Hi Steve, No, I'm not using DKIM. The problem seems to be related to TLS and to the length of the email message: the bigger the email and more probable the network problem and hence the timeout. Also the "distance" between the servers seems to have an influence, probably because more hops imply more time and more chance to lose fragments. A lot of messages come from google's servers (209.85.128.0/17, 74.125.0.0/16). I tried to decrease the MTU of the server's interface from 1500 to 1362 and this had a positive effect. I'll try to lower it more. Thanks, Stenio

I've been using Squid and Dansguardian for about 10 years (but running Ubuntu server).  I would recommend using e2guardian rather than Dansguardian.  It is a fork that has added quite a bit and is active (Dansguardian updates and support seem to be fizzling out). With e2guardian/Dansguardian you can create different filter sets and then direct them to the proper port based on ip range or subnet.  In my Ubuntu setup I'm using Shorewall as the firewall and that's how I redirect.  I'm working on coming up with the same type of setup in pfSense, but haven't quite gotten there yet. Here is a link that is specific to setting this up in Ubuntu, but it might give you some good ideas that you can use in your setup on pfSense. https://www.branchdistrictlibrary.org/professional/ubuntu_precise_dg.php The info in the link is from a gentlemen who sets this up for a library system he works for, but as I mentioned I've been using a very similar setup at home for many years.  The link also uses Dansguardian, but I don't imagine it would be much different setting up e2guardian. I'm looking at doing something similar to what you're doing with the MAC addresses, but I am hoping to put together a quick web page hosted on my box that will allow my wife to turn access off/on for specific devices (kids Kindles, XBox, etc).  In my current setup I have a similar page that will allow my wife to whitelist sites without my help and without her having to login to the administration of the server. I hope this didn't stray too far from your questions, maybe some of it will be helpful to you. I'm going to watch this topic in case you post updates on your progress.  If you do, maybe I'll post some of mine too since I'm trying to accomplish similar things as I move my environment over to pfSense.

Good to hear that it's working now.  Any time there is a funny access issue or block that doesn't make sense and Snort is involved, I always disable Snort and see if the problem goes away.  Snort cn be funny sometimes and flag legit traffic for whatever reason.

Please draw how you have it connected.  Your more then likely going to want to disable wifi on the device you got from the ISP and setup wifi behind pfsense with an AP, or other wifi router being used as AP. So your pfsense wan IP it is getting is what?  Your static is most likely on the wan of the isp router you have..  So know you can not put that IP on the pfsense want.  Unless you can turn your isp device into just a bridge/modem so pfsense gets a public IP on its wan.

Did you mean to say that one interface will connect to the Internet and one will connect to the LAN? I assume you want to create mesh IPSEC vpns over the Internet to create a WAN between sites. For internet speeds of 500Mb/sec or less, pfsense will easily handle the Internet routing and NAT (given powerful enough hardware). The encryption depends on how many sites you have running data at the same time. I have no experience with doing IPSEC on pfsense, but I assume that pfsense can use multiple cores for handling multiple VPN encryption streams. Anyone know for sure? I would not use pfsense for inter-VLAN routing at each location. Use a layer 3 switch for that. You'll also need to be concerned about routing protocols. For seven sites, static routing is going to get cumbersome. You'd want OSPF or (my preference) BGP. I've not used either in pfsense, so I can't comment on how well they work, or how easy it is to implement.

Netonix and MikroTik will be able to have some of that you are searching as I can remember on it. Try start your search there would be not a bad idea in my eyes.

I just tried changing to net30, but it doesn't seem to have helped. I also seem to be having the same dpinger messages in my log as this thread: https://forum.pfsense.org/index.php?topic=110751.0 (although my pfsense isn't virtual)

CPU: Intel Core2 Quad Q8400S Mobo: Super Micro X7SBL-LN2 RAM: 8GB DDR2 SSD: 60gb corsair Would be powerful enough for all. Did you here about WSUS offline you can fairly install it on one of your PCs and burn from time to time a new DVD or DVD-RW again and again. So you would be able to install the MS patches on your PC very fast and directly! Put the 250 GB HDD in the PC and unpack there the WSUS offline program the it will collect according your settings all updates for, Windwos 7,8,8.1,10 and MS Office since 2007,2010,20… and it will create for each MS Version a own DVD image, I am storing that ones on a NAS so I am really able to install things back over the LAN and together with a virtual drive I am able to mount the images directly! So you will only need a 60 GB SSD and this might be running then well for you! On top of this please search the forum about Squid and WSUS. i currently have a netgear DGND3700 i dont beleive this will allow a true bridge mode.  im thinking ill get a https://www.pccasegear.com/products/27551/draytek-vigor130-vdsl2-adsl2-2-modem-router or https://www.pccasegear.com/products/17063/draytek-vigor-120-adsl2-2-modem-router Many users were reporting that the DrayTek Vigor 130 is running very well and is sufficient enough for usage as a pure modem acting in the so called "bridge mode". Each cent is good invested here. Try to install on the Netgear DGND3700 DD-WRT or OpenWRT and use it as a wireless AP connecting to the LAN1 Port. For that it would be a nice device to serve WiFi without any hassle to the LAN.

What version of pfSense? And compare the output of "ifconfig gre0" when done in the GUI vs in the shell. You may be hitting this, which has been fixed on 2.3: https://redmine.pfsense.org/issues/6010

It's generated with php's uniqid() function. It doesn't matter what the ID actually is, so long as it's referenced consistently. The format isn't set in a spec or anything, we just use uniqid() since it's quick/easy and easier to look at than a full uuid…

Thanks for your feedback

I added those 4 (plus nano, another oft-requested one, while I was at it) to the poudriere build list. They should be available via 'pkg install' now.

Before I return the network card, I tried booting PfSense without it plugged into the PCIe slot, and it wouldn't boot. I assume this means that PfSense needs a network card to even boot. If the card wasn't being recognized before (I doubt it's recognized as a RealTek device), why isn't PfSense booting? Note - It is bootlooping after the console gives itself a reset command…

Well. Tried going down to 2.2.6 and no good. tried 2.2.3 still same thing. Tried 2 different Hardware and still same thing. but if I connect the ISP directly to the PC everything works fine. This is really frustrating.

pfSense uses bsnmpd, not net-snmpd. bsnmpd does not support exec statements in that way. For pf-related stats from bsnmpd, see https://raw.githubusercontent.com/pfsense/FreeBSD-src/devel/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt

I had this working with my UVerse TV sitting on it's own dedicated interface on my pfSense box with 2.2.6, but it seems to be broken with the 2.3 update. I suspect it has to do with either upstream forwarding or IGMP snooping.  My TV STB's work for about about 6 minutes, then when the Snooping times out, the connection gets dropped.  However, if I wait a bit, it does reconnect again, but then works until just after the timeout. Any way to get the igmpproxy which was distributed with 2.2.6 included with the next update?  As I understand it, it was patched and these patches were not included with 2.3.  I could be wrong. I also have a /29 fixed IP block which was also working with the IPTV and traffic was separated onto two dedicated ethernet ports on the pfSense box.  The /29 is working, but IGMP is no longer.

@bwdutton: As noted above, download the nrpe package from: http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/ There are a few dependencies so you'll need to install libgd and nagios-plugins as well. Is there a way to install all dependencies with one command or do I have install one by one?

Thank you I didn't think of failover situations.

I cannot get NAT Reflection to work at all.  The only way I have been able to access actual URL's that are behind the firewall with my workstation, or any other machine behind the firewall is through the HOSTS file