@limecat: More serious, there appears to be a bug– pfSense does not want to bind with credentials. I went into iRedmail's LDAP config, and enabled anonymous bind, and all of a sudden it was able to bind no problem. How do I open a bug for this? Check pfsense's bugtracker http://redmine.pfsense.org/projects/pfsense/issues?set_filter=1

Solved! Yesterday, in desperation for an answer, I swapped the hard drive with the pfSense install on it out for another and installed Arch Linux on the machine. It took a couple of hours, but I was able to get Arch set up so that it would do exactly what I had pfSense set up for (WAN on em0, LAN on LAGG0 (em[123]), OPT1 on VLAN1 on LAGG0, and OPT2 on VLAN2 on LAGG0). Rerunning IPerf on the same pair of old and crufty workstations got exactly the same performance figures, approximately 228 Mb/s. I boggled for a minute then realised the problem was either the hardware on the pfSense box (maybe the LAGG and VLAN configuration scared up a bug) or the workstation's NICs (as limecat suggested). I plugged my fairly new laptop into a port that would use OPT1 on the pfSense box and reran IPerf to a machine on the other side of the WAN port (ie. NAT was involved). Got about 928 Mb/s. So the workstations were at fault! This is a huge relief. pfSense makes for an easier solution, than building a Linux router, to most of the problems I'm running up against (inter-subnet routing speed, web caching, traffic shaping, prioritising video-conferencing traffic).

Fixed it. Yes, rebooting after mirror rebuild didn't help. Copied an old backup of the config and that fixed it.

1.  Call and verify they have the right cable modem mac address for your account. 2. Verify that when you plug your ethernet cable into the ports that they light up indicating connection. 3. Verify on your WAN page that you are set for DHCP. 4. Verify on the "Status/Services" page that the DHCP service is in deed running. 5. Start the modem first and then power up your pfSense box after the modem finishes syncing. If you change devices on the modem you must power it down and restart it.

Same problem - webui keeps hanging… I found killing all of lighthttpd and php processes off fixes it.  I'll dig further the next time it stops responding... Not hard to make it happen, just use the UI. Soekris Net6501-50 with a regular 5400rpm SATA drive.

guessing your made it png vs php because you can not upload php?  took me a second to figure out what you did ;)  Like what how am I suppose to compare code with a png?  Then the light went on ;) heheh Looks nice - thanks!

Check the gateway status widget and the gateway status page. You could lift some code from there for your script.

Can you login with that same user without a key? (just password?) Does the user actually have shell permissions assigned?

It always runs fsck automatically after an unclean shutdown. It says r/w mount denied, so then it runs fsck to fix the problem with the filesystem, and once it's cleaned up then it mounts the drive normally. If that automated process doesn't work, then it's possible the drive was corrupted more than usual by the power loss. If it's that bad, then it could possible take a few fsck runs (boot to single user mode) to fix up all the way.

@cpartsenidis: The reason for this is because I want to create a backend program that will automatically update the user database to allow new users access the Internet, without it requiring someone to manually enter this information via the Captive portal user management. Rather than messing with pfsense's local db, you could authenticate CP users against a RADIUS server and have your back-end program update its db. Also, is it possible to program the captive portal to accept a pin number, instead of a username/password? Check the vouchers function in CP.

Scroll down to the very bottom of the page, is there a PHP error at the bottom of the screen?

Hi, im using pfSense 2.0 + siproxd since Dec 2010 ( pfSense 2.0 Beta5 ) in a Test enviroment and it work fine, at least for my needs. My network topology is: WAN1 –           |--[ pfSense + siproxd ]–--- LAN  --> [ MT PPPoE Server ] –> [ Wireless AP ]    <– -->  [ Wireless CPE ] –->  [ ATA ] ( SPA2102 ) WAN2 –                        |                                     ------> [ SoftSwitch ]–> PSTN

@Alf: I have a completly different question now. We have plugged everything up and everythins is running smooth. The internet connection is constantly maxed at 100Mbit/sec. The only problem is that we cant connect to any games using Battle.net. Do you have any idea what it can be? We have all ports open, nothing is blocked and no traffic shaper. When we try to connect to WoW we're only getting instantly disconnected. WTF? Edit: there is like one constantly playing WoW, everyone else cant connect You need to forward ports per client for battlenet.  i.e.  6112 on wan to client 1, 6113 to client 2, 6114 to client 3 etc. This is why it is important to assign static LAN IPs for each client.  You then notify each user as to the port they need to setup the bnet client for (default 6112). IIRC, there is a limitation of 6 hosts per IP (WAN) for battlenet (at least for WC3/ Dota this holds true).  You must setup the NAT so that each group of clients goes out a certain WAN IP for Bnet.  This is best done with Manual Advance Outbound NAT (AoN). i.e.  You allocate 6112 to 6127 per table (with each client using one of the ports). Then under AoN, you set the NAT so that ports 6112:6127 for 10.0.1.X (table 1) are mapped to one of the WAN gateways, 6112:6127 for 10.0.2.X (table 2) for another WAN gateway so on and so forth.  Make these static ports. This does not negate the 6 hosts per IP limitations but you shouldn't be having that many hosts on bnet to begin with.  For regular WoW access, this should not be an issue so long as all the clients have unique ports.

Advice taken. After I change to port 5080 everything worked. To this day I have no idea why port 5060 did not worked. I do have to many layers of security that could of have cause the issues. IDS+pfsense+ipblock.

Advanced\misc settings and just toggle it on.  It made a huge difference on some of our platforms. @pf2.0nyc: just spent 2 hours searching through older posts - I'm not sure I follow with what powerd is and how to enable/disable it, etc. Is there a tutorial somewhere? thx.

You cannot sync squid settings or cache between the 2. You can setup squid on both. You will just need to configure them on both sides. The service will always be running on the backup node, it just won't have the cache until it starts being used. Yes, I would start there as well then worry about the extra 1 IP you have. If you can get your services moved over or DNS changed out, then there will eventually be no need for the your singe IP address.