Problem is P2P uses a LOT of connections, and pfSense only sees IPs, unless you do some Layer7 inspection. So you wouldn't know if they were downloading linux distro's, WoW patches or movies or whatever uses BT these days. But yeah, you can log all the connections. Just enable logging on the outgoing pass rules, and send it to a syslog server. You can do whatever you want with the logs from there. It is going to be a LOT of information though…

The best varies from one environment to another, as requirements vary. L2TP is a tunneling solution only in 2.0 currently, not the L2TP+IPsec VPN option. PPTP is generally undesirable because GRE has trouble getting through many NAT devices, and can't work at all with some ISPs, where we usually see that is with 3G providers who assign private IPs to customers and NAT their traffic, they frequently do not NAT GRE at all and hence PPTP can't function. That's very common in Canada and Australia, and probably elsewhere in the world though I haven't personally seen or heard of it in the US and Europe. PPTP is also the least secure option. In general, I prefer OpenVPN because it causes the least grief on the client side (it's userland based so it won't blue screen your PCs), it causes the least grief with firewalls and/or NAT the clients are behind, it offers the most flexibility for routing, NAT and any other advanced tricks you may need to accomplish, and it works flawlessly (not that the other options don't, they do aside from issues inherent in the protocols being used). There is a more comprehensive discussion of this topic in the pfSense book, in the VPN chapter, section "Choosing a VPN solution for your environment", that covers things in much more depth.

Yes, it had the pfSense router address as source…  :o Well, I'll keep an eye on it and post here if I have some new info...

@jimp: So yes, it can work, but it's likely going to be slow (even far, FAR more so with Untangle) there, I fixed it.  ;) You can hack the sysctls to disable filtering entirely for if_bridge which will make it pretty quick, not nearly as quick as a switch though, you're going to be limited by the PCI bus using a standard PC. If you don't care about getting a lot of throughput between the hosts it won't matter.

Scratch that its just come back to life lol. Probably just a huge amount of lag on it to be honest, no wonder its on the Live CD at the moment, but the main core will have loaded into memory so not to worry. Will try that tip you suggested if the same error occurs when I try to write the configs to the hard drive, so happy its working again lol. Thanks for your help, Jeremy.

Fixed, I just decided to use static IP.  ;D

Sounds a lot like the expected symptoms of IPv6 'brokeness'  ::) Steve

snmp shouldn't hurt too much, especially if you're just grabbing a few stats off the box.

Freeradius appears not to be a working option. @jimp: I don't think anyone got around to finishing FreeRADIUS up to work on ALIX. It needs a fair amount of disk space in /var/ (a ram disk) to write its database and I think as it is it would be lost at reboot even if it did work. So it looks like freeradius is not a option. - Does anyone have any ideas for a simple solution to provide just a handfull of users a data quota ?  If not pfsene, a similar type app/distro.  Or even a comercial box.

@jimp: Did you read the message under the setting? The setting is gone because it is no longer needed; The directions you are following are outdated. Filtering happens on all bridge interfaces automatically now, so essentially the setting is checked all the time. The message was left there to avoid questions like this, it's fairly self-explanatory… Thanks!

1.2.3 is the current version of pfSense.  This is very likely a bug which was fixed.

Yes of course it has. It is "always on". Because if you shutdown correctly it will not power on again if power fails and then comes back… bec the electricity is not fully away cause of the UPS. greetz

Well, don't know much about the product/installation, just trying to make our FW admin "see the light" after having his mighty ASA cluster going havoc many times… Thanks a lot!

Looks like that error just means that packets were received out of order. Could be from a lossy WAN connection or some other kind of problem with the connection between where the client are server reside. The interrupted system call could be an issue with the router at the client site, but it's hard to say. Google shows lots of hits on that exact error that may be enlightening.

Incase someone asks why am I doing this and not <something else="">, it is because I am trying something and I finished it, only this last step remains, sending Access-Accept packet.</something>

Great program!  ;D Fascinating results. Takes a while though. Googles DNS no where near the quickest for me, however it's not surprising they seemed quicker to me as my ISPs DNS servers are returning hundreds of errors!  ::) Steve

OOh thanks I miss that point, it's very closed but I cannot see. Thank alot I will try. @SeventhSon: Couldn't you use Reauthentication every minute? Then you don't have to send anything, pfSense will check if the user still has access, otherwise disconnect the user.