I know it's not fixed in 2.3 beta. I am still getting them but nowhere near the rate you are. For my use, the percentage of discarded packets is so small (around one thousand of a percent) that I didn't bother researching it further. Have you tried the tips on Pfsense NIC tuning? Carlos

Marking this topic as solved. I've already deployed my pfSense to our production environment. I am currently monitoring its stability. I did not encounter any issues with the setup I made, thanks for enlightening me.  ;D

or just mkdir -p /usr/local/share/nmap/; fetch -o /usr/local/share/nmap/nmap-mac-prefixes http://nmap.org/svn/nmap-mac-prefixes Don't have to install the nmap package [image: vendorsforarp.png] [image: vendorsforarp.png_thumb]

Either something off a subnet of the /24 or something off a different subnet. It really doesn't matter - you can do what you want. Without more knowledge of what you're trying to do and what your WAN interface scheme is and what is routed to you it would just be guessing.

Run Virtualbox with 2 VM's, one for pfSense and one for your Lubuntu client.  I just talked about this exact same scenario in this thread.

probably somewhere in the next 10 years or so ;) 3.0 will be a complete rewrite of ALL the backend code. Its not something you should wait for, it'll be a while. 2.3 will probably release within 6 months, chances are there will be some point release after that. (2.3.1 , 2.3.2) while i've not seen any official statement about this, i expect there to be a 2.4 release prior to 3.0

System: Gateways: Edit gateway  => disable gateway monitoring for the openvpn. When it happens, everyone inside the network can work fine, but they just cannot get out on the internet. Can you still login to the pfSense webgui at this point?  ==> check logs when the problem is occuring, it might indicate the cause. Can you ping to a public ip (like 8.8.8.8) ? ==> if you can still ping that ip but have no internet, then you have a DNS issue. in other words, we need more data. you can ofcourse just contact pfSense support that was included with your purchase … but if this ends up being an end-user issue, then you might waste precious minutes in the contract. (I have no clue how the official support works, so i'm not sure how the "billing" works)

As explained in French section too: there is no reason to face problem while configuring Daloradius as back-end Radius server assuming this one behaves as real Radius server  ;) limiting connection time using vouchers is straightforward. Using Radius for authentication, I don't know how to achieve it as this would mean to prevent authentication. Coupling captive portal with http proxy (assuming goal is to control HTTP flow) would be easier, IMHO

Definitely matches up with what I expected to see. Completely lost connectivity to the ISP. Your ISP might be able to tell you whether it's likely the modem or the line at fault.

Or you might try leaving don't pull routes unchecked and forcing the SMTP traffic out your WAN gateway in a rule above the pass any any default. Tried it but unable to send mail out. You have to make sure you are using external name servers on the clients behind the VPN. Added the PIA DNS servers to the client which worked. I'm able to send emails out, ran the dns leak test which showed the PIA host IP and PIA's DNS server IP but I'm not able to login to pfSense using the host domain name no longer. I must now use the gateway IP. Do you leave this VPN up all the time or do you only want it active when it's manually brought up Yes I do

I have played alot with my cables yesterday and the # prompt came back. I think it might have something to do with lcdproc reloading everytime a port goes up/down

Curious why want/need for 2 ports for admin?  Are these directly connected to workstations or something? Also from a performance point of view why don't you run your vlans on em4-7 vs sharing the one lan port?  Are you limited in switch ports or something?

That's a pretty standard design, although this one is not that clever: once you have configured LDAP in order to handle authentication, why would you want to maintain list of authorized users within squid conf itself. As stated in this document, using LDAP group is much easier and efficient.

IIRC, when you have a proxy configured, the behavior of browsers can change and they may not try to resolve resources for themselves.  IOW, the host may be sending the request for "localhost:3000" over to the proxy, which is then trying to hit port 3000 on the pfSense box and failing (because you presumably don't have it open / have a service on it). I know that IE up through 11 has an option under the Proxy settings to not use the proxy for "LAN traffic."  I can't remember if it's smart enough to realize that localhost is LAN (actually, on the local machine), but I suspect it is… and I think that option is enabled by default. My hunch is that Edge is behaving the same way - sees the request for your own machine and just sends it there.  Chrome is trying to send everything to the proxy, which it probably shouldn't.

@wirerogue: pretty sure your wan should be dhcp, not static, so it can pull an address from your isp. Running static IP as the modem is not running DHCP @Gertjan: @Tassiedave: …. What have I stuffed up? lol Everybody uses 2.2.6 and you decided to use 2.2.5. Why ? Because that was the version my boss asked me to install  ;D Are there major differences between .5 and .6? @phil.davis: And post your WAN (and LAN) settings, and what ISP and connection method you think you are supposed to use. Modem: Technicolor TG797n v3 Firmware version: 15.1 ISP: Telstra business (Australia) Will get the settings up in a sec

It now works flawlessly… No errors in any of the logs... plus no issues after reboots. Plus even though I used the GUI, it would only add my IP address to the config file and not the dyndns name.  Seeing as I'm on a dynamic IP package here, I don't have much choice in the issue. I don't know why adding the modem helped, as its my pfSense box handling PPPoE and not the modem.  Modem is only handling the ADSL connection with no credentials.

I blocked out the last two portions of your IP address. It's the same as the IP you post from so any one with admin privs here can see it already. I don't see a current crash from that IP address. The last one I see was from December 13, and it looks like a crash in a memory operation in a fairly common program unlikely to actually have a bug. So more likely than not that would tend to point to a hardware issue.

Well, finally seems to be fixed "magically". On last friday I left the firewall configured and with the problem exposed above. Yesterday I did a test to continue trying to fix the problem and bingo… is working fine. Anyway tomorrow i've to do another test to see if still working. greetings and thanks!!