I could switch to a 32bit system, but the error doesn't seem to be causing any issues I have been able to detect. I do have a couple of ipsec tunnels to remote offices which I assume the padlock helps with the encryption. However if the error is indicating that the accelerator features is not working, then there isn't much point to it. CPU usages typically never exceeds 1-2% so I may not even need the hardware crypto. Network performance has been impressive with the VIA dual core, with us typically dealing with ~100mbps UP/DOWN. Granted I don't have a huge amount of users, around 30; but being able to do what I need and with a fanless design with tons of processor to spare is pretty neat. I am still running 2.03 and haven't  upgraded to 2.1 yet. Perhaps this will address the fpudna issue. If not, I don't think I am going to worry about it unless there is a pressing reason to. I will report any other HDD issues/errors if they happen. I thank everyone for the help and assistance regarding the matter.

Hi Guys, Thanks, I have actually found that info in documentation. What happens in my situation is that I have 4 public IPs with same IPS gateway. Two public IPs a guarded by pfsense Firewalls and when I go from one network to public IP of other I am reaching webadmin page of that other network like there would be external webadmin access enabled. It is ok however if I check it from completely separate public IP from different IPS. I will check it.

Here is the solution; Step1: stopped squid service Step2 : Find squid.conf file find / -name "squid.conf" Step3 : Should add the following lines in squid.conf file acl bump-bypass dst "ip address" or "/…path.../BumpBypass-IPs.txt" ssl_bump none bump-bypass ssl_bump server-first all Stpe4 : started squid service. Good luck.

The main consideration here is how much traffic you need to firewall. What is your WAN connection speed? If you want to run additional services like web proxy, IDS/IPS or VPN that will increase the hardware requirements. The number of NICs you need deppends on how your network is configured. You will need at least two, for WAN and LAN connections, but more if your internal network has several subnets. Steve

@nothing: Just check "Disable Gateway Monitoring". It's not in your use anyway. Unfortunately it appears that I cannot saturate my upstream completely or these OpenVPN endpoint messages accumulate in the system log, CPU usage peaks and I get a series of check reload status msgs regardless of whether I disable gateway monitoring or disable OpenVPN altogether.  I've even tried to delete and recreate my WAN gateway in case it was a corrupt config. Perhaps a bug as no other significant changes made to my pfsense 2.1 release.

Ok, found the issue. I had the WAN interface set to 192.168.0.150/1 instead of /24. As soon as I changed that, everything started working.

FreeBSD syslogd will to that if you add two -c options on the command line when syslogd is started up.  See: http://www.unix.com/man-page/freebsd/8/syslogd/ for example. My 2.1 is running with that already though: q[2.1-RELEASE][root@pfsense.localdomain]/var/log(14): ps axfw | grep syslogd 62744  ??  Is    0:00.48 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -f /var/etc/syslog.conf

I agree it's sometimes more convenient to bridge interfaces. Depending on your NIC type you may also need this patch: https://forum.pfsense.org/index.php/topic,66908.msg367991.html#msg367991 Steve

Actually, this is still an issue. Applying firewall rules, or almost any update will kill existing connections including my OpenVPN connection to the firewall requiring me to reconnect..

i try edit code like this still ERROR  :( // http://000.000.000.000 // usernamefld  admin // passwordfld  #00000@0# $form_vars = array(); $username = 'admin'; $password = '#00000@0#'; $loginUrl = 'http://172.30.34.254/index.php'; $postUrl='http://172.30.34.254/index.php'; $user_agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"; $form_data= 'login=Login&usernamefld=admin&passwordfld=#00000@0#'; $ckfile = "/tmp/Cookiefile.txt"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $loginUrl); curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile); //curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); // curl_setopt($ch, CURLOPT_COOKIE, "A=01;B=02;C=03"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, 'login=Login&usernamefld=admin&passwordfld=#00000@0#'); //curl_setopt($ch, CURLOPT_POSTFIELDS, $form_data); //curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); //curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); //curl_setopt($ch, CURLOPT_REFERER, $postUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_exec($ch); curl_setopt($ch, CURLOPT_URL, $postUrl); curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile); $store = curl_exec($ch); //curl_exec($ch); echo $store; curl_close($ch); ?> CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies. Debug:

@zlyzwy: Hi all, First, I know this topic has been discussed serveal times, however I just can't find the answer here.. Basically I have a Voip server(Askozia) behind Pfsense(2.1), The clients comes from both intranet and Internet. For the Intranet clients, they are all working fine. For the Internet clients, they just can't connect to Askozia server. The error message shows timeout. What I have tried : 1. Firewall Optimization Options –> Conservative 2. change NAT Outbound to AON, add a rule like : WAN  192.168.1.0/24 5060 * 5060 WAN address * YES Askozia 3. forward ports (5060,10000-10200) to WAN All these settings has been done but it seems no change. Thanks for any reply in advance.. Zlyzwy \ Forward ports to WAN? You dont forward the ports to the WAN. You forward them to your server on the LAN WAN UDP * * * 5060 - 5160 XXX.XXX.XXX.XXX 5060 - 5160 Asterisk PBX Server (SIP) XXX.XXX.XXX.XXX = Server IP on your LAN. The NAT rule should also auto generate an Firewall Rule. The present AON auto generated rules should suffice and you dont need to add more rules.

@stephenw10: Check for anything that appears. The fact that you said the link light comes up briefly suggests it's stuck in a loop. That should generate a repeating log pattern. By what WAN type I meant dhcp, static IP, pppoe etc. Are your nics using the em driver? Steve Okay, did some poking around: WAN type: DHCP on a Cox Cable installation NIC drivers: yes, using the em driver I cleared the logs after the last link loss, so I don't have anything to go off of right now. I will have to check it next time it goes down.