@jimp: It may seem safe, but those are the most dangerous things. We can't just add them without proper testing. It may be harmless, but the fact is, we don't know. As unlikely as it seems, there is hardware out there that barfs on the most seemingly innocuous of options in certain cases. Not typical off-the-shelf stuff, but specialized/embedded hardware. I have seen so many machines with boot broken by VESA/kernel modesetting on Linux that I'd be amazed if this did not break anything. And, those are normal desktop machines, not even embedded HW that gets easily upset by a whole lot less than this. On a FreeBSD note, read e.g. this: http://lists.freebsd.org/pipermail/freebsd-bugs/2012-November/050688.html This stuff is definitely not safe to mess with without proper testing, not to mention that most people just don't use this at all on a firewall.

Are you testing it from outside of your network, or inside? relayd uses NAT, so accessing it from the inside may not work as you expect. Either that, or the virtual server isn't set to use the correct IP address.

Yes, if it is physical, then 2 pfSense boxes with the WAN ports connected together in a subnet of your choosing - I guess you can even use a crossover cable and make each one the gateway for the other, or connect to a switch in the middle. That obviously won't test the real routability/connectivity issues in real life for getting the VPN to connect, but it will test that the security settings, certificates… are correct at each end.

I can't help but wonder, do you have the modems set as routers as well?  Are they capable of bridge mode?  Something looks very strange here.

You are right. After 5 days of fighting with this I made this small typo :) Now it is working like a charm. So for people having same issue with cisco SLM20XX you should upgrade firmware to 1.0.6.2 for VLAN working (and set correct netmask ;)) wallabybob and NOYB I really appreciate your help. Thank you.

Hmmm. I still ave 2.0.1… Mostly because I have heard multiple complaints of people with PC installs like mine. I have several 2.1 setups in Alix boards which running smoothly. I will upgrade to 2.1, unless you advice not to (my setup is a PC with a Celeron Pentium 4 and 3 IntelPro NICs). Best regards Kostas

I think we really need to know if there is anything between the internet and pfsense like another DHCP server before we can say its pfsense.  PFsense excells at making tons of connections.  I doubt seriously a state limit is pfsense's fault.

BANG ON! darn it. What a waste of time. The pass from NameCheap portal was suffixing a white space. It seems like all the code update I did is waste now :( Thanks a lot though everyone!

Set System > Firmware > Update Settings to either Stable or Developmental firmware. I would set it to developmental having learned my lesson of seeing broken features in stable versions but working in developmental version - many vouch for dev version to be stable in production.

browsershots.org doesn't like that site either. Ends up stopped at  can not load krungsri.com/robots.txt Totally not a pfsense issue.

@torontob: In production is the FW-7541 as reliable as Alix? I have Alix that have been running 24/7 for the past 4-5 years without any issues. Well they haven't existed quite that long so I can't really say. :-) They do quite well from what I've heard. Lots of customers have them and they're happy…

@tim.mcmanus: Try installing 2.1.  There is broader chipset support in it. I've tried 2.1 RC0 without success. Just so you don't misinterpret me - pfSense has worked flawlessly since April - and only now started acting up. Or maybe it's my NIC. Anyway, I ordered a new one and hope it'll help.

yes. It shows up there.

Off the top of my head, I believe this can be done with PFsense and the BandwidthD package.  Others can chime in on a more polished package if one exists. If you're looking for something that installs on the PC, I'd say Google your needs… e.g. "free bandwidth monitor", "free traffic monitor", etc.... there's a bunch of them out there... none that I've tried unfortunately.

Well - Like I said, the effectiveness of this will also depend on you getting things like "ultrasurf" off your network. I did have a little conversation with some very smart people on that subject here: http://forum.pfsense.org/index.php/topic,64432.msg349171.html#msg349171 Pay special attention to one post by phil.davis and how he handles port 53 with this solution. Basically, you want to only allow access to port 53 to your pfsense box and the DNS servers at dyndns from the LAN. You can set up your DYNdns filters at https://account.dyn.com/labs/dyn-internet-guide/              (log in to dyndns first) Then click defense plan or default defense.  Modify it to block whatever you need blocked in the office) You will need to also set up your dynamic DNS service in pfsense so that dyndns always knows your network's IP. Then follow instruction I gave in the thread above.

Thank You to the suggestoins made to the syslog problem. After looking a second time,,I noticed this time in the syslog it was showing something about" kernel/boot was a binary files".( one line of logging) I done a "Clear log" as suggested. This got rid of 'the binary file ' thing',,and system log is working again now. This machine actually panic rebooted ,again last night ,overnight,,,drove to the remote location where this pfSense machine resides to find one of the  case cooling fans had quit and the second case fan is barley turning so,,I'm sure it is overheating,,,not an pfSense/OS problem at all. Take Care, Barry

I think its smarter to put an extra NIC card in the pfsense so that you have WAN  (assigned by ISP DHCP)  Plugged directly into modem LAN (for you)        -  10.15.20.0/24 OPT (for visitors)  -  10.15.21.0/24 Then plug an AP into OPT1 port for visitors.  Bind Captive portal to OPT1 If the AP gets a STATIC IP on the OPT1, you can allow just that 1 IP to LAN net (10.15.20.0/24) in Firewall Rules.  Then: In firewall rules for interface OPT1 block any with DESTINATION LAN net  (10.15.20.0/24)  (Before the pass everything rule) The AP interface should be available to you.