No one? Maybe someone can upload me the file and I put it back in place

@Derelict:

Sounds like you created an asymmetric routing situation and the NAT made the traffic same-subnet.

I don't think so. The two subnets are physically separated and they both have one single gateway to each other (the pfSense box). Am I missing something?

For anyone that could need this, statistics can be easily extracted with a PHP script calling into this function (hope it is ok to link to pfSense source code):

https://github.com/pfsense/pfsense/blob/bafd63b5d95054adcf97720a716e027cad0b17d4/src/etc/inc/gwlb.inc#L402

@johnpoz:

Here does this help

Yes! Thank you.

there was a long time bug about this that seems to have been
https://redmine.pfsense.org/issues/3494

But it was rejected, turn off logging of bogon if you don't like the spam it seems is the correct course of action.

Or something like wireless client isolation and Private VLANs…

You are looking for layer 2 isolation. pfSense is a layer 3 firewall.

It appears one of my NAT rules was creating an issue.  Once I disabled that rule, I could ping from my hosts to internet addresses.

That worked perfectly. Thanks!  :)

I am putting this delay in place to help my network recover from a power outage. After a power failure my entire system becomes energized at the same time. This delayed boot on the pfsense box allows my modem to come back online first.

I know sophisticated PDU equipment is available to control the order of network devices being powered up after an electrical outage. Beyond something like that, is this the best way to accomplish a smooth recovery to 'online' status of a network after a power failure? It seems like this would come up more often… perhaps there is a setting within pfsense that handles this sort of issue.

Is the said model able to route, handle vpn as well as our internet speed at the same time?
We are talking about 30-40 people working concurrently and maybe 10 VPN connections at the same time

Would be the best if you go with OpenVPN because each tunnel can be run on one CPU core so this might be the best option for you
pending on the C2758 eight CPU cores.

For some reason anytime I try to add more than 2 NICs (igb0, igb1, igb2 for example) to a LAGG, the system crashes and reboots.  I've tried every combination.  Two nics work fine in a lagg.

The C2758 Board is set up as default that the IPMI LAN Port is the fall back Port of the WAN port, could this be the problem?

And if you will be building the quad port LAG what is then the WAN port?

As a general rule, "Jack of all trades, master of none" is sound advice. These home-grade Best Buy or Staples specials are usually just plain garbage at everything. But trying to add on to PFSense and making that a WiFi router is also a fools errand.

Yes, you can use the ASUS as a wifi "Access Point" and the additions that the SG-2440 have are not internal, they are separate products from a company called Ubiquiti. PFSense doesn't control them, has nothing to do with them. Not to mention, you can get the UAP-AC-Lite for like $70. When you are adding in $549 for the SG-2440, then $70 is not much more and that is a TRUE Wireless Access Point. It doesn't do ANYTHING except be an access point. A fairly stellar one at that.

Just be warned, Ubiquiti's support stinks and sometimes more advanced features are half-baked or just completely broken and don't expect UBNT to be of any help. I was doing a fiber-backed wireless setup, and literally this new 10GB fiber switch couldn't auto-negotiate to 1GB. So even though you can go from switch to switch and manually set 1Gbps, the FiberPOE units they have coulnd't. I ended up having to get a non-unifi but still UBNT gigabit fiber switch. Talk about pain-in-the-rear. And by the time UBNT got back to me, I had it installed and working for days. And still had no real answer, just said "oh, well maybe thats rights, glad you figured it out". Zero clue. Same issues with their USG routers that always show as "Provisioning" in the status. Total bug and a half, but again they have no idea or don't want to admit it. I end up buying all my UBNT stuff from a company called Double Radius, and I use their RMA and support - although for high-level you are still SOL.

However, if you are just using wireless and want it to reach far, wide, fast and REALLY cheap, then UBNT is gold. If you want support or an RMA, throw it in the trash and buy something else. The next cheapest is Engenius Tech, but expect $300+ for a decent AP.

Wireless AC isn't great, as jahonix said. They have "Wave 2 AC" now, which solves some issues and now even "AD" wireless which apparently can't make it 10 feet. They keep raising the frequency, which is the wrong way. We need like ELF wifi. But the US Govt has a worldwide kibash on any usage of it because they use it for all of their super secret spy communications.

@jimp:

Safest and fastest path to a stable system is to reinstall + restore config backup.

Yes, That´s what we did.

Thank you anyway.

As soon as the payment clears and the account is active on https://portal.pfsense.org/members/ you can reach the book.

If the pfSense team is in on this one , you could make a "recovery-xonfig.xml" in the script ,
and on boot check if it exists. If it exists : use that one (and delete it after boot) , else use normal config.xml.

And then just a :
reload in xx minutes entry in the menu - making the revovery-config.xml , and the at now+xx (reboot)

And

a reload cancel , that deletes the revovery-config.xml , and kills the at job

I don't know the "inners" of pfsense , and don't know if it goes "crazy" if the config.xml gets replaced , but i'm sure the team could make this in a short time.

/Bingo

Good recommendation, will try. I suspect it will be faster, as I did get about 3-5mb faster when I swapped out the AC adapter for the on-board N adapter. This led me to believe that it had something to do with that NIC and that it was somehow tied to the MAC of that NIC. I was wondering if there was somewhere in pfSense that I could find that it's blocked or throttled by the MAC/IP.

I'll grab a cable and test though…just to see.

Thanks,
Randy