Forked from here: https://forum.netgate.com/topic/92318/pfsense-active-directory-admin-authentication-via-radius/12

Where are you seeing this throughput? Steve

@stephenw10 Hi Steve, I shall try that! Thank you

Consider this a low priority bug. pfSense has a menu item in the status menu : Package logging. And guess what, I didn't find yet one package that logs its output over there. Worse : huge loggers like FreeRadius log in the "main" pfSense log file "system", or, I really think it shouldn't. Why I'm talking about this ? Because you would have seen that your cron didn't work ... because not logs ... Every major OS these days have a cron.log. But glad it worked out for you.

I'm doing this in a real (real) way, in a company. This company had problems of intrusion (violation) through a CRM server (data shared inside and outside the company) I mounted a virtual environment, added a firewall (PFSENSE) those servers that have external access. This would be my DMZ, soon after the firewall (already existing in the AKER company) and wanted to bar all external accesses from that line forward. I have already written the part of the article academically. Now my difficulty is to demonstrate what I have done and what will happen to improvements from the implementation of this DMZ

That works! I had tried it that way previously, a few years ago, without luck. It now seems to work. Thank you!

@dranick You are probably referring to Cisco open-sourcing Vector Packet Processing (VPP) which is a fundamental part of a Netgate product called TNSR which is a completely different code base from pfSense. OpenVPN works. Maybe you should concentrate on asking some questions there, watching the OpenVPN hangouts, reading the pfSense book's OpenVPN section, etc. There is no functional difference in OpenVPN on Community Edition on a VM and factory on an XG-1537.

i had try do that before, now i have upgrade PF 2.4.3 to 2.4.4, but i can't open lan gateway webGUI, i can ping gateway ip and network work, why i can't open webGUI. i need waiting for fix this and then try setup MTU again.

It should see the USB image as bootable if you have UEFI enbabled. That looks like a regression though. Thanks for reporting. Steve

I made the change for the zfs arc cache in loader.conf and then rebooted. The memory is back down to normal and no swap usage as expected. Hopefully that will solve it for good. I'll keep an eye on it.

I have walked back some changes but I thought I would now change the ENTIRE hardware platform. New... An ASUS Prime A320M-K Motherboard. Together with the 2200 CPU is cheap and it comes with a whisper quit fan and heatsink glue already applied so you just need to be careful screwing the fan to the motherboard - and of course take care inserting the CPU. Not to mention it has VGA which is perfect for a router appliance. Also has serial port, but I don't expect to need it. So this motherboard has a Realtek ethernet port onboard I also use an Intel 1000 card in a PCI slot for the WAN. BSD/pfsense has booted and installed correctly to my observations. But why do I still get this message... ? code ```Sep 6 19:38:24 pfsense kernel: arpresolve: can't allocate llinfo for 99.2xx.xxx.1 on em0

Our network is big and has lots of ip address, such as departments, servers, printers and etc. I would like to have a separator to differentiate them like we do in firewall rules so that I can easily find and see ok from this ip address to that address are for instance accounting department and etc. It would be nice to have it in the next pfSense release.

You're welcome. Just want to also prompt you to go over it once more since I've done several edits. Generally it should all be very much alike several guides out there for pfSense + Private Internet Access, under the context of forcing specific clients to use the VPN and fail all Internet access if it's down (implement both the VPN tunnel, and the VPN Kill Switch, at the router level). Good luck!

You could use Captive Portal for that I guess, but most people would use the squid proxy for something like that. I think the user permissions are probably the wrong tree to be barking up.

@stephenw10 Thank you Stephen. Ok, Sure. Lokesh Kamath.

Hi, Do you know what the process is for installing this manually?

You have a dhcpd running!! Find it... Run dhcpdump or sniff for the traffic.. Pfsense can do a packet capture on its lan and you will see the broadcast traffic.. And your cable modem is on a different layer 2.. Is it not??? Do you have your cable modem connected to your switch? Normally you would set your infrastructure devices to be static IP.

I ended up going with a ebay used dell/hp sff i7 4770 with pcie. It will replace a n54l which is struggling already with pfblockerng (large list), snort (alerts only) etc using 8gb ram out of 16. I already have dual and quad intel nics ready to go in. vpn to connect to firewall. multiple vpn points of presence to accommodate gamers and streamers. snort and one day suricata. 1/3 the price of a appliance for me and way more powerful, cheap easy to replace.

As that is not a typical deployment, there isn't any way to know that without trying. Probably could be done with minimal RAM (512MB or probably less, but I wouldn't go lower than 256+swap), no reason to skimp on disk space, standard there is ~20GB for a VM. Again, may by able to get by with less but not much reason to these days. Single CPU core would do fine.