What a pain in teh ass.  You would think they would incorporate a defrag/compaction feature into the virtual machine definition like VMware does.

You need to segregate those clients on a separate LAN (or VLAN).  That means: A second WiFi Access Point, or a WAP that understands VLANs and lets you assign the different SSIDs to different VLANs A switch that understands VLANs, or a separate interface on the pfSense firewall box I'm doing a mix of the two methods, I have VLANs on my network switches, and one of those VLANs is for "guests".  The guest VLAN connects to a cheap consumer WAP which doesn't understand VLANs, but the network switch handles that issue. Now that the guest WAP is on a separate VLAN, I can assign limiters in the pfSense firewall rules to any traffic coming from the guest VLAN and going to/from the internet.

A little update since I stumbled upon something good recently: Using LibreOffice Draw and the VRT Network Equipment shape set is great. The shapes are open source, available as a LibreOffice extension, and they have a decent license which includes an exception from the attribution clause for their intended use (meaning you don't have to put their name/link on all your diagrams) My main nitpick is that connector placement/adjustment in LibreOffice Draw isn't as good as Visio, but things can still be tweaked into acceptable places.

I have had switch/router devices before that would stop responding to ping on an interface if the interface was physically down - from memory it was Cabletron/Enterasys gear. Once you knew the behaviour, it meant you knew when the cable had fallen out at a remote place.

Thank you for your answers, at the moment I can't reprogram the software and I need connection. I'll try to create a VPN server and a routing table to fix it. Thank you,

I don't really have an environment to test that. But the static IP machines are not going to be getting any settings from a DHCP server. Normally the DHCP server would send them some default domain information that lets them learn a domain to use. So you probably need to either: a) Explicitly set the domain somewhere in the static clients or b) Set up some static mapping in the DHCP server so that those clients can use DHCP, and will thus get the domain name along with their static-mapped IP. Or I don't really understand the whole combination of systems/settings and someone else will have a good idea :)

I block the youtube with blacklist youtube.com and googlevideo.com.

$5/mo is pretty cheap for a static IPv4 address.  I'm being charged $20/mo for that with Verizon FIOS (who doesn't yet do IPv6).

Or consider installing "monit" on the pfSense box as a minimal tool.  You'll have to do it from command line.  I prefer Monit for small independent boxes, much easier to setup then Nagios/Zabbix/Icinga.

I used the OpenVPN client on my Android phone to troubleshoot my own OpenVPN setup. #1 Disable WiFi on the phone #2 Fire up OpenVPN client and connect to my VPN #3 Do testing on the phone That was enough for me to figure out whether OpenVPN was configured properly on pfSense. (I'll have to try the Android phone as a WiFi hotspot idea as well.)

Yes, it seems to be the modem - what a piece of shit! The MAC address is key… if I hadn't had a 'virgin' Alix box, I don't think I would have ever got this working. I've replicated its MAC to both fw1 and fw2, and they now both work fine; they can reach the 'update' site. The perverse behavior of this modem would seem to completely rule out using the failover feature - if it was ever possible on a bridged modem. I've still got one question: Is there any historical data on the pfsense box that the cable modem could access during DHCP? I ask because when fw1 (and subsequently fw2) was connected to the bridged cable modem, I observed that pfsense reported a gateway address that it used when it was connected to another gateway device (the router for the fixed-IP service). I totally don't understand how pfsense could report such nonsense.

Watch, Charon isn't flagging memory pages to not be paged out then the kernel attempts to access said memory locations.

@phil.davis: Should I just replace that file with what you have there? or Should I upgrade to pfSense 2.2.3 after the backup config? Will upgrading to 2.2.3 give me clean copies of all the code? Yes, you could paste in the proper code from https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_2/usr/local/www/diag_logs_resolver.php and fix this file. That would fix the current problem you see. But if you do not know how the wrong code got there in the first place then who knows what other code or files are also not right. Upgrading to pfSense 2.2.3 will give you clean copies of the code. Maybe fix up the code in diag_logs_resolver.php for now, then upgrade to 2.2.3 in a couple of days (doing a full backup along the way…) You could also backup the config, reinstall 2.2.2, reload the config, let all the packages reinstall. That will bring you back to known good 2.2.2 Just paste your code. It fixed that problem, big thanks to you. I will wait for couple days before upgrade to 2.2.3. Thanks again.  ;D

Thank you for the reply, but the extra services from Watchguard are not needed. The Watchguard OS with the basic services included, are just fine. Greetz DeLorean

Press enter and you should get the menu. In the menu you could choose 'Halt System'. Otherwise reboot if possible and look at the terminal window while booting. APU startup is 115200. If you upgraded hardware and used an old config it's possible you should choose 9600 to see pfSense booting. [image: terminal.jpg] [image: terminal.jpg_thumb]

You can customize the unifi portal to your hearts content so putting a link to a CA cert should not be a problem.  Or just using a trusted signed cert should remove that problem all together. You are correct mdns can be a pita, think the ttl is 1, etc.  I solved it even easier way by just putting my printer on the wlan segment ;)  Before that I had done it with cups, where my cups server just had an interface in the wlan segment as well.  Then I didn't have to worry about running cups.