@muswellhillbilly: @MakOwner: Obviously the ELK system wasn't working as it should have been – pfSense simply shows the remote logging host as down. Before you trash the ELK server, may I ask if you either have a firewall operating between your ELK server and your pfSense machine, or whether you have the firewall service running on your ELK server? From the command-prompt you can run 'iptables -l' to get a list of all the firewall rules running on the ELK system. If you do, try running 'service iptables stop' and see if that solves the issue. I don't know what your network is like - whether your ELK server is running on the same internal network as your PFS, for instance - but assuming the ELK is on the same network as the LAN side of your PFS you ought to be ok disabling the firewall on the ELK. I thought I had disabled the firewall on the ELK setup, but it won't hurt to double check. Network between pfSense and the ELK VM is a flat class B.  Network adapter in the VM is bridged.

Yeah reading about this.. It phones home and you control from their server.. Or you could access it via http to actual IP on your network.. So if you wanted to do that remotely you would need to vpn into your network or port forward 80.. But I could find no special ports need to be forwarded that is for sure to have it phone home and access it.. https://my.radiothermostat.com/rtcoa/

@jimmy_1969: True. However, in this case I have ran mtr with TCP SYN/SYN-ACK test in parallel with pfsense gateway monitoring, and there is a clear discrepancy. The SYN/SYN-ACK maintains low jitter and reports acceptance packet response time, whilst ICMP packages in the Status: RDD Graphs goes from ~100 ms range to to >1000 ms in packet response time. I can run my connection to 70-80% of the link speed without any package drops, and observe this ICMP behavior. So it's clearly load- and package priority related. Add a floating rule with interface WAN, Direction: Out, Protocol: ICMP, Pipe into qAck to allow pings to be prioritized just like ack packets.

^ exactly or use of autodiscovery like wpad if your clients support that..  Its much better to do explicit pointing to your proxy then redirect from the gateway to the proxy just for the proxy to send the traffic back to the gateway.. That is a horrific hairpin setup..

So, this is the part where I have egg on my face. We have a script on these APU1Cs that activates the LEDs on the front.  I have a few dozen units out and for whatever reason this only randomly occurs every now and then.  I still can't find my post about this from some months back but it's essentially the same thing.  It's happened twice now with all the units I have out.  It confuses me since it shows in different ways. The script is called blinkled.sh but it doesn't show up in top or ps.  I would expect if that script was the problem I would see it listed but it never is.  In top it seems to show up as this netstat command since that is how it polls the interfaces and in ps it shows up as tcsh (I guess because that's the shell we had to use as bash wouldn't work).  The script is started at the top of each hour and updates every 5 seconds.  When called, it runs the /usr/bin/kilall tcsh command to clear out any running instances.  For whatever reason, the killall command will stop killing the tcsh process and these just keep getting called over and over again and they all run concurrently and eventually take up all processing power.  It may work for days, weeks, or months just fine before the killall tcsh command doesn't do anything anymore when called from the scripts.  We have units that have been out over a year and still don't have this problem.  The only solution so far is just to put the killall tcsh command somewhere else in the script.  No idea why that solves it as it still gets processed at essentially the same time (right at the start to kill the previous process before calling the new one.) tl'dr - A script we created was out of control.  pfSense and its packages are just fine. The reason we are on the older version is that we send out very specific builds of the routers to incorporate the features we want to all of our clients.  For instance, via a series of scripts we are able to run snort, squid, and havp perfectly fine on these units.  The process only writes about 250MB each month to the cards, or about 75% of the provisioned space each year (4GB provisioned using 8GB and 16GB cards).  That should give them over 10 years of life.  While packages such as snort may not get updates since the OS was EoL on the 2.1.4 back in August, they still load up with slightly older rule sets and still offer strong protection until they get the new 2.2.4 image we are rolling out. Thanks everyone for your contributions.  Let me know if you have anything else to add (like why it works on some and craps out after a few months on others).

@doktornotor: Eeeh? That's the default. Okay, I was not sure.  thanks

@johnpoz: You could put the wifi on its own vlan if you want via just your switch and pfsense.. But that does not allow you to have say ssid Users on vlan 10 and ssid Guest on vlan 20 unless your AP support that.. But sure if you just want to isolate your AP to its own vlan - then sure create the vlan on pfsense, do the vlan on your switch and connect the AP to a port on switch in the wireless vlan.. That's what I'm going to try, that works for me. And if I can repeat the same proccess twice (I create a 2nd vlan in pfSense, then I define that 2nd same vlan in the switch and I attach another device behind them) will let me have a 2nd vlan…but if it doesn't, It's not a problem at all, I can perfectly work with just one LAN @Derelict: Why are you asking for help with those devices here? well, I think it's a good site to ask&learn about many things related to pfsense (probably the best site in internet) and being my network and most of its devices managed by pfsense, I thought this forum could be a good place to learn from the experience of other pfsense users. Yours, for example, have been very helpful, pointing the way to config the vlans. @gjaltemba: @johnpoz: Confused with that statement by gjaltemba - pfsense is more than capable of running multiple dhcp servers as long as pfsense has an interface in that network be it physical or a vlan.. Asuswrt gui gives the false impression that a Guest Network in AP mode will restrict access to your LAN but it does not. So a no cost solution would be to define vlan in switch. Asuswrt gui does not support vlan but I am going to try with ssh and script. I still cant understand what you mean about guest networks. Your suggestion of defining the vlans in the switch etc is what I'm going to try But anyway, even having just one LAN, if I just can use the Asus DSL N16U as wifi Access Point without any isolation, that would work for me.

It was actually a good question….  But your subject line stunk. You'll really find it helpful for you and those that follow when your subject lines have real meaning or at least contextual meaning...  not "NooB Question".  You're "NooB Question" would be a great opening line in the message body. I still keep a Linksys e4200 with the latest, tested DD-WRT beta from Seb (physically) sitting at my network entry as a backup for my pfSense box.  Sometimes I throw it online to confirm network issues are in my configuration - It can be a real sanity check.  You'll find pfSense and its packages are so much more powerful but for testing connectivity, DD-WRT just works. Rick

Thank you so much for your reply Harvy66. I just connect my linux computer to WAN port and window laptop to LAN port and did an iperf test again, just as you said with a lightly larger window size -w 128k I could easily reach 950+Mbps with less than 10% CPU usage and around 30% interrupt, and the best I could achieve between pfsense and computers on either WAN/LAN port was still around 500 Mbps with high CPU usage, no matter how large the tcp window I chose. Also I just thought if pfsense could achieve gigabit between WAN and LAN, it doesn't seem to be reasonable to say it could not achieve similar throughput between LAN and LAN. I ran iperf again with 128k window size and this time it could reach 800~900 Mbps even with all the LAN ports bridged together. I could not on earth remember how I was not able to reach this speed with the same window size this afternoon, perhaps I in fact forgot to test LAN<–>LAN with different window size as I naively assumed LAN<-->LAN should be definitely slower than LAN<-->Pfsense so no need for further test >:(. Your explanation about user space and kernel space of routing/iperf makes a lot of sense. Now I am confident that if I move to a place with gigabit fiber connection this pfsense box surely won't be the bottleneck. Thank you again  :D

I think the correct answer is that pfSense is not your normal home router software. It doesn't act as a server, allowing you to access data from a USB flash drive or hard drive over your network. Security-minded individuals realize that ANY server running on an internet-connected firewall is a potential security risk, and thus the functionality you're looking for is not included with pfSense "out of the box". Whether someone has packaged up Samba so that you can do what you're asking about, I don't know.

Another screenshot of the system logs not showing the 2000 entries. Why did the screen shot from the first post get removed? [image: systemlog4.jpg] [image: systemlog4.jpg_thumb]

@Foxi352: Can i choose what source address / interface PFS uses for it's own outgoing traffic ? You can use outbound NAT therefor. Firewall > NAT > Outbound By default it is set to "Automatic outbound NAT rule generation".  Check "Manual Outbound NAT rule generation" and click save. Then edit the rule WAN  127.0.0.0/8 * * * WAN address 1024:65535 NO Auto created rule for localhost to WAN  and change the Translation to LAN address. If the routing for LAN network works correctly pfSense should get its responds well this way.

blood eagle viking style I'm afraid to put that into google. :/

@doktornotor: It notifies you just fine when the IP changes. Not really sure why would you like to be notified when nothing changed. It does notify me when my ip changes?  How does it notify me?  I have notification setup via email in the webgui, do ip changes automatically send me an email by default?

This is what is in my advance box, I'm pretty sure you are right though, it is probably something in here: remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA; I just updated to 60 internet today, clearing all my logs and see what I get, pretty sure it will be the exact same.  Nice though, going through the tunnel I get 60, outside the tunnel 70.

Yeah I see that now. Thanks. I changed it to em0 and it complained so I changed it to WAN and lost LAN connectivity to it completely after applying. I will go by there tomorrow and restart it. Thanks again.

Thank you, will do as you suggested. Today is a working day, should schedule for further testing  :o