gertjan say you should do a fresh install? A fresh install might be good idea if your on say 2.1 trying to go to 2.4 etc.. But you should never be there, you should upgrade asap after new versions are released.. 2.4.x+1 and p1 and p2, if they release, etc.. When they make a statement on if any upgrade caveats, etc.. But I had upgraded through all the 2.x to 2.4... I only went fresh install when I moved to sg4860 vs VM, etc. Sorry English is not my language so I struggle a bit. Okay If an in place upgrade is possible there is nothing better than that. Thanks.

set the desktop here to an outside source this morning earlier..    Ill play some more later this weekend. [image: time2.jpg] [image: time2.jpg_thumb]

Sure, but I said "most", not "all". Can your switches export the Netflow instead?

Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…

UPDATE: Noticed some threads describing same isssue here https://forum.pfsense.org/index.php?topic=145990.0 SYSTEM > ADVANCED > FIREWALL and NAT > Firewall Max Table Entries increased from 200000 to 500000 Will see if that fixes it.

@Pippin: @JohnSCarter: To anyone who's interested what I was referring to is called a VPN Kill switch, it disables all network traffic that's not going through the VPN to ensure 100% that all traffic is VPN'd. Not exactly. A kill switch prevents traffic going out WAN if VPN is down. What almost never comes up as a question is NTP, pfSense update servers and maybe more. Can put it in an alias, etc…... Do a tcpdump to see what is not leaving through the VPN. I can't find tcpdump within pfSense, is there a command or somthing? Also do you happen to know how I would router one OpenVPN connection through another OpenVPN connection?

For my answer I just did a forum search and Ivor definitively answered it last year. https://forum.pfsense.org/index.php?topic=138273.0

Munin doesn't make Excel sheets neither (Excel does  ;)) But it does work on pfSense.

Hi Kevin, Sorry to resurect an old post but did the System Tunables resolve your Vonage phone BLF issues? I'm having similar with some Polycom phones on a Gamme PBX system. Packet capture shows successful UDP defragmentation on one ofSense box and not on the other!? Comments would be appreciated. Tim

You are right, I move my post to "Virtualization installations and techniques" @Admins Please remove this post.

It's a Kirby Lake generation Xeon so it's pretty new and supports AES-NI. I've also understood from multiple sources that oVPN should support multithreading if multiple tunnels are used. Guess I'll have to test to find out if I can get the required throughpit. Thanks :)

@ethanh100: Hi, I am setting up my first Pfsense box and have a few questions about NICs. The system I am planning on getting (Dell Poweredge 1950 III) has dual gigabit lan. I planned on having one of these on WAN, and then getting a newtwork card for the output of the LAN. THe other mobo port would be used for the other virtualized systems on that server. Does this make sense? If I were to get a NIC however, it would most likely have 2 ports, so should I just have LAN/WAN on that one card or in the way I described previously. And if I did it the first way, would it make sense and even be possible to take both those ports and plug them into the switch, just so I have double the throughput at that point, or is that pointless? Sorry about all the questions, this is my first time building a router so I just want to make sure its right. Thanks so much! I would just use the dual NIC already on the machine, and get a manageable switch for your VLAN.

Seeing as nobody knows i eventually found the answer - if you goto Status\System Logs\Settings and look at the section titled "Log file size (Bytes)" you will see how many MB your logs are using there. There really should be a cross check here to make sure if you chose to log to memory that there will be enough available to boot.

Edonkey… Wow... People still use that??  is it 2005? ;)

@stephenw10: Are you running 2.4.3? The was an issue with mbuf leaks in that showed especially badly with the cxl driver. That has been fixed for a few versions though. Check the Status > Monitoring graphs for mbuf cluster usage. When you say 'completely locked up' does it stop responding at the console? Try pressing Ctl-T at the console if it appears non-responsive, what output does that give? Steve I have been on 2.4.2 since it was released, I upgraded to 2.4.3 after the most recent lockup. Next time it happens I will try the console and see if ctrl+T does anything. Both the web connection and console did not function when this happens, but I didnt try the ctrl+T thing so ill have to see.