I'm not aware of anything other than dpinger, but you can specify the IP that it pings to check connectivity.  While generally pinging the gateway makes the most sense, if it's not reliable you can use something else.  For example, you could ping one of Google's DNS servers live 8.8.8.8.

yeah, that is the process i was trying to automate on my switch. Apparently some have had success with simply setting pfSense WAN to DHCP and then you don't have to run through the process every 14 days. Honestly though, I agree. All of the options sound really hacky and reliable. Everything goes out the window if the connection resets for any reason and I'm not home to fix it. If I don't hear of something more reliable I'll probably just run the gateway in their crappy pseudo-bridge mode.

0/ You don't need sshd enabled to copy files via SCP/SFTP. 1/ Windows does not support the above natively.

There you go…  :) I suspect it's something to do with the ip profile in the DSLAM that get's updated when the session is re-started.

Nothing fancy… it's 2.4.0RC as shipped. The firewall has now reset itself and is back online. There's nothing useful in dmesg or system.log. Only package installed is AutoConfigBackup. I'll try digging more with ps next time it happens. I might try rigging up monit to do it for me. I was hoping there would at least be some pfsense-related reason for dc having been called… now I'm somewhat unsettled. Thanks, everyone…

Thanks, Jim. My install has been upgraded many times since 2.1.x, and I've got a tunnel defined but disabled.  We don't use IPSec at all and never have.  I thought it was there by default, but most likely I created it while playing years ago and forgot about it.  Why I would disable it instead of deleting it is a mystery.

So I will agree that its clunky.. The only thing it has going for it is cheap, and it can handle my new 500/50 at speed. I am running the latest 4.4.8 code.. But I have left my pfsense vm running to handle dhcp and resolver - those features in the usg are pretty bare.. And no resolver at all.  Just forwarder mode. So good luck running your own dns on it, etc. And your correct anything like openvpn or HE tunnel has to be done at the cli - which wouldn't be the end of the world.  But if controller does a re provision seems that all gets wiped.. If your a simple home user with 1 network and no need for vpn or tunnel (it doesn't seem to do any ipv6 on its own) might be a good thing.  But from the day I have had to play with it seems more a toy than the mature very feature rich easy to use pfsense.. The dpi stuff looks interesting, but that seems to be the only thing its got going for it.  And with pfsense you could just install ntopng and get all that kind of info as well, etc. But again thanks for your thoughts and appreciated your willingness to test its top limit, etc.  Prob going to have to live with it till nov when I can replace it real pfsense hardware ;)  But after that it will be either on my self collecting dust - or looks like I might have some buyers for it ;)

Try doing static port? https://doc.pfsense.org/index.php/Static_Port

I'm seeing the same thing - 502 errors. I'm running three sites all of them worked perfect until 2.4.0-RC changed from bsd 11.0 to bsd 11.1 (a few days ago) Strange thing is that it's only one site that have the problem. The problem site is the site with most users.

Hi, I am also interested in what Domotz can do, but like AR15USR I am concerned about the security issues associated. Since Johnpoz mentioned there is a local server, I was wondering if it makes sense to block all outbound communication of the Domotz server and use VPN. Does anyone think this will work?

You would probably want to examine the firewall logs for the time it is not reconnecting and see if anything is blocked. You might also want to look at the state table and see what states are established on behalf of the PBX and see if that gives you any indication why it isn't working.

https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

Thanks everyone for the great replies.  As I suspected, this will be a long, tedious manual process.

@jimp: You said it's a "new" NIC but that is an em device. Any current Intel card should be igb. All I meant by that is that we bought the same type card that we were running in our other routers that is "new" as it has never been used. I recognize that it is not the most cutting edge technology, but it is what we know will work based on our other router setups. As far as what the crash report says, is it something that can be solved by reinstalling the OS or by setting up IPv6? We never set up IPv6 in the past because we don't use it at our company but if that will solve our issues, then I am willing to set it up.

@clay005: My suspicion is, It is restarting when someone remote our the server using its the Domain name (or computer name not ip address). Because before i register the IP address to have a name we are using ip address to remote the server and im not having this kind of issue. This can't be a suspicion, except if you refuse to check your firewall, the rules present on WAN. There should be none **, and in that case : impossible, non one can connect to your pfSense. Btw : you just showed that you missed one of the biggest concepts of the Internet : people rarely use IP's, or, they work well. Humans like addresses like test-domaine.fr, which are translated directly to : test-domaine.fr has address 5.196.43.182 test-domaine.fr has IPv6 address 2001:41d0:2:927b::15 Remember that addresses or URL like test-domaine.fr aren't use on the Internet : you see them on your screen, they are looked up to IP addresses and that it. The fact that you use a domaine name - like my test-domaine.fr - doesn't mean that people can find you more easily, or not. True is, domaine name are public. But you don't care, you have a firewall, and nothing initialed from the outside come in. That was the very reason you put the firewall in place. ** if there are rules ….. well, you shouldn't. One never does before all consequences are understood ;) Btw : Never ever expose the pfSense GUI to the outside (WAN or Internet).

UPDATE: @Harvy66, I tested out latest opnsense as well which is based off FreeBSD 11.1 but I still faced the same issues. The solution for my problem was to disable nested paging under VM -> System -> Acceleration, after which the bandwidth went full throttle! :) [image: Ecs6WA4.png]  

If you want two factor auth, you can install the FreeRADIUS package and use it there (Google Authenticator or mOTP) @inews: it will be open wifi network […] if possible to make some usernames with different permissions to the network. That isn't possible with captive portal, but if your access points can do multiple SSIDs on different VLANs, you could setup a different SSID that has WPA2 Enterprise authentication, then it could put those special users on a different VLAN with different firewall rules/setup. You'd setup the second VLAN/Network on pfSense but getting users into that network is entirely up to your access points and switches, though, not pfSense

Hi All, Sorry for waking up a very old topic. I've tried James' suggestions but instead of using a physical NIC for the BT Vision LAN i'm using a VLAN. However I'm unable to receive a picture at all. Just wondering if this is still working for anyone?