You may like to read through this, unsolved, thread and see if the finding there line up with yours: http://forum.pfsense.org/index.php/topic,70773.0.html There was/is a known issue that might be effecting you: https://redmine.pfsense.org/issues/2555 Steve

@opjohnny: @biggsy: @opjohnny: Unless ESXi knows how to send a shutdown command to pfSense … It does.  You just need to select the right shutdown mode: That simply just "cuts power" to the VM before ESXi continues its shutdown process.  It's like holding the power button on a PC or laptop until it turns off. No, it does not just cut the power to the VM.  For me, this is the key benefit of VMware tools.  I used it, quite deliberately, yesterday to shut down a whole host without having to shut down each of the individual VMs beforehand. Of course, if ESXi isn't told to shut down gracefully, as happens in a power-fail with no UPS …

You can restart the monitoring daemon (Status > Services) and it will wipe out the old loss data. We have seen that happen before but have not been able to replicate the circumstances that result in the problem.

@phil.davis: Now I understand your problem - I hadn't looked hard at the "custom provider" bit of your needs. The software that generates the GUI form - services_dyndns_edit.php - is just lacking code to add gateway groups to the dropdown for the "Interface to send update from" field. It really should have the same list as the "Interface to monitor" field. I appreciate the heads up on the pages that you wrote; I'll give those a try shortly. Thanks Phil!

Sounds like you have a flakey line. Try setting up two failover pools and split the clients between them- see if the cable or the DSL people complain more. I've never liked round robin with lines that aren't the same.

Ah, that's disappointing. I never got around to trying the syslog-ng package as all the boxes I could try it on are NanoBSD. I'll have to try again to get a hybrid Nano+HD setup functioning and give it a go. Steve

You can view all four on the dashboard by just opening the graphs. The monitor IP is what pfSense uses to determine if your WAN connections are up correctly. By default it uses the WAN gateway IP but you can change that if you need to. Steve

Thanks, Squid might be the way to go. Is there another way? I ask because I did try installing Squid today, per the instructions here, but then the internet didn't work from the LAN until I uninstalled it… Either I have to figure out how to fix Squid or find another way to do URL rewrites...

I changed the verification post count from 2 to 1 so users only have to do the verification for their first post rather than first two posts. Sorry for the annoyance, spammers are a big problem with popular forums like this. USB NICs in general aren't great, regardless of OS. The FreeBSD drivers for some of them tend to be pretty unreliable. This might just be that your USB NIC isn't well supported in FreeBSD, though I wouldn't expect the NIC to completely disappear in that case. Usually when there are driver issues, the NIC still shows up, but it just doesn't work right or at all. That might be a general USB problem with your system. One thing you might want to check is if you have the latest BIOS on the system, sometimes that fixes weird issues along these lines. VLANs might be a good option instead.

Hello, everyone. I too have noticed that version 2.1 has broken my old reconnection scripts. The login method shown in the documentation page for the config backup script apparently no longer works, and while using plink may still be a valid solution I'm not using Windows either (and if at all possible I'd like to stick to bash and wget/curl). So I'd like to have some help here, and it would be nice if the documentation got fixed as well. Thanks.

The NAT rules, like the firewall rules,are evaluated on a top down basis (AFAIK) so moving your manual rule to the top of the list causes it to be catch your traffic to the modem. This is an issue here but isn't mentioned on the PPPoE modem docs page because you seem to have both the modem and the PPtP tunnel end points in the same subnet. Thus when the pptp tunnel is established a NAT rule for that starts catching the traffic destined for the modem and sending it out of the default gateway (the pptp tunnel). At least that is my interpretation of it given that I've never dealt with a pptp WAN.  ;) Make sure your manual rule is specific enough not to catch anything that should be going via pptp and you should be fine. Steve

There are some other NTP enhancement discussions going on in another thread, you may want to look at what they're doing: https://forum.pfsense.org/index.php/topic,67189.0.html

It should work just the same, really. The easiest way to diagnose it would be to run some packet captures as you attempt some authentication tests from the GUI and PPTP, to look for differences in the queries.

So why not use traffic shaping? Steve

This is awesome thanks guys, I have some late Christmas shopping to do!

Me too! My curiosity has been growing since. I will restore one of the PC images on a VM this weekend and report back. Thanks… I hope this helps someone with a similar issue - self inflicted or not LOL

Just upgrading the server software.  Servers came with Windows Server 2008 32 bit. We have been upgrading them to Windows Server 2008 R2.  Once all the software is back in the servers, the servers seem more responsive. We were waiting on upgrading the pfSense boxes from 2.0.3 to the newer version until later.  We upgraded the suspected pfSense box to 2.1 but it still did not fix the issue. At this point we planned additional down time for the boxes.  For some reason the box would not take a clean install off of the live cd for version 2.1.  So we did a clean install of 2.0.3 and then upgraded to 2.1 before anything was installed.  All the configuration was put back in slowly watching to make sure only the configuration that was needed got added back in.  This fixed the Internet provider private network for losing packets. We are still losing packets on the IPsec VPN tunnel but with the speed of the tunnel and the equipment having the ability to re-request the packets, the traffic is getting through at a reasonable rate.  So we are going to hold troubleshooting this part of the link until the upgrading of the servers is complete. pfSense boxes were re-tasked Dell PowerEdge 2950s( a little old-purchased in 2006-but still should be enough power for this) Dual CPUs - Intel Xeon Processor 5050     Intel(R) Xeon(TM) CPU 3.00GHz     8 CPUs: 2 package(s) x 2 core(s) x 2 HTT threads 2 gigs of ram on-board Broadcom NICs additonal 4 port StaTech PCI express gigabit Ethernet network adapter card

When you say 'downloaded the hvap package and loaded it on the usb drive' do you mean you installed the package via the webgui? Steve

If you must have IPs with a unique MAC address, use CARP type VIPs. You cannot manually specify the MAC address, but it will get its own unique MAC. You cannot have the same gateway on multiple interfaces, but some people have setup several interfaces to the same WAN when they were required to pull IPs from DHCP. It has some quirks but can work.