I installed a shellcmd php -r 'require_once("shaper.inc"); require_once("filter.inc"); interface_ppps_configure('opt2');' to fix this issue. Replace opt2 with the optx you are using.

What cron jobs do you have running? (can install cron package to look that up) Seems like one of them is creating a little output that cron wants to mail.. Can you perhaps try running them one by one from a ssh console manually and see if any produce 'output' ?

Quick update: I manage to do what I was looking for using OpenVPN server as a gateway for the tunnels. and doing NAT with pfsense public IP address. but still have some unanswered questions. I don't see how Site B can connect via OpenVPN to Site A unless Site A has an OpenVPN interface?How did you build these connections, with wizard or manually? Manually. Apparently pf sense does create the tunnel without the interface. Obviously there's no traffic without it, but since I saw the status of the tunnel up, I mistakenly thought that was enough. So all sites has interface and there's traffic in it. 2. Yes, the general technique is to specify all the possible external networks the OpenVPN server will pass to various clients (the "Remote Networks" in the server's config). Then you specify which of that set will be routed to each client in the client's specific CSO.  Obviously it works best if there's no possible overlap, thus my question 3. This one I still have some doubts. For example. Stie B-D are regular clients. they only need access to certain services to perform their duties. So I believe is ok that they all share the same routes and rules for them. Now since there's just one site where the admins will be (Site E), I created another vpn server on site A as remote access since we could be at the office, or working remotely, without all the restrictions needed for the rest of the sites. One thing its annoying me a little is the following: If Site B-D share the same private ip block (ie.10.10.10.0/24) I could access pfsense webgui on Site A using its tunnel ip address (ie. 10.10.10.1). Obviously this can't happen, so I just restricted with a rule, and they can't see each other cause im using net30 topology. But from Site E (the admins) I have any-any rule at the tunnel's interface and Im not able to ping it using site E tunnel's ip. (10.10.20.1) I still can access all site's pfsense webgui from the admin site via lan ip or the other tunnel ip, but not the actual tunnel ip where im connected to. And I can see the servers behind it.  this is not too much of a concern for me. But at the same time, I want to understand why I can't ping the tunnel's gateway, even thought the interface has any-any rule.

Not currently, the certificates are not in a section that can be restored on their own.

We need more information to make some conclusions. I think you need to configure two interfaces the one you have already configured (WAN DHCP) and next you should go to    Interfaces>Interface Assignments and then to PPPs tab, add new PPPoE, select same physical interface you have used on WAN and configure all you have there with information provided by ISP, save, go back to Interface Assignments tab, select your newly created PPPoE in drop-down menu and add new interface, name it whatever you want and go to    Interfaces->"younewlycreatedinterfacename", enable it and then check if it is working already and IP already received, if it does not, then you need really "hack" mpd config. :( If it's not acceptable for you then you need to create feature request for PPPoE IP configuration via GUI.  ::)

@elias: so with a laptop everything seems fine. The phone instead does strange things when using the WA app. Right? Have you checked another phone? Android perhaps so it's not an iOS issue? Would be strange indeed but hey… smurfs and stuff...

Still no increase in processes. Don't know what fixed it, the restart or the patch. [image: 2017-12-01_12-24-15.png] [image: 2017-12-01_12-24-15.png_thumb]

Thanks.  I just applied it.  And, since it mentioned that it cannot be cleanly retracted I took a snapshot so that I can revert. I'll update the thread on the re-occurrence. Thanks for your help.

Uggh. Turns out it was a software issue on the Windows host I was using to test the speeds. Rogue "optimizer" software that came bundled with my motherboard drivers was causing the upload speed issues. I figured it out when I tested on a Linux box on the same LAN and the speeds were perfect. Hope this helps someone else down the road.

Finally got it solved! There were a number of issues, some of which I'm still dealing with. I ended up replacing my setup with an unused Dell desktop with PCIe slots. The hardware is slightly better than my tiny Lenovo box, so no harm there. I installed two PCIe EXPI9301CT Intel NIC's. Did a fresh install, restored my config and was back up and running. After that I ran another test and I was getting 150 Mbps down and 50 Mbps up!! I'm pretty sure we're paying for 120/40, so I can't complain about those numbers. So as many suspected, I am now pretty convinced the issue was with the USB NIC. The other hint is the fact that on the dashboard both LAN and WAN are showing as 1000baseT <full-duplex>. On my old Lenovo setup with the USB NIC as my LAN, the LAN did not show that information at all on the dashboard or under the interface info. After solving that, I still had sub 100 Mbps speed on some PC's. In some cases, it turned out being bad cabling, in another case a bad switch, so by going though it on a case by case basis, I'm slowly getting my network up to speed, no pun intended. Thanks for all the responses and help! Raffi</full-duplex>

Opened up a bug report, seemed like the right thing to do https://redmine.pfsense.org/issues/8139

@jjoaquina: I do believe the time spent to have this working is beyond acceptable. I think I'm just going to switch the display off despite some policies I should follow indicates the other way. Thanks you all for your insights! Run an old windows machine and ssh in using putty. Set the screensaver on that machine to work the way your want. The BSD install is manicured to be a firewall and certain elements may or may not be there from release to release. You can never count of non standard elements/add ons to work post upgrade.      ;)

You will only get the assign interfaces prompt if you are not using common nics. pfSense will auto assign em, igb, and other commonly used nics.

Not that I know of.  Post questions/issues either here in General Questions or Virtualization.

@DennisT: We already use OpenDNS but that isn't effective unless the attacker is using DNS (which many don't). Thanks !!! Just fine like that. This one goes to my ;D list …

Well, your server issues are not pfSense issues. Need to do whatever it is that they support.

Comes down to what method of sharing your your going to use.. Just simple windows sharing of the printer SMB? or IPP, or 9100 which is common jetdirect port. But yes you would need firewall rule to allow whatever port/protocol you use to access the shared printer.  From a security point of view this normally not all that bad of thing - you limit who has access to the printer, and its just a printer. Is your printer not able to just direct connect to the network via wire or wireless.. USB printers are pretty old school if you ask me..  Even your $70 throw away inkjets come with wifi normally these days.