You make an interesting argument - and I'm not saying you're wrong. It is not only an argument, this is more pending on the circumstance that this both IDS systems are doing not the same thing!!! One is watching and sniffing in the network or the network traffic it self and the other one is watching on the host OS of an Server, PC or other devices watching their registry, file system or other elementary or urgent points in that OS. However, your definition of a "router" vs a "server" seems at odds. What here should be better matching is perhaps something such as TripWire or something else similar to that but not a Host IDS (HIDS). One thing is OS related and the other one is network related or pointed. The Server has an OS that is perhaps hardened the firewall or router OS (firmware) must be hardened. For example: what is the difference between a pfSense device running an OpenSSH endpoint vs a server running the same thing? pfSense is a firewall distribution (but here working likes a firmware of an network device) and let us say CentOS & SoftEtherVPN are an OS & Software. Their fore what you are asking for should be matching more well this software or perhaps able to realize combined installed on an appliance; fail2ban DenyHost TripWire How do you make the judgement in this case as to which device warrants an OSSEC agent? Its not me, you should perhaps read the statements and jobs that the software coder where telling their clients and perhaps too you could read about the differences NIDS and HIDS. OSSec getting started

Btw. my PPPoE IP starts with 79 and the GW starts with 217. Might this be the reason Edit: Just got an IP from the 217 subnet so, this is not the reason. Also I can't ping the GW at all when I'm not connected to a VPN. Any further help ?

Thanks again for the replies everyone. I'm learning a lot (and reading Mastering pfSense to try to get the best out of it). I'm currently considering upgrading the APU2C4 to a Dell PowerEdge T20 (Xeon E3-1225 v3), which should handle our line speed for VPN easily. The APU handles our 200Mbps ISP speed (no VPN) without even breaking a sweat, just a few % CPU, but it'd be nice to offload the VPN to the router/firewall rather than having multiple locally connected clients at home.

Cool thanks! I stopped it then started it again. Now it seems ok!

Purchased from them via Amazon.ca.  No issues at all.

If you add the suggested firewall rule then you should be able to access the WebGUI from WAN.  If you're already forwarding 80/443 then you can't use it for your WebGUI and expect to get to it.

If your account doesn't have access to the factory images you can use the CE install images on that without any issues. Even if it's got a CF at this point in time I'd use the serial memstick to perform a full install on there. An SSD would be a better fit but that will still work on CF. Primary reason being that NanoBSD is not available on pfSense 2.4 so you'll have a smoother upgrade path now if you make the switch when you're already planning for some downtime.

Hi, Still having this issue.. Has anyone fixed this or is it addressed in a newer release? Currently running: 2.3.2_Release Thanks.

The activity on 2.4 has been drowned out on those graphs by the madness of commits that were necessary to get 2.3 going with the new GUI. 2.3 was a massive undertaking on the frontend of things, 2.4 has been more backend work and cleanup. If you look at  https://redmine.pfsense.org/projects/pfsense/activity there is plenty of activity every day (and that doesn't include the ports or src repos). Plus as we near 2.4-RELEASE things slow down in some areas as we hit a wall of harder bugs that take more time to fix but result in fewer rapid commits. A good chunk of the tickets assigned to 2.4 are in a feedback state waiting for people to respond and confirm the bugs are fixed. As usual some tickets assigned to 2.4 will be pushed forward if they are not going to make it into 2.4 as well. And undoubtedly there are some bugs in the 'new' state that have been addressed or are otherwise invalid but haven't been caught and closed yet. If you want to see the percentage of tickets closed on 2.4 rise, go look at tickets in the feedback state and test them, and respond on the tickets.

Yes the problem was in SSD.I replaced it and know all it's working fine.Thank you very much!

Thanks @JeGr I didn't know about this load-balancer option in pfsense. And you are right about the LAN VIP. :)

nice Brother! hahaha!! i think you made a Super Pfsense Server.  ;D  8)

@PiBa: You would enable that option if you 'need' the client-ip of the actual client for logging/permissions/other and cannot accomplish that by other means like x-forward-for header or proxy-protocol. Its certainly usefull, but causes some trouble as well.. (there is a warning message with it for a reason ;) ) Ok thank you. Everything is setup now the way we want it. Just a new cloud infrastructure coming as well. Then back to my usual programming day job ;) Thanks again for your help :)

Hi. @yahav02: hi javcasta this script work on https web site ? thenks It is not my script. You must go to the source: How To Block File Uploads Using Squid ACL’s http://nanlyx.blogspot.ie/2013/04/how-to-block-file-uploads-using-squid.html Regards