On System > General you can check "Log Filter" to have that box always expanded. Due to its size it is hidden by default to keep the focus on the logs while keeping the controls at the top.

I created a how-to to set it up here: https://community.spiceworks.com/how_to/128944-pfsense-admin-logins-via-radius-using-active-directory-accounts

I messed around with the IGMP Proxy so much that I gave up on it. I added firewall rules and everything to no avail. @johnpoz: Easy solution would be to put the devices that want to talk to each other via multicast in the same layer 2. Are you saying on the same VLAN on the switch? I could do this, but any VM I create I want to be on the "server" subnet and not LAN.

https://redmine.pfsense.org/issues/6393 (for future reference)

I get the same error message (arpresolve llinfo etc…) during an upgrade from 2.2.6 => 2.3 and 2.3.1 install. The following commands below would restore the LAN connection, but upon reboot, I loose my LAN connectivity again. ifconfig bge1 down ifconfig bge1 up When connectivity is  lost its affects both the LAN and CARP addresses. Not sure what to look at here, but I imagine it is a driver issue. When I blew away the 2.3.1 upgrade to factory defaults the LAN address stayed up (Not sure with CARP) so I'm guessing some carry over isn't playing well from the 2.2.6 land. Thanks!

BUMP.  Anyone?? I'm starting to see more frequent occurence of /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:63: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [63]: table <pfb_top_v4>persist file "/var/db/aliastables/pfB_Top_v4.txt"</pfb_top_v4>

Thanks!  I know it's rather basic but I didn't want to assume anything and end up locking myself out, figured it was better to verify it just in case.

thanks Derelict actually I was focusing on the wrong spot… I created VIPs and a second gateway and this was correct. But the machine I wanted to reach had its @#$%^ firewall activated...

If the bridge is unnecessary delete it and assign LAN directly to the USB NIC in Interfaces (assign). If you can get into pfSense on WAN, do it from there so you don't lock yourself out.

I am really struggling with this. I have a Supermicro A1SRi-2758F-O with 16GB of Ram on it running Pfsense 2.3.1. What is with version 2.2.6 64Bit? Did you also got summaries like this? This is with the defaults set on the mobo and no configuration on pfsense just a fresh install. One of the NICs is by default configured to be the WAN interface as a fail over acting one, it is shared together with the IPMI Port, so please be patient to ensure that this config is changed by you. The problem is the most I can push on this boards gig interfaces is the following IPERF3 = 455mb SCP = 540mb RSYNC = 500mb For throughput tests only the iPerf or NetIO tests would be counting in my eyes related to the circumstance, that all other peoples would be able to perform this test with identic hardware too at there lab or own network environment, to se if they get the same or similar results as you or another user. The test should be running through the pfSense box likes, PC as iPerf server –- pfSense box ---- PC as iPerf client I get 980mb from a VM I have running on an Intel D-1540 which is plugged into the same switch. This is then only telling us that the switch is not the bottleneck in that test! Does anyone have any special LAN parameters that are needed to get the performance up on these LAN ports? You can try out to high up the mbuf size of your NICs to 1000000 and see if this problem will be existing any more or you install the version 2.2.6 (64Bit) and try it out once more again. If I install Centos7 on this same board I can push around 950mb so I dont think its the hardware but I cant seem to get pfsense/freebsd to go any faster than 50% of the capacity of the port. So ok the Switch and this hardware will be then capable to realize this line speed for sure, but Linux is not really FreeBSD and vice versa, please accept this. Nice to know it, but for your problem totally irrelevant.

There are often two ends of a line! That means that in the US are existing export regulations and in some other countries are import restrictions for cryptography. As an example here in Germany you it is aloowed to import cryptographic products, either in software or hardware, but "strong arm" is not allowed for any part. But there are often no rules without any exceptions related to the todays given crypto abilities of the hardware such as AES-NI inside of the Intel Core i7 or Xeon CPUs. It would be the best to consult a transporter company to realize that export and import part, they are familiar with that stuff and are doing it for many greater companies or wholesaler.

Don't see why you need a second pfSense box at all if you have a physical link to the second subnet (Vlan or not). In the end you can either explicitly allow GRE traffic to/from the second subnet on the main pfSense box, or if required build a tunnel for the devices that need it across the link.

@divsys: "Config History" section … While it won't document what you did in your bulk change file ... Sure it does. Choose two config files and hit the "diff" button. Displays the difference(s) between the two selected files.

@Derelict: Add the client and the secret to the RADIUS server and it will work. Did you restart the RADIUS server after making the changes? If it's based on FreeRADIUS shut it down and run it with the -X flag. That will show what it's doing in the foreground. Run a test using Diagnostics > Authentication and post the results. I restarted the radius and it did work :) , Thanks to muswellhillbilly and Derelict

Ok thanks for all the advice. I will see how it goes and post my progress or lack of. Lots of fun anyway.

Misconfigured switch (duplexity), bad cabling.

I just got notification as the system was rebooting on upgrade from 2.3 to 2.3.1 And just did a test from 2.3.1, and that worked.  Also after the upgrade I got an email from service watchdog that it restarted freerad, which was after the upgrade.  It uses the same notifications settings, etc. Now what would be slick, maybe 2.4??  Would be the ability to list what generates notifications and to pick and choose what you get and maybe even add things.. [image: notificatoins.png] [image: notificatoins.png_thumb]

@vbentley: @dotdash: Padlock is pretty legacy these days, there are much better alternatives available. There is a reason it is not in FreeBSD anymore, it is widely believed that it is compromised. See Snowden, etc. There are much better alternatives IF you have the funding to obtain them. If not, and you already have Padlock equipped devices then all is not lost. I got that VIA based router (https://www.google.de/search?q=lex+3v700d&source=lnms&tbm=isch) off of ebay for 15,- Euro including shipping. I had to add a CF card and RAM from spare parts. The proposed ALIX based solution would have cost us about 200,- Euro. But with Padlock running out of support i will have to look for something different for future purchases.