Not that I've ever seen. The same limitations apply for that role.

I researched and i believe, I know the reason. The group is received by pfsense only, if: -the created user in AD (e.g. 'vpnuser') is member of at least two groups (e.g. 'Domain-User' and 'vpngroup') -if the AD/pfsense group (e.g. 'vpngroup') is not the default group of 'vpnuser' Just tried to replicate this .. Strange, but it is as described above. btw: the extended query still not working, but that is another topic :) Edit: everything perfect right now, even with multiple extended queries.  

@grandrivers: sounds like noise on system t-3 upstream or return noise where t-4 could be in either upstream or downstream Argh, I know you're right but I don't want to believe it.  I've been battling with comcast over noise issues for years now….and granted, things are better, but not great.  I thought I would try to rule it out but I guess it really is the noise.

Glad the topic was of use of you HeMan.. When I saw this show up as something new it - was at first ah shit some spammer necro an old thread ;)  Nice to see it was someone actual used the info contained in old threads for what they are meant for ;)

Whichever log you see the "suspicious" entry in, post it in that section. For example if it's a firewall log, post in the Firewall board. If it's in the OpenVPN log, post in the OpenVPN board, if it's a Snort or Suricata alert log, post in the IDS/IPS Board.

Thanks I've disabled the update checks. Only things left are System Information, Interfaces, Service Status, Interface Statistics and IPSec. I'll see how that goes. Thanks

If you run it by hand in the console then no, it doesn't log that anywhere as it's output straight to the terminal. What are you trying to track down?

Hi, I think I just solved my problem and tough it would be a good idea to share. at first, I completely reinstall pfsense on an other computer. Everything was working. Put back my config.xml backup and so far so good. Unplugged my router and plugged my new pfsense. My modem did gave me a new IP so i rebooted it and boom, lost the webui access again. I decided to unplugged the modem and try back. The webui was working back. I started to check my config and found something under wan settings. At the bottom of the page there is Reserved Networks settings. I unchecked the first one " Block private networks and loopback addresses ". Tried to plug back the modem and everything was working fine. I noticed that my modem had problem to communicate with my ISP servers so it was giving a private IP "192.168.100.10" Contact my ISP to reset the modem and internet was back. I checked back the option under WAN settings but I want to know if I should keep it unchecked or not. Thanks

Not sure about "after 2-3 hours", if you want to throttle it in general, have a look at Squid delay pools.

you probably want to set the verbosity level higher then default (no clue how high: experiment) then you could script something to fetch/parse the required data into a text-file or html clog /var/log/openvpn.log | grep Initiated > logons.txt clog /var/log/openvpn.log | grep Inactivity > timeouts.txt you probably want more complicated regex or use different tools instead of grep to get it nicely formatted/sorted

Having the same issue. SG2440 unit on 2.4 beta snaps. No squid/snort/ntopng or any heavy packages installed. Native DHCP6 on the WAN (seems to possibly be related to DHCP6 or having IPv6 enabled in general). I have had this problem on 2.2 and 2.3 - whatever is causing it is mostly likely a very old bug, I see threads from 2011-2012 asking about the same issue. No good answers. I just posted this in the Development section… hoping for a response...

I am running the latest versions of both SO (v.14.04.5.2) & pfSense (v.2.3.3). @BBCAN177 did you have to change settings in any config file or should ELSA be able to automatically detect the source?] I posed a question in the SO forums. Pending response. Thx

??? Not sure if I understand this but if you spoofed the modems mac then it may take time for gateway to react. If the modem is in bridge mode(or just a modem) and you spoofed pfsense wan mac then same applies. If modem is not in bridge mode(combo unit) then all you did was break connection to modem and pfsense. Modem will still have same IP but you will need to cycle pfsense for new IP for wan interface to modem. My ISP does not react to spoofed mac very fast and it can be easier to shut down power of modem for a few hours before any change is possible at the ISP with a different mac setting. Also did you notice any warning about your mac number being wrong.

Thank you for your answers. I do not prefer to tweak in the source code. I hope the bug is resolved soon

Hi Jim What is the mail.php to send an email with an attachment? Thanks I