Logic ! Blind Sry for the stupid question. It can be closed

Dare to dream…

Fixed. I reinstall perl it's ok

@owner524: This should be the ips I use?? Is this what I need these are the ips the router is pulling for the ISP

Thank you. I am planning an upgrade. I was hoping maybe it was a known issue that would be resolve with upgrade.

The data was never supposed to be there in the first place, it was only there by luck/coincidence the way that pf log output was interpreted by tcpdump. It's data that should never have shown up, but… [image: 1g3TM1p.png]

lacp would only failover when a link goes DOWN (ie you unplug/cut a cable). it would never failover if, for some reason, you can not ping google anymore.

Erm? You mean to power off/power on the box? You can use cron for the former, for the latter obviously you can use nothing since the OS is not running, Schedule a WOL elsewhere if supported, or set up BIOS to power on the machine if supported.

Yes I was a trying to tag to Gamebox.  Thought since the layer-3 devices have VIP, VLAN and the bridging of the VLAN to the LAN or WLAN they might relay VLAN packets.  If I go back to the 1:1 Nat solution from PfSense VIP to AP, then DMZ the Station to reach Gamebox, I believe I would need to use 1 VIP for every Gamebox.  I only have four VIP's left and don't really want to use them up for this purpose.  If I could get all Gamebox's onto one VIP that would be good but I don't believe 1:1 Nat works that way.

@kejianshi: DHCP static mapping are this way already.  It doesn't mess with the way a laptop get DHCP IPs on this and that network.  Only the way pfsense assigns their ip. Ah yes, thank you. I didn't think about that but should have. Jason

This is what I mean the blocked shows the network ip and the wan ip but the pass only shows the ip of pfsense box how can I record the wan ip ? https://www.dropbox.com/s/gxgrxhp6ux11wvt/pfsense.jpg?dl=0

If you use OpenVPN, just the inbound port for your server on WAN (UDP/1194 by default). Then you must set firewall rules on the OpenVPN tab, which governs what connections from VPN clients the firewall will allow into it, but for a personal remote access firewall it's probably safe to just set it to IPv4 any.

Thanks for the reply. There is not really any reason why i have the ADSL router on the LAN, i was just testing pfsense on my current environment. Just out of curiosity, I was playing around with ZeroShell and it somehow routed the packets correct is there some way of configuring pfSense to "tag" the packets to return to the pfSense box? So to fix my current issue can i just change the IP address of the ADSL router to 192.168.11.8 and set the wan on pfSense to 192.168.11.10 or do i have to physically connect the ADSL router to the WAN port and make sure it is not physical on the same network as the lan?

@AhnHEL: You could also try disabling "State Killing On Gateway Failure" in System/Advanced/Miscellaneous within the GUI.  This should keep your VPN up when Apinger reports a Loss. Actually I found that this isn't a state clearing issue. When delay occurs: Mar 24 12:14:36 apinger: alarm canceled: AWAN(x.x.x.x) *** AWANdelay *** Mar 24 12:14:08 apinger: ALARM: AWAN(x.x.x.x) *** AWANdelay *** The firewall is RESTARTING services altogether! Mar 24 12:14:52 php-fpm[15338]: /rc.start_packages: Restarting/Starting all packages. Mar 24 12:14:51 check_reload_status: Starting packages Mar 24 12:14:51 php-fpm[15338]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.1.1.1 - Restarting packages. Mar 24 12:14:51 check_reload_status: Reloading filter Mar 24 12:14:51 php-fpm[15338]: /rc.newwanip: rc.newwanip: on (IP address: 10.1.1.1) (interface: []) (real interface: ovpns4). Mar 24 12:14:51 php-fpm[15338]: /rc.newwanip: rc.newwanip: Info: starting on ovpns4. Mar 24 12:14:50 check_reload_status: rc.newwanip starting ovpns4 Mar 24 12:14:50 kernel: ovpns4: link state changed to UP Mar 24 12:14:47 check_reload_status: Reloading filter Mar 24 12:14:47 kernel: ovpns4: link state changed to DOWN Mar 24 12:14:47 php-fpm[65238]: /rc.openvpn: OpenVPN: Resync server4 Remote Access VPN Mar 24 12:14:47 php-fpm[65238]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AWAN. Mar 24 12:14:46 check_reload_status: Reloading filter Mar 24 12:14:46 check_reload_status: Restarting OpenVPN tunnels/interfaces Mar 24 12:14:46 check_reload_status: Restarting ipsec tunnels Mar 24 12:14:46 check_reload_status: updating dyndns AWAN Mar 24 12:14:33 nrpe[3162]: There's already an NRPE server running (PID 88503). Bailing out… Mar 24 12:14:33 nrpe[3162]: Starting up daemon Mar 24 12:14:31 php-fpm[25418]: /rc.filter_configure_sync: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:30 nrpe[73937]: There's already an NRPE server running (PID 88503). Bailing out… Mar 24 12:14:30 nrpe[73937]: Starting up daemon Mar 24 12:14:29 php-fpm[56975]: /rc.start_packages: [filer] filer_xmlrpc_sync.php is starting. Mar 24 12:14:29 php-fpm[56975]: /rc.start_packages: [filer] filer_xmlrpc_sync.php is starting. Mar 24 12:14:28 php-fpm[56975]: /rc.start_packages: Restarting/Starting all packages. Mar 24 12:14:27 check_reload_status: Starting packages Mar 24 12:14:27 php-fpm[39957]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.1.1.1 - Restarting packages. Mar 24 12:14:27 check_reload_status: Reloading filter Mar 24 12:14:27 php-fpm[39957]: /rc.newwanip: rc.newwanip: on (IP address: 10.1.1.1) (interface: []) (real interface: ovpns4). Mar 24 12:14:27 php-fpm[39957]: /rc.newwanip: rc.newwanip: Info: starting on ovpns4. Mar 24 12:14:26 check_reload_status: rc.newwanip starting ovpns4 Mar 24 12:14:26 kernel: ovpns4: link state changed to UP Mar 24 12:14:21 php-fpm[34202]: /rc.filter_configure_sync: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:20 php-fpm[25418]: /rc.openvpn: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:20 check_reload_status: Reloading filter Mar 24 12:14:20 kernel: ovpns4: link state changed to DOWN Mar 24 12:14:20 php-fpm[25418]: /rc.openvpn: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:20 php-fpm[25418]: /rc.openvpn: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:20 php-fpm[25418]: /rc.openvpn: OpenVPN: Resync server4 Remote Access VPN Mar 24 12:14:20 php-fpm[25418]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AWAN. Mar 24 12:14:20 php-fpm[25418]: /rc.dyndns.update: MONITOR: AWAN has high latency, omitting from routing group WAN1toWAN2 Mar 24 12:14:19 check_reload_status: Reloading filter Mar 24 12:14:19 check_reload_status: Restarting OpenVPN tunnels/interfaces Mar 24 12:14:19 check_reload_status: Restarting ipsec tunnels Mar 24 12:14:19 check_reload_status: updating dyndns AWAN I know I need to educate myself on the traffic shaper in PFSense, however, it seems to me that services shouldn't be restarted just because apinger detects delay or removes a gateway from a group.  And I do currently have state killing disabled.

https://redmine.pfsense.org/issues/4276 https://redmine.pfsense.org/issues/4326 https://redmine.pfsense.org/issues/4405 https://redmine.pfsense.org/issues/4524 https://redmine.pfsense.org/issues/4529 most of those won't be an issue but 4276 will if you plan to use L7 on 2.2.x

Hi, Thanks for your replies Guys.. My Notebook Interface is 1Gb, so it's running ok (so far).. I prefer to have all the VLANS Tagged and disable untagged traffic on the port  that connects to the Notebook (PFSense Box). so only tagged traffic is sent from the switch to the notebook, basically I'm using 3 interfaces on the switch, 1 belongs to the LAN Vlan and connected to another non managed switch, another port connects to the ISP and it belongs to the WAN Vlan and the 3rd port is connected to the notebook as a trunk that accepts only tagged traffic and it only has 2 Vlans (WAN & LAN). So far it is working OK, but please if you hear or read of a possible flaw when using VLANS appreciate your advice. Cheers  :)

I was hoping for a nicely formatted display similar to the arp table webpage. Anyways cleaned it up a bit to make it easier to read. arp -a | awk '{print $1""$2""$4}' | sed 's/_/ /g Thanks.