@mbrossar: I want to set up a central CA that signs for a set of Intermediate Certificate Authorities (ICAs). @mbrossar: My CA should not sign individual certificates.  It should only vouch for my ICAs. @mbrossar: All of my certificates are signed by an appropriate ICA. @mbrossar: I have a few sites that I am working on connecting via site to site VPNs using pfSense boxes.  I am thinking about leveraging the CA functionality within pfSense.  My question is, can I create an ICA on a site that refers to a CA that's on another site, at the end of a tunnel or does an ICA need to be on the same box as its CA?

Yep, this is the wrong section. A non pfSense related question should be in General Discussion. You haven't given the exact model number but it looks like the only way to reset the switch is to upload the factory firmware from the bootloader prompt at the serial console. Good luck!  ;) Steve

cant find exact wireless chipset compatible available on the pfsense wireless supported drivers how about this one. http://www.cdrking.com/index.php?mod=products&type=view&sid=10540&main=50#.U7DLqZSSxfg  ralink rt3060 thanks

@sollostech: Has anyone made or thought of working on a responsive theme for pfSense? Would be delicious to have an easy way to manage from my iPhone. Hello sollostech, Did you try the "pfsense" theme? I don't use an iphone but that works for other models.

https://forum.pfsense.org/index.php?topic=44941.0

Has any of the developers taken a look at this since the source is available?

Look in the system log for any miniupnpd-related entries. In the console, do "ps auxww | grep miniupnpd". If no miniupnpd process is found, do "/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid -d" and see what it says.

Just be careful when you "extend" your subnet. If you forward broadcasts across the, then devices from one datacenter may pick-up an IP and use the gateway from the other datacenter. You'll probably not want to allow broadcasts, which can cause issues with some services, or limit each datacenter on which devices get an IP address from the relative local DHCP. I do not have experience in this area, so maybe someone else could add more to this, but I know this could be a real issue.

I'm assuming this is a full install and not nano. Putting aside the issue of a possible memory leak, you generally make swap permanent by adding it to /etc/fstab. Something like: #/dev/label/swap0              none            swap    sw              0      0 Ref. https://www.freebsd.org/doc/handbook/adding-swap-space.html To increase the size of the swap you will need to repartition the disk or create a "swap file" (see link above) and add it to fstab as above. But… I don't think that's the problem. You should not be running out of RAM (and IMHO not even swapping at all). Other than the ICAP errors, what are you seeing that leads you to suspect the memory? Are there memory related errors in Status: System logs: General?  (i.e. out of swap space, memory exhausted, unable to create, etc.) In your situation,  I'd recommend looking for the source of the ICAP errors first.

Probably is that old option in postfix that I mentioned in the other linked thread. It tries to change system.inc in a very dangerous way. The package maintainer will need to fix it, so you'll want to make a post in the Packages board to get their attention.

Hmm, odd. It worked fine before though? Anything vge related in the system or boot logs? Steve

@Nightfrost: –UPDATE-- So, after some worsening packet loss, and longer downtime periods, I decided to contact Verizon.  They are blaming poor cable installations between the ONT and my router.  I've already re-terminated one end, but I'm not too convinced that the chord would causes such an issue.  If the chord was damaged, i'm pretty sure I'd be experiencing other issues.  Also, I decided to pick up an Intel NIC to replace the PoS Realtek one. Have you tried temporarily replacing the pfsense router with the old verzion router and seeing of you still have latency problems?  Could be useful as a way to rule out ISP/ONT/cabling issues.

I'm faulty as you  :P

WOOOOOOOOOOOOOT finally got it! So I must have had a typo the first go around. Here was the solution: /etc/rc.conf_mount_rw    # Set file system temporarily to read write setenv "TMPDIR" "/root"    # Set the environment variable so pkg_add uses a location with enough space setenv "PKG_TMPDIR" "/root"    # Set the environment variable so pkg_add uses a location with enough space pkg_add -r -v ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/openjdk7.tbz    # Fetch openjdk7 rehash    # Updates executables available in path java -version    # Tests whether JAVA is working Thank you all for your help

The gateway address seems to be a private IP, is it conflicting with the LAN subnet? Steve

No that there is anything much to see/change, but the settings for the monitor types are on the Monitor tab in the Load Balancer settings. It sends a ping once per second, I don't believe there is a way to tweak that.

It's expected. The older version is used by some base OS components, but it does contain patches to correct the vulnerabilities.

Yes I am. I found the problem. I had an OpenVPN server configured for incoming traffic and ended up with equal cost routes for the same subnet via each tunnel! You live and learn…. Thanks

Switch off your modem for a while then try again. See here

This has been resolved. Squid cache was corrupting the downloads and it was coming from Windows Updates. Setup WSUS server to correct this, little annoying how it can't tell you what the source IP address is.  :(