Because of Steam Client's inconsistency at connecting to it's servers, I had took a long time tracking down the culprit.

Until one of the computers on the LAN went offline. It was apperently running utorrent.
Even though it wasn't using bandwidth heavily, it might somehow intefrere with Steam's ability to connect.

I'm not entirely sure yet, even though I was able to connect to Steam 2 times now after that PC with utorrent went down.
I'll post back after I further succeed at connecting on Steam.

Dual WAN on a Celeron 700 with 256MiB RAM. I ran a few speedtests with both WANs (30Mbs+15Mbs), then just 30Mbs, and finally 15Mbs. First peak (~100%) is @ 45Mbs, next 3 (~40%) is single WAN @ 30Mbs, next 100% peak is the pfsense control panel rendering  ;) final peaks at 20-30% cpu is with 15Mbs WAN only.

cpu.png
cpu.png_thumb

Never mind.

Removing and reinstalling Snort fixed the issue.

Just a piece of advice on searching the forums.
Use google.

What you need to do is to enter (without the quotes):
"search terms or phrase" site:forum.pfsense.org

For example, if i needed help with say…  OpenVPN road warrior setup for pfSense, I would enter the following in the google search box:
openvpn road warrior site:forum.pfsense.org

Google's linguistics engine and page rank is vastly more powerful than the search engine in most bulletin boards.  Also, the fact that you can click obtain direct translations for the non-english portions help too.

install package call shellcmd and use that with script which mounts the harddrive

PPTP is a separate case that I wasn't aware we were discussing.
But whatever, good luck with your special ISP. I'm done with this topic.

Some years ago I read an account by Steve Gibson of a denial of service account that hit him. Some nasty piece of work managed to harness hundreds of PCs to bang on his IP address. Fortunately for him his ISP was rather more cooperative than yours.

I think you might be able to find his report (grcdos.pdf) on his web site (http://www.grc.com).

i didnt answer all of your questions above.

no additional packages installed and no traffic shaping (not sure what it is, but that is another topic).

bone stock install of 2.0.1

after i read your last reply, i rebooted the pfsense box and now the download works.

was it a fluke?  bad timing…?

either way, i guess i can say, for now, everything appears to be functioning properly.

In 2.0 aliases are handled like tables with more functionality even.

Its often a habit to go and edit things manually when used to but try to do what you want through the GUI and it will work the same.

There aren't any notifications of the status of a mirror, though that is one I want to add in eventually.

Currently the only notifications that are sent are major events (like a ruleset failing to load) and also if a gateway goes down.

I would recommend you to go to the pfSense official support for such kind of questions.

@dLockers:

Excellent. I have configured an OpenVPN server and I am now trying to fine tune it.

Could someone explain the steps to achieve this however?

"To set this up, configure an OpenVPN server to listen on TCP port 443, and add a firewall rule to pass traffic to the WAN IP (or whatever IP used for OpenVPN) on port 443."

How do I pass 443 to the OpenVPN in the Firewall? I have already set the OpenVPN server to listen on 443/TCP.

If pfsense is OpenVPN server add the following rule to your WAN:
Action: Pass
Protocol: TCP
Source IP: any
Source Port: any
Destination IP: WAN address
Destination Port: https (443)

Thats all.

Squid can be used as a reverse proxy but was not designed for it.

you can try:

varnish (realy fast but no so easy to configure. balance http)

haproxy (recently updated to latest version. balance http and https)

pfsenses built in load balancer(easy to configure and balance http and https)

Sorry for not answering how reverse squid works, I really prefer one of above options.  :)

They are on the list: http://www.freebsd.org/releases/8.1R/hardware.html#ETHERNET

Steve

@wallabybob:

@tomdlgns:

if i am off site and i am using logmein to connect to my home PC and i am navigating through the webgui on pfsense and it is slow.

I'm not clear about the configuration here. You have a pfSense at home and you access your home PC from the internet through pfSense and then from the home PC access the pfSense web GUI? A diagram would probably help.

sorry.

i configured pfsense on a spare PC at home.  192.168.1.1.  locally, when i was making changes to pfsense (over the weekend when i was at home) i had no problems.  everything was fast and smooth.

today i am at work and i wanted to test some settings/play around with it.  i dont have any ports/firewall rules open so what i did was remote connect into my home PC and navigated to 192.168.1.1 as if i were sitting at my desk.

i hope that clears it up a bit.  if not, let me know.

thanks.

That is FreeBSD's escape-to-debug keystroke (ctrl-alt-esc)

I'm not sure if there is a way to disable that keypress.

Though it does look like NMI would also go into the debugger, and that can be controlled via system tunables that you can disable under System > Advanced, on the Tunables tab.

I'm using pfSense 2.0.1 in a similar setup with public IPs - pfSense also has internet access.
Have you set the DNS servers (System->General Setup) properly?

thanks steve  ;)

Since you are met with the pfSense login page you might try using NAT reflection instead of local DNS overide. You have nothing to loose.
Also try running a traceroute to your server under various conditions.

Speculation: When you run the VPN client it connects to your work VPN server and is handed IP details including gateway and remote DNS servers. That becomes the default route on your laptop. You can still connect to your local subnet since that is in the local routing table. When you then try to access your server (on RED) by URL the remote DNS servers hand back the WAN IP of your pfSense box. Here's the part I don't fully understand, your laptop then tries to access the WAN IP but it somehow already has a route to it via your local LAN. Trying to access the WAN IP fro the LAN side of pfSense brings up the login. NAT reflection should take care of that for you. Why it doesn't get routed out through the VPN I'm not really sure. Perhaps it does and the resulting strange circular route is what is causing the problem. Traceroute should show that.

Steve