pfSense is based on the FreeBSD operating system, so anything else you install must be compatible with that OS. It is generally considered very bad practice to do so, however. Let the firewall be a firewall, and use another box for your applications.

Mh, pppoe is like a tunnel and uses 8byte from your connection. so MTU of 1492 is most the fact. All of your traffic goes through this tunnel for accounting and I think, you get every time the same IP so it is static. Other ISP (Cable) may don't use pppoe. pfadmin

Please make a picture of what ist what in your network. I don't know what you mean with "PPPoE Modem" and so on. pfadmin

Hi, I also had this error, in my case it happened using qemu as hypervisor. With KVM it works correctly instead, so it's probably an issue of virtualization

My current Time Capsule doesn't give me any flexibility… It works but I can't see whats coming in and out of the network and can't isolate the devices...

@AMizil: Your Splunk Light license expired or you have exceeded your license limit too many times" . After expiring the trial period you have to somehow manually change to free otherwise … Go to Settings > Licensing > Change license group.  This does limit you to sending less than 500 MB/day of logs to Splunk though.

Yeah it's a little confusing because I see this in the logs also But when I check the Arp logs and DHCP logs as well as the control panel for the router it all looks right    

@Harvy66: Looks like you enabled polling. Instead of an event based system that reacts when new packets come in, it spins at 100% CPU checking to see if any new packets came in. You rock :) Thanks.

I would certainly expect it to. You will only get close to the limit of it's abilities trying to fill the pipe with encrypted traffic. But even then since OpenVPN is single threaded it can only use one core leaving the other to do whatever else may be required. The D525 won't do that. Steve

@pvr2002: I am in the process of familiarizing myself with the Cisco IOS and have a Cisco 3750 (with routing functionality).  Please see attachment for current working network setup. I am trying to enable IP routing on the 3750 and only route internet traffic through to the Virtual PFSense box.  I have successfully setup IP routing and ACLs to prevent vlans from talking on the switch.  However, I am running into issues determining how to get the switch to forward traffic onto the Virtual PFSense box.  I attempted to utilize RIP between the switch and PFSense, but was only able to get access from VLAN100 (even if shutting off all ACLs) to the PFSense VLAN100 Interface.  The other 3 VLANs did not communicate at all.  Can anyone provide any insight as to what may be the issue? Thanks in advance. 1. Decide whether you want cisco switch to route between vlans and route all the traffic to pfsense through a interconnect network ( pink colored in Derelict's diagram) or (2) . In this case (1)  you need to have VLANs created on the L3 switch, assign ports to VLANs , enable ip routing by configuring a routed port on L3 switch, static route on L3 sw to route all traffic to the transit IP of pfSense. On Pfsense you also need to add static routes to all your vlans  through pfsense transit IP address. ( otherwise routing won't work). In this case you also have to configure DHCP helper or  server on each L3 interface …. or use static IP addresses.  Also configure outgoing  rules on pfSense to allow traffic. Don't use routing protocols only if you have multiple network with multiple routers... 2. Use L3 sw as a L2 sw ( similar to your drawing , create vlans, assign ports to vlans, create trunk ports  on L3 sw  and on vSwitch + pfSense, configure vlan interfaces on pfSense - LAN  or wan ( for wan you also add gateway IP address), enable dhcp on  each interface , enable outgoing rules on each vlan ... . If you have a small network I would recommend to route all traffic to pfsense box ( 2)  so you can also inspect inter vlan traffic if you wish ( from security perspective). Check this topic also : https://forum.pfsense.org/index.php?topic=57239.0 you can dump  ...  show run conf BR, Adrian

Take your Cisco config line-by-line and recreate it on pfSense. There is no guide that you will find that will cover this situation. The problem description is not very well communicated. What is currently doing the tunnels? Why do you need to keep the Cisco in-place? Something like this: [image: pfSense-Layer-3-Switch.png] [image: pfSense-Layer-3-Switch.png_thumb]

I know you can do bridging and mac address spoofing in pfSense, but I'm not sure about the packet redirection over the bridges. Please call the support od the AT&T company and ask fpr their devices able  to use together with the AT&T GIGAPOWER  it could be only the Pace 5268AC you are using but with some luck you could also go with the Arris NVG599 from AT&T. If so, do it, this device is still offering a so called "IP passthrough mode" and then you will be able to place all of your own devices firewall behind that "mode" or router. Link to that conversation: DSL-reports Question: But does ATT Gigapower allow authentication from a third party user owned router or does it have to go secondary to their own? Answer: You must use their router.  There is a kludged "IP Passthrough" mode to allow you to put your own router behind it though.

ok,  i kind of solved my problem. i had a firewall rule to only allow the ntp port to be open in my pfsense openvpn setup. i guess it couldn't communicate with the main router through the ntp port. i thought that if i pointed the ntp server of the pfsense firewall to the main router that it would work. it didn't. maybe i have to open a port somewhere for it to work? anyway, i just removed that firewall rule and pool.ntp.org servers now work.

Yes you could use an interface group, or maybe floating rules to do this. However you will still need to edit each rule on OPT1 and switch the interface to the group. You could potentially edit the config file to do that which would be faster but far more open to typos. The rule order might also be compromised. You would need to test that to be sure. Steve

Looks like a hardware failure, probably bad RAM given the message. Potentially some video card issue. Juts booting with the DIMMs in proves nothing really. You need to run a few loops through memtest (I prefer 86+ http://www.memtest.org/) before you can be sure it's good. Steve

You need to run at least some actual throughput tests to determine if your indexing test is at all accurate I would say. The Xeon-D CPUs you tested both have turbo speeds of 2.5 and 2.6GHz. pf is somewhat multithreaded but OpenVPN is not. You are not testing the complete system though so you might hit some other restriction you're not aware of. Steve