Seems to be more of a HP issues at this point… Will work with them. Thank you for all the advice... It did help to clarify some things for me. Sincerely, Kell

Squid and limiters don't work together.

@NOYB: Though I'm not sure why this Thu Apr 9 date though and whether or not it is an indication of a problem. That's the date on which it was compiled … looks like you are using pfSense 2.2.2

@cmb: Check the "disable" box for the instances you don't want to run. Otherwise they will be started during boot, and at a variety of other times while the system is running depending on what you do to it. Thank you cmb. I totally forgot about that setting. Appreciate your help.

Yep. Agreed. Something for me to experiment with now and create a proper DMZ.

@Supermule: I get the same on VMX0 (vmxnet3) driver and the console is flooded with timeouts. Changing the VM to E1000 NIC instead makes it go away instantly. That has no relation to OP's issue, please post your own thread if you'd like to pursue (and if you're still running some ancient ESX version, upgrade it first).

So you have 2 vlans already on eth2, vlan 10 and vlan 20 - and now you want eth0 to be part of vlan 10, and eth1 to part of vlan 20? Dude if you need more ports in your vlan - connect to a switch with the port configured for that vlan.  Interfaces on pfsense router are NOT switch ports..

I guess…I don't see anything else really on the upgrade guide that deals with potentially outage-causing issues like this, and they have whole sections on HA considerations. You could also say, most people doing HA already have lagg groups configured. And while that is also true, it also doesn't excuse the omission of this critical piece of data. Thanks for the followups and suggestions though, I don't mean to sound ungrateful, this is just a bit too sloppy for what I've come to expect from the pfsense team.

Thanks dotdash - I've already updated the default gateway and disabled the WAN interface as that connection will be going away at the end of the month.  I did consider modifying the config as you suggest, I was just wondering if there was a quicker and easier solution.  It's not really a big deal other than some minor GUI implications; some things default to the WAN interface or nothing if WAN is disabled.

Are you talking about the real definition of a DMZ or the little blue plastic router definition of a DMZ?

@Callahan: Fixed the issue. Just borrowed a brand new DrayTek Vigor 130 from a friend to replace the DrayTek Vigor 120 (tried 2 of these so assumed it wasn't the modem). Using the new DrayTek 130 fixed the issues it seems. At least I can climb back to 15mbps down again. So leaving this post in case it helps anyone else that has the same setup as I have. ADSL = MTU 1492, Cable ie non UK (or Virgin possibly never looked/checked) is normally MTU 1500,  Draytek 120 only does 1500 iirc, dont know if 130 supports MTU 1492 out of the box and there might be a hack circulating to force the 120 to use an MTU 1492 but it might have involved a firmware update.

Its no longer a conspiracy when it happens to one's self. I guess Snowden is all a fabrication & conspiracy as well and I didnt read it the media, but his reports certainly explains some of whats happened to myself and customers when looking back through support calls. All a figment of the imagination I guess, and next I'll be renamed Walter Mitty.  ::)

Different files referred to in the links but potentially two different methods to save settings after reboot might be found here. https://forum.pfsense.org/index.php?topic=94511.0

You do understand the helper/proxy for ftp was removed awhile back.  Depending on what your doing you can grab the package dok mentions or you have to manually create the rules. Sounds like your connecting outbound to servers on the public.. Passive should just work without any issues unless you have restrictive outbound rules. Or are you serving up the ftp and clients are having issues connecting to them behind pfsense?

I am currently running unifi AC AP, running 3.2.10.2886 which is the latest if your on the 3x line of the controller software.. 3.2.11 is out for the 4x While I am no apple fan, do have 2 apple iphones 5s and 5c in the house and an ipad 3rd gen and don't have any problems with any of these devices on wifi. As I suggested before - sniff to see what your problem is.. You could prob just sniff right on pfsense to see if your having retransmission errors.  So your saying the unifi controller is not showing any retrans and such?  Look on your AP do you see any errors for TX or RX? see attached example [image: unifierrors.png] [image: unifierrors.png_thumb]

pfSense issue ? I tend to say that it's more an issue that can happen when you use an (very) old version. News versions have often more functionality (and less bugs  ;)).

@Jailer: At the risk of sounding like a total noob, what all exactly does this block? I currently have the top 20 blocked. Will this block those as well as other known offenders? Unfortunately, the primary reason why I wrote pfBlockerNG was not for the Country blocking per se.. It was that the previous pfBlocker version couldn't handle a lot of the Threat Sources that are available… Also it didn't have any de-duplication of the lists... Not to mention that the Country lists were over 2 yrs out of date. So to answer your question, if you use the Country Blocking features, it will download those first, then other lists are downloaded and if the IPs are already being blocked by a Country List, those IPs are skipped as they are already in the database...  So yes, the other lists make a big difference then just using Top20.

I'm afraid I'm not very knowledgeable when it comes to networking. Which begs the question why are you trying to configure an IPsec VPN on a fairly complex routing firewall in the first place?  I'm not trying to bust your balls, but this stuff is not for people who are networking beginners.  You will find that the people here are very knowledgeable, but they won't do it all for you. YouTube? Check out some of these tutorials to get yourself started.  Come back if you get stuck or have specific questions. If that doesn't get you going, then perhaps investing in an incident from pfSense Support might be in order. You could also try offering a bounty in the Bounty forum and perhaps someone will connect with you and do it for you for a nominal fee.