Yeah that's OpenVPN prompting for a password. I was able to half-duplicate that using an auth-user-pass /root/openvpn.pass option with the file only including a username. Looked a little different (newline before Enter Auth Password:) only specifying a username in the GUI. Neither of those hung there on 2.3.2_1 but it's easy to think that older versions might have behaved differently (waiting there for input) in the same circumstance. So fix your OpenVPN Client Auth and you should be good.

OK got it all working…still not sure what it was. I reinstall Pfsense and factory reset my switch redid everything and seems to work. Might have been also a problem the laptop adaptor I was connecting to the switch, one person mentioned that, so I tried my desktop and it work. All is good now. Thanks guys for all your help. :D

haha and this is not freepbx forums. PFsense router is working great! lmfao

Sorry I spelled rule wrong on the topic.

Draw a schematic, wording descriptions don't help here.

So my best option is to use user name authentication instead of Mac or buy expensive cisco switch and do port isolation putting user mac in their own little vlan.

sounds like pwnage - someone prolly got logins to your box do you use a remote log server to see if there's any suspicious activity?  If they have your logins then local logs will be useless unless they were sloppy.

How many ms are you you talking..  Are you saying your having clients/apps timeout trying to resolve something that you do no have locally cached.  I really find that unlikely.. I think its all in your head.. Oh how come that took 12 ms, its should be 10 sort of thing..

I'm not quite sure I understand the question, I'm guessing the apache server will be connected after the pfsense. Like: client->wifi(router)->pfsense->apache server For now I can't test this setup since I don't have a second ethernet interface. Is there a way of using the internal wireless interface of the laptop to connect to the server? (Just for testing purposes) I tried a server under the same wifi like: client,apache server->wifi(router)->pfsense with no success and I believe I can see why. (The router is managing the traffic with no intervention of pfsense?) Essentially what I'm trying to do right now is turn the router into an access point and connect it to the pfsense laptop but I think I didn't quite manage that. For some odd reason the portal works with 192.168.1.4 but there is no machine using that ip. (btw vouchers are working perfectly) Shouldn't the firewall redirect me to the captive portal even if it didn't have internet access after I enter a www.example.com url in the browser? The ip's that I see from the logs are: Pfsense: 192.168.1.1 Router: 192.168.1.2 Client1: 192.168.1.21 Client2: 192.168.1.103 (or server if I try to enable apache as in the above scenario) I had seen the video and that's exactly my configuration in webconfigurator +dhcp server and DNS resolver enabled. Btw I had no success by connecting a client directly to the pfsense through a cable.

"but I'm confused on why the source field can be anything other than an address on that interface." Your confused to why the drop down lists other pfsense interfaces?  Or you don't understand how you could have downstream networks where this interface on pfsense is the transit network? Have you tried programming dropdown lists to filter out all the other interfaces?  When the dropdown is will be used by all the interfaces? ;)  So you want it to not show you opt2 network, because your on opt1 interface? [image: dropdown.png] [image: dropdown.png_thumb]

Not sure why you think you need to whitelist domains. Why not just protocols just log?  Keep an eye on the traffic.  Once you watch them for a while and where they go, then you can lock down to netblocks if you want, etc.

Hi! The only requirement would be to reassign the interfaces. What do you do when they are not an exact match? My pfSense box is behaving very erratically (my guess is bad caps on the motherboard) and I tried to, temporarily, setup a new box… Unfortunately even though both machines were more or less from the same era (Atom 330) they had different slots (PCIe vs PCI) and my real pfSense box had a mini-PCIe wireless NIC (Atheros based). They also had different onboard NICs... My real box has a PCIe Intel I340-T4 quad NIC and in the temporary replacement box I decided to reuse the old PCI Intel 21143 quad NIC I used in my previous non-pfSense based firewall. The onboard NIC was not used in my real pfSense box so I assigned it to the onboard NIC of the new machine. My WAN, LAN and DMZ which were provided by my I340-T4 were easy to match to to equivalent ports on the Intel 21143 based NIC... The last port on the I340-T4 I was no longer using. I used to use it to connect a wireless access point. The onboard mini-PCIe wifi card I could not match to anything... I am not sure if I was immediately able to delete it so it is possible I temporarily assigned to another port, I am not sure... Once everything was done I deleted the unused onboard NIC (which I had created anyway) and the port assigned to the wifi... What I ended up with was able to connect to the Internet since I was able to ping outside IPs but none of my Internal DNSes were working anymore... I also had this error message (or variants on it): There were error(s) loading the rules: /tmp/rules.debug:85: syntax error - The line in question reads [85]:  altq on  priq queue {  qLink,  qACK,  qVoIP  } I believe this is traffic shapping stuff… Obviously it was quite unhappy about something I had done.... Was it the cause of my internal DNSes not working? I don't know and could not investigate further when I tried this... I had to go back to the unstable box until I have time to try this again... Thank you and have a nice day! Season's Greetings! Nick

@singerie: Any update on netmap-fwd ? https://forum.pfsense.org/index.php?topic=119285.0

Hey BlueKobold, thank you for your suggestions. We also just recieved an answer from the pfSense-Support. But i will answer your Questions as good i can :) @BlueKobold: We use iperf to test the throughput between the firewall and a virtual machine. Are they both in a VM? I mean pfSense and the virtual server? We tried both of them. The virtual firewalls most limited by there amount of cpus and often by the featuresets. After activating TSO and LRO we also reach 5GBit/s with the virtual pfsense. @BlueKobold: If the firewall is the "Server" and the virtual machine is the "client" we only get a throuput about 3GBit/s. In normal you will be getting something between 2 GBit/s and 3 GBit/s as throughput in real life, from a 10 GBit/s link. Yes, of course we are talking about a theoretical throughput, but i would expect a similar throughput in both sides of communication, right? @BlueKobold: If we send from the firewall to the virtual machine we reach a throughput about 8/9 GBit/s. Perhaps the virtual machine is able to write the data faster then the pfSense, because there are a RAID in or more RAM that is acting as buffer for the packets, might this be? We never send a real amount of data over the cable :) with iperf you send an amount of packets with embedded timestamps and sequence numbers. With this content iperf calculates his statistics. @BlueKobold: It does not matter if it is a virtual or a hardware pfSense. It does for sure! How many cpu cores are given to the pfSense machine? See my answer above. Of course it matters, because of the amount of cpu - i had to be more specific i think ;) I mean, it does not matter with the strange behavior of different throughput. But as i said before, when the firewall sends his packets, it expect an ACK after everyone, the vm does not. So we activate TSO and now the firewall dont expect that anymore - just TSO @BlueKobold: We just activate TSO and LRO on the pfsense. Tunings can be often helping much more then we all would expect from! high up the mbuf size shorten down the NIC queues to 4 till 6 and other options or tunings might be helping also, please give them a try out, single or together! Anyone an idea or some experience with that features on a pfsense? Tuning and Troubleshooting Network Cards I checked that article, everything was okay. Tuning the machine is the first i thought about. Troubleshooting the second ;) BlueKobold, thank you very much for your help.

I'd strongly suggest flashing the thing with DD-WRT/LEDE/OpenWRT if at all possible. The factory firmwares are utter crap.

It's probably a filesystem panic. The site hosting that video is complete shit, serving malvertising trying to get people to install fake antivirus programs. Wipe and reload pfSense, restore the backup.

@viragomann: Check if pfSense has changed the outbound NAT rule to fit to the new subnet if you use automatic rule generation. If you have set it to manually rule gen the rules has to changed by yourself in any case. Thanks for the reply.  I will check it this week and let you know.