I use CARP VIPs for 2 reasons. It is better than ProxyARP in some ways, and in the future, I can setup clustering without have to redo IP alias or ProxyARP. If you are never going to cluster, then IP alias VIPs would be the way to go IMO. Once you have the VIP setup, then you can setup NAT and the rules. There is 1:1 NAT or port mapping. port mapping allows for potentially more internal servers as you can put different ports on different servers. There is a book and a document repo that you can use to help you with the setup.

Thanks wallabybob and stephenw10. The issue is resolved by updating the following in System Tunables: Change net.link.bridge.pfil_member to 0 Change net.link.bridge.pfil_bridge to 1 It would seem if I didn't change these, I'd need to set up rules to allow LAN "subnet" to access WLAN "subnet" and vice versa? Both interfaces are set as "None" and they both are essentially on the same subnet. I think I did set up such rule for WLAN interface to access LAN but that didn't work. I'm just curious if there's a way to get this to work if I choose to keep bridge filtering.

Yes, the entire crash report is needed, or at least the first bit. Actually if you submitted the crash report in the GUI, and if you let me know your IP and the approximate time of the crash I can pull the crash report data from our servers and look at it directly.

The first thing you need to check is if your switches support 802.1Q or Vlan Trunking/Tagging. If they don't support that you can't use vlans for your setup. You can also check if your NIC on pfsense supports 802.1Q. If it does and your switch supports is as well, then you could move into planning on how to set it up. The security vulnerability with Voip on the same network as computers is that someone could eavesdrop on the phonecalls if they are connected to the same network. It won't affect your hardware.

Thanks for your information. :D

Thanks for the update. Hopefully someone w/ some weight will see the requests and think twice before making the app off limits to the Masses. Or al least miss out on all the beta testing help. Moxie…...78-)

Probably. It depends on what type of VPN your server is using. http://doc.pfsense.org/index.php/VPN_Capability_Overview Steve

What type of link is there between your pfSense box: DHCP? PPPoE? something else? It is possible you will need to change the authentication information related to the WAN link in your pfSense box. Do you know the IP address on which to access the web GUI of the pfSense box? Do you know the userID and password to login there?

I'm now getting hit with this every 5th minute in my inbox: Traceback (most recent call last):   File "/usr/local/bin/graph.py", line 480, in <module>GenerateInterfaceGraph()   File "/usr/local/bin/graph.py", line 135, in GenerateInterfaceGraph     'GPRINT:global_tot_tx:ca. %5.1lf%s Total\l' rrdtool.error: Could not save png to '/tmp/graph/if-[myNIChere]-1h.png'</module> I'm starting to lean towards a backup and then a fresh reinstall. Thoughts?

have a look at ntop

I just tried your programs(writeio and readio) and they are great :) I used a multimeter to verify that the port did output 50 mA when I set a pin to 1 and it seems to work. I tried my program as well and it worked :) Can't understand why it works when you compile it, but I am happy it does :P I received the equipment I've been waiting for today, so now I will start to build the circuit to control my power strip. Thank you for all the help you have given me! //Matumbo

Please describe the behaviour. Does it continue to update, giving new values even after the connection is down? Or is it that the widget becomes 'stuck', still showing as online and failing to update? Steve

No problem, glad you got up and running. Don't know how much help I was in the end.  ::) Steve

So I see from title of your config that your on udp 1194 (default for openvpn)  But is this port open from where your at?  Is it open to your pfsense box running openvpn..  You sure your not behind a double nat? I access my pfsense box from pretty anywhere, but I have changed mine to listen on tcp 443 (ssl port)  Which normally no matter where your at if they have internet access would be open. Are you behind a proxy where you at?  This can also be an issue - pfsense does allow bouncing off a proxy.  But the client has to be configured for that. When you say you copied and pasted the config?  Do you mean you used the export package?  What did you export to your client? If your not seeing anything in that box I would have to think that there is something wrong with the install on the client machine of the openvpn client.

@root2020: I have been tasked to find a system on a LAN that is attacking an email server on the Internet. I am going to install a pfsense firewall on the LAN this coming week. What would be the best course of action to find this box from pfsense. Their ISP has already sent them a cease and desist and if this is not taken care of, they will shut the company's Internet off. Any help would be great You might want to find out 'how' the server is being attacked.  Is it spam mail or DoS?  That will help you nail the culprit(s) down rather quickly with a proper firewall in place (pfSense or otherwise).

Some possibilities: 1. FreeBSD can't find a disk ad6 2. FreeBSD can't find a UFS formatted disk ad6s1 (slice 1 on ad6) 3. You have hit a bug in the FreeBSD startup code that stops it recognizing a disk with a unit number "too high". Some actions you could take: 1. At the mountroot> prompt follow the suggestion and type a question mark to see what disks are available. (Perhaps your disk has moved to another device number (e.g. 4) because you changed some BIOS option(s) or moved the connector from motherboard to disk.) If the system reports a disk adxs1a then follow the directions to mount it and then edit /etc/fstab to correct the location of the root file system. 2. Move the hard drive to a connector with a lower unit number, preferably in the range 0 to 3 (inclusive). You will likely still get a mountroot error because /etc/fstab will probably point to the wrong location of the root file system. Correct as described immediately above. If this is too complicated it would help to provide the output from the ? response to the mountroot> prompt and the startup output so we can what disks are actually detected on startup.