@cmb: Was about to reply that's what your BIOS is reporting, something not right there. Might want to check for a BIOS update as that seems like some kind of bug with it. Glad you found a workaround at least. It was fine until I reinstalled everything…..but I had been tinkering with BIOS settings trying to get the watchdog timeouts to stop. This is the first BIOS for this board and I'm hoping SuperMicro comes up with a fix for my watchdog timeouts.  Sure seems to be a hardware issue (details in the hardware forum thread).

No, nothing logged prior to the crash. I suspect this is either a Snort memory leak or badly configured Snort. I don't know Snort that well so I could have done something stupid.

The ISP fixed it, but in the mean time I managed to mitigate the problem by executing the following script every few minutes via a cron job: #!/bin/sh ALLDEST="8.8.8.8 208.67.222.222" COUNT=1 while [ $COUNT -le 2 ] do for DEST in $ALLDEST do ping -c1 $DEST >/dev/null 2>/dev/null if [ $? -eq 0 ] then exit 0 fi done if [ $COUNT -le 1 ] then /usr/local/sbin/pfSctl -c 'interface reload wan' >/dev/null 2>&1 exit 1 fi COUNT=`expr $COUNT + 1` done The script is a hybrid based on this script and the command in the last post here since the ifconfig doesn't work for pppoe. Big thanks to those guys. All credits go to them.

@mike254: That's where it switches over to serial console up until the boot process is complete. It's probably stopping at an interface assignment prompt which is only visible on the serial console. Connect a null modem cable to the serial port and console into it and you should be able to assign the NICs and continue. Get in touch with us via support if you need further help with that. Thanks cmb Does this mean the hardware is not faulty? Are there any commands i need to enter on my terminal to access the Serial console?

@CyberTiVo: There are many reasons to have a quick simple way to have spare pfSense backups since I have had quite a few USB sticks loose their cookies. Yes, there are many reason to have a backup. There are zero reasons to make backups by using completely broken methods like trying to dd a live system. Absolutely horrible idea leading to inconsistent state and broken filesystem.

what is Apinger using as the destination ip (my gateway ip doesnt reliable respond to pings) maybe it prioritises other internet traffic over the pings also i wouldnt trust that graph (apinger)find a different tool whats your cable modem show http://192.168.100.1

I'd be happy of he would just answer the simple questions he's being asked, such as What is it that you're really trying to do?

@Panja: @Panja: Could the restrict access be done with FreeRadius? I'm going to setup radius for wifi authentication anyways. To answer my own question: not possible… I can restrict logging on to the network, but already connected devices stay connected. So for instance if I set the user logon times to be available from 07.00 - 21.00 hours. When the device is connected between this hours and does not disconnect, than the connection is still available after 21.00 hours. Only when the device gets disconnected and tries to reconnect, than the connection is not available. So setup a cron job to flush the states at 7:05.  It may interrupt a few legimate things, but it whacks the desired connections and then if they try to reconnect, they get hit by the scheduled block.

Hi David, many thanks for your reply…. to answer your question: we have several costumer connected to us via microwave. Our DC is for this costumer the internet breakout. I am the owner of the external ip-addresses. I am responsible for the communication, to and from the internet (in German called "Störerhaftung"). To guarantee that a specific costumer use a specific IP in this range , I need PPPoE, or I must use for each costumer his own VLAN with an overhead  of unused addresses (Broadcast, Net-IP). I will try your suggestion... Dirk

Thanks!  That makes sense. I should have realized it when it turned grey it was no longer being considered, but it also tries to calculate it then turns it grey which threw me off.

Looks like it should be working.  Put something else on the WAN side instead of whatever network you're plugging into and see if it works. Or start doing packet captures. Or reset and start over like I suggested before.

If you are putting the ap on the lan port of the pfsense box and you have dhcp running on that lan interface, say pfsense lan interface is 10.0.0.1 with dhcp server set to give out 1.0.0.3-10.0.0.X you can give the ap a static ip of 10.0.0.2 on the interface used to connect to pfsense and it will work on the ap stop dhcp dns and firewall set 10.0.0.1 as gateway and dns.

I, after a deep dive in packet analisys an sniffing i found out that  the problem was due to large packets with a strange (0.06 sec or greater) delay. Those packet disappears without any warning when hitting client interface. I finally found a workaround with a standard rule on client interface client --> NLB:80 with advanced features state type = none Bye, Chris

Hi Dose it happen no matter what setting you changed. It sounds like you are setting a new ip on the interface you are connected to or maybe adding a firewall rule that is blocking you.

Yeah I should probably think about more productive things, but I'll go check when I actually get some sleep. It's 7 AM for me now, I was supposed to sleep 9 hours ago.  ::)

@Digitallydone: I figured it out. pfsense won't let you use your original LAN IP address in addition to the VLAN interface ip. So I went "interface -> LAN". Under "IPv4 Configuration Type" i select "none". But the remaining VLANs interfaces kept their respective ips. I gave it a reboot and "voila" problem solved. This should be the case with any router. On a trunk interface all traffic needs to be tagged.

It seems like you are plugging in both of the ports on your pfsense router to the same switch?

@guitarpicker: The custom import was a one-time action, and does the same thing as if the users were entered via the GUI.  After this import, all new users are being added via the GUI.  I am not running any custom scripts Sorry i wasn't clear. I meant: what about a custom script that save user somwhere, download it at boot and then readd it (maybe in import-like mode)? Firewall would be reacheble even without users and then wil readd it again. But u should be able to: 1. prevent pfsense to save itself the users 2. store them (local persistent HD or remote) 3. import them at startup (maybe the simpler things to do) @guitarpicker: The deletion happens at every boot is just how pfSense (and upstream m0n0wall) work - not by any sort of customization that I have done.  You can see for yourself in the source code for the local_sync_accounts function (https://github.com/pfsense/pfsense/blob/f1551428c4fe708232fc80239ec207640b058a28/src/etc/inc/auth.inc#L378) which gets called at boot up.  The general flow as seen in the comments is: Delete local users Delete local groups Sync (import) all local users Sync all local groups This simple and rather foolproof method of synchronizing the user accounts with the configuration file could be optimized for performance, but the code would be immensely more complex to do so.  I think the lion's share of the delay is due to calling the local_user_set function (https://github.com/pfsense/pfsense/blob/f1551428c4fe708232fc80239ec207640b058a28/src/etc/inc/auth.inc#L450) for each user on each boot, which has a laundry list of things to do when setting up a new user. It sounds like this isn't a high-demand feature.  I would much rather have an option to use FreeRADIUS without storing the plain text passwords than to spend a lot of time optimizing the local account sync process.  I don't think this is likely to happen either, since the whole reason they store the passwords is so that you can change the encryption type in FreeRADIUS without losing all the accounts. Fortunately, pfSense has been rock solid and I haven't needed to reboot much.  I schedule it to reboot at night when I need to, so that the delay doesn't affect our users. Looking at code it call system binary file to read and write users correctly(and set them the password): $user_op = "useradd -m -k /etc/skel -o"; $cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}". " -g {$user_group} -s {$user_shell} -d {$user_home}". " -c ".escapeshellarg($comment)." -H 0 2>&1"; Write users differently implicate a function that write "X" users directly to user file being careful to not corrupt this file.. it seems risky :D