Nothing broken with vi. If backspace doesn't work, your terminal type is screwed up. ctrl-h will likely backspace in that case. nano and vim-lite are available for those who want another option. Those are available via pkg install, but not in the GUI's package manager. They'll be kept up to date by the upgrade process just like any other package, only diff is if you reinstall the system and restore the config, or restore the config to a diff system, that package won't be reinstalled by restoring the config. But those will be equally broken if your terminal type is wrong.

Is the automatic rule cleaning part of the Miniupnp process, or is it something that PFSense must perform? In either case, is this tuneable at all?

Thanks for the reply, sorry been on holiday hence the delay. The bridge is used to join the WiFi adaptor to the LAN, so I guess it should be possible to remove.  I was considering even simpler solution though, such as plugging something into the LAN port, maybe just a cable from one of the spare ports on the box! I assume this is an issue introduced by 2.3 and thus quite high on your list of things to fix ?  ;)

@cmb: What specifically do you mean, what happens? I usually get this warning: WARNING: / was not properly dismounted and the boot process gets stuck at this point. I have waited more than 4 hours, but it holds there (the disk only has 12 GB). The other day I also got init error 8 after this warning. To detail a bit more my setup. I run a Linux hypervisor and have the VM disks as qcow2 files on a ext4 LVM logical volume on a SSD disk. The vm has this configuration for its disk:     <disk type="file" device="disk"><driver name="qemu" type="qcow2" discard="unmap"><source file="/var/lib/libvirt/images/pfSense.qcow2">       <target dev="sda" bus="scsi"><boot order="1"><address type="drive" controller="0" bus="0" target="0" unit="0"> </address></boot></target></driver></disk>

You can create certificates and chose between two types. These options can be changed under "Certificate Type" in pfsense Cert-manager when creating a certificate. User certificate - e.g. for OpenVPN clients, Radius Clients using EAP-TLS Server certificate - e.g. for pfsense WebUI, RADIUS Server, OpenVPN Server so it has nothing to do if pfsense "should be a server because it is creating certificates". Pfsense can be use a a CA (Certificate Authority) or like a certificate manager tool which can create certificates for many purposes. You can use pfsense as a certificate manager, create CA, certificates and so on and thennjust export them and use the certificates on complete different systems which do not have anything to do with pfsense.

Your question was already correctly answered on your post at serverfault.

Hi kulpreet, Its kinda 'by design'.. As these drain settings made on haproxy's stats page are not persisted by haproxy package. And every config change needs a restart of haproxy thus loosing its old state.. Though it maybe possible to save server state and load it back. Haproxy did add some support for that feature. http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#load-server-state-from-file I'm looking into that now. Regards, PiBa-NL

When you restore a backup, there's a drop-down list that lets you select which area of the backup you want to restore. By default it's set to ALL, so you will need to change it to just the area you want to restore.

First: I know it's not good to use USB NICs and yes, currently I'm still using it. Just want to share some more experiences. So I searched on Google and found this post https://forum.pfsense.org/index.php?topic=13014.msg70145#msg70145 https://forum.pfsense.org/index.php?topic=13014.msg70145#msg70145 As GruensFroeschli said: 1: Well it depends on your setup. If your client can handle oversized frames you should not have to change the MTU. If the driver of your em-NIC's cannot handle oversized frames, you would have to change the MTU on the other side of the link, so no oversized frames arrive at your end. 2: The problem is, that VLAN-tags add 4bytes to every frame. –> frames can become bigger than the allowed maximum. Most drivers can handle this, but some have problems. And some more about vlan and MTU: http://www.microhowto.info/tutorials/802.1q.html http://www.microhowto.info/tutorials/802.1q.html http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN So following this logic, I thought I will need to increase MTU size then. I tried these steps, now VLANs with 1500 MTU works. 1. Enable Jumbo Packet for that LAN USB NIC on physical host not in virtual machine Windows in my case, and set maximum size to 4KB (I guess 2KB or 9KB etc. will work as well, see above links for WHY) (Most Intel NIC supports 9KB, but 4KB is enough for solving this problem though, will be a problem if you need to transfer big files between VLANs where all Intel NICs on PCs support 9KB but the LAN NIC on pfSense only support 4KB maximum, but that is not in this scope though.) 2. Set the actual LAN MTU to 4000 (Or anything greater than 1518) in pfSense. (All VLANs are virtual interfaces created on LAN interface in pfSense) So only 1 physical cable for LAN and all VLANs 3. Then set MTU for all VLAN interfaces in pfsense to 1500. Now all VLANs working with 1500 MTU, For Internet, captive portal web page and web page hosted inside the LAN or VLANs. (Previously, Internet works, but can't get on captive portal page which hosted on pfSense, and can't get on web page which hosted in in LAN hosts.) ;)

Yes, this is very possible. At current, I have it enabled on my box. One wan (plugged into the motherboard) and two lans (using a dual port NIC) What I did was: 1.) Go to "Interfaces / OPT1" 2.) Set IPv4 config type as "Static IPv4" Leave everything else alone in that section 3.) Scroll down a little and give opt1 a static IP. Something like 192.168.2.1 4.) Leave both of the boxes in "Reserved networks" unchecked 5.) Click save 6.) Go to "Services / DHCP Server / 7.) Click "OPT1" 8.) Check "Enable" under "General Options" 9.) Change the range to "(From) 192.168.2.2" "(To) 192.168.2.254" Now, plug in your OPT1 to your pc or something, and you're good to go. (at least you should be) [EDIT] (also, make sure you have the "allow all traffic" rule enabled in OPT1. You can customize it to your liking, but this is just to be sure that it works.)

@KOM: You have to type 124 on the keypad, believe it or not, instead of using the numbers above your letters. Thanks but I know that and that does not work either. There seems to be a problem with ESXI since I am using the webinterface for ESXI and when trying to make a pipe on the computer I am using to connect to the webinterface it works, both the symbol (in my case ALT GR + the key to the right of my left "Shift" button) and the alt-code ALT+124 on the numpad. :( Edit: Solved this by enabling "Secure Shell" (option 14) and then used my SSH client to run the command and then all the characters worked (or at least copy-paste).

I just send xinetd logging to ntp.log (tried to send it to his own log just in case, but couldn't). It's probably not a permanent solution, i guess syslog.conf file will be rewritten on reboot. Just change this two lines on /etc/syslog.conf and restart the syslogd service !ntp,ntpd,ntpdate,xinetd … !-xinetd,ntp,ntpd,ntpdate,charon,ipsec_starter,openvpn,….

There is also an option under System > General Setup to make that panel open by default, if you prefer.

Thanks for your help guys.

On which pages specifically? And did it work in 2.2.x? The entire UI was rewritten between 2.2 and 2.3, some pages may have just been missed when sorting was added back in. Others may not sort for a reason. Usually configuration pages won't sort because the order is meaningful, but status pages will sort.

I can also suggest to never use the admin account as VPN authentication. Sounds a bit paranoid, but why not.