Ok, I think what you are asking is why can the [same] client machine achieve good test results when behind a firewall but poor test results when connected directly? I don't think you've mentioned any specifics about the client machine, so I'm just guessing, but pfSense is FreeBSD based and generally performs exactly the same as most FreeBSD clients especially when software versions are identical and installed on identical hardware. Also - in my experience - FreeBSD generally performs identical to Linux clients and usually outperforms Windows and OSX clients. If you are testing with a Windows or OSX client your results are not unusual. If you're using a FreeBSD (or linux) client on similar hardware then I would suspect a configuration issue or even possibly a speed/duplexity mismatch. Are you doing your performance testing with identical hardware and identical operating systems? It seems from the information provided that pfSense is performing properly, and it also seems the client should be able to produce identical speed test results but is not, so if I were working on this issue I would begin by troubleshooting the client. Starting with the basics, I would reboot every device in the test setup and then first check that the speed and duplexity matched up for the client test. If that looked good, then I would check the interfaces on each device for errors and if that passed, I'd probably start eliminating variables and try a different cable, client, then modem.

^ since this thread is a year old I doubt this is still and issue bahs ;)

It's missing some info, such as the message log/buffer with the other part of the kernel panic message. Can't tell much from what you have. It doesn't look familiar, it's crashed in an operation on an OpenVPN tun device. Can't say I've seen that one before. Could be hardware, but hard to say with any certainty.

1. Make sure you are using pfSense 2.1.4, not 2.1-RELEASE as the OP of the thread was. 2. From the console menu, try the option to reset to factory defaults. If that fails, try: cp /conf.default/config.xml /conf/config.xml

I'm no expert but here is what I think. pfSense does not have any built-in tamper detection that I am aware of other than IDS like snort or suricata.  You must use other tools to enforce the use of the proxy, such as firewall rules, domain policy, WPAD policy etc. HTTPS proxy support requires SSL certificates to be installed or manual proxy configuration on each client, but it can be done.

It all depends what your WAN connection is as to what's 'normal'. However 25% packet loss looks pretty bad. Steve

Your initiator shouldn't be sending the connection to the gateway, have you tried using the server local IP address instead of the FQDN instead? The machine/ dns server might not be resolving your fqdn to the internal server ip.

It's normal.  The continuous ping is to allow pfSense to ascertain that your upstream gateway (in this case, it's your modem/ router) o verify that the connection is active and usable. This is helpful in multi-WAN connections where the router can detect connection failure on one link and switch to the next.  It's also used to restart certain services or connections to force downstream services to change their state to reflect the loss of connection. The ping latency results are also used to generate the link quality RRD graph. You can change both the frequency and the destination to ping - you might want to change this because your router can be up and contactable but the actual internet link may not be. To do so, go to System -> Routing -> Gateways.  Click the "e" button next to the default gateway. Under Monitor IP, enter an alternative IP address that is on the internet and contactable through your link.  e.g. Your ISP's DNS server IP or Google DNS server IP Click on Advanced to expand it. Under Probe interval, enter a new value (in seconds) to change the interval between pings.  If you are using an external server, you might want to increase the interval in case this behaviour is deemed to be an attack.

I know the people I have suggested them too have been very happy and get great speeds on the ones I have tested have more than capable of solid 100mbps connections.

@BBcan177: Google "Fatal trap 12: page fault while in kernel mode" and there are lots of people with that error. What kind of machine is it? Are you virtualizing this machine? 'tIs the first machine in my sig, BB; not virtualized  ;D I don't think it was hardware; I uninstalled these packages mentioned before, and so far no hangs anymore. I'll see what happens next.

Thank for answer Can you tell me how to block free proxy or anonymous proxy?

I won't be able to help out any further alexxtasi. You've exceeded my ability to assist through the forums. It's often difficult enough to get the base system running properly because of it's numerous bugs and quirks much less when you customize to the extent that you have. Good luck my friend.  :)

LOL, never mind guys i have resolved this issue, the problem as usual, was with the meat-ware .. rolls eyes have a great day .. ;) Cain

Hi , Thanks for your answer. i had a sohpos asg 110/120 . i installed now on the same HW pfSense. here are some information about network devices: [2.1.4-RELEASE][root@c02506ccd392]/root(5): dmesg | grep pci pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0 pci0: <acpi pci="" bus="">on pcib0 pcib1: <pci-pci bridge="">at device 1.0 on pci0 pci1: <pci bus="">on pcib1 vgapci0: <vga-compatible display="">mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1 fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xff00-0xff3f mem 0xfdfff000-0xfdffffff,0xfdf80000-0xfdf9ffff irq 16 at device 9.0 on pci0 fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfe00-0xfe3f mem 0xfdffe000-0xfdffefff,0xfdfc0000-0xfdfdffff irq 16 at device 10.0 on pci0 fxp2: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfd00-0xfd3f mem 0xfdffd000-0xfdffdfff,0xfdf60000-0xfdf7ffff irq 17 at device 11.0 on pci0 fxp3: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xfdffc000-0xfdffcfff,0xfdfa0000-0xfdfbffff irq 17 at device 12.0 on pci0 atapci0: <via 6420="" sata150="" controller="">port 0xfb00-0xfb07,0xfa00-0xfa03,0xf900-0xf907,0xf800-0xf803,0xf700-0xf70f,0xf000-0xf0ff irq 20 at device 15.0 on pci0 atapci0: [ITHREAD] ata2: <ata channel="">at channel 0 on atapci0 ata3: <ata channel="">at channel 1 on atapci0 uhci0: <via 83c572="" usb="" controller="">port 0xf600-0xf61f irq 21 at device 16.0 on pci0 uhci1: <via 83c572="" usb="" controller="">port 0xf500-0xf51f irq 21 at device 16.1 on pci0 uhci2: <via 83c572="" usb="" controller="">port 0xf400-0xf41f irq 21 at device 16.2 on pci0 uhci3: <via 83c572="" usb="" controller="">port 0xf300-0xf31f irq 21 at device 16.3 on pci0 ehci0: <via vt6202="" usb="" 2.0="" controller="">mem 0xfdffb000-0xfdffb0ff irq 21 at device 16.4 on pci0 isab0: <pci-isa bridge="">at device 17.0 on pci0 the trunk port is configured correctly and i can see also the traffic on the pfsense. I can see just requests packets and when i dump on fxp0_vlan5 (Valn 5  interface) i can see that the pfsense didn't answer this traffic at all. the firewall rules are set correctly and i am not seeing any blocks. i have done test with the client as you suggest before i post my question . in this case i have the same issue. perhaps i miss some configuration. could you please send me your sysctl -a output ?</pci-isa></via></via></via></via></via></ata></ata></via></intel></intel></intel></intel></vga-compatible></pci></pci-pci></acpi></acpi>

I have no idea how you would even calculate how much time is spent on something like Youtube. There is almost no correlation between bandwidth used or time spent transferring and actual viewing time. The only practical way is to just have time slots that allow/block the services. Otherwise you may have to do parenting the old fashioned way.

Hi Steve, thank you, I uninstalled pfBlocker and now it runs better. But there are also some killed services from time to time. I now ordered a new APU board with 2GB RAM, a faster CPU and a 16 GB SSD. Then I should have enough memory and the possibility to swap on the disk. Thank you for your support, Regards

@zohaib where you able to resolve the issue? Having the same problem.

Sorry to pile on, but I'm looking at the same problem.  I want a SPAN port, mirrored off my DMZ port, but I am unable to create the SPAN because it wont let me bridge a single port(DMZ).  Is there a better way to accomplish this? I'm thinking I might tinker with the vSwitch and this pfsense is running on ESXi, but I would like to understand how/if pfsense can SPAN a single port not a bridge.  Thanks.