Before we had a proper pkg building system someone must have hand configured the options for the version it pulled, I didn't see anywhere we set them. I pushed a change to fix the options up so it'll come through with the next update. pkg is smart enough to pick up that the options changed and it needs a nudge on the client side.

995kb/s is roughly 10GiB/day. If you want to limit bandwidth, then just use limiters to set to this. If you want to manage volume, then you're talking about data caps, not bandwidth.

Roger that.

It's a mystery. Packet capture I guess. If the SYN is going out with no SYN/ACK in return something upstream is blocking.

The error suggests that a process was unexpectedly killed. Were there no other errors nearby in the logs? The main system log perhaps? Given the choice, I would always pick HAProxy over relayd for any task that HAProxy can handle. The relayd balancer is OK for small/simple things but it's hard to beat the flexibility and reliability of HAProxy.

Thanks, I couldn't fine it.  The frequency of the beeps is somewhat dim for my hearing.  So I changed it to: beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20

A firewall is not a DDoS mitigation device. Some cases can be helped by a firewall, but as has been mentioned, it's a problem best solved upstream or with specialized hardware that is dedicated only to DDoS mitigation.

That's right. I have the luck that my server is in my network next to my pfSense router. That's why I can do it the easy way. My ISP - as many others others - simply block all outgoing connections to 'port 25' (smtp) except their own mail server. Before a couple of months my ISP was also blocking port 25. My solution was to call them and to ask if they would unblock the port and they did.  ;D cheers Kalle

is this possible or am I talking broken biscuits? For my domain users I push out a certificate from the Sonicwall to all domain computers via GPO so I can utilize DPI-SSL. Could I use this certificate on Pfsense Captive Portal so BYOD users have to accept it when they are presented with the CP? This way I could then capture SSL traffic

Many thanks! I found some good videos on youtube. I probably should look more often there. :) https://www.youtube.com/watch?v=xpXhudbsrr8 is a 3h introduction by a Microsoft guy into networking. There also is a (right now) 7-part introduction to pfSense, that is also quite good, though it is a little more of a reference video, going through all web-ui options one by one.

So you have pfsense running on this 2k16 box.  So pfsense wan is the interface that is exposed to the internet right? The setup openvpn on pfsense, vpn in and then you would have access to anything behind pfsense

Excellent. Thank you.

Nov 29 21:31:21 dpinger WAN_DHCP 99.233.16.1: Alarm latency 19857us stddev 24963us loss 22% Dunno, but 20+% packet loss is considered a down connection with dpinger default settings. You are having real issues with your ISP, it's not something that pfSense would be inventing. So yeah, disabling GW monitoring won't help obviously, the packets will still get lost and things won't work.

Thanx Is it correct when LAN-loadbalancing rule is on top, both gateways are used at the same time? The failover rules only starts when laodbalancing failes due to one missing WAN connection? The way I see it there is no way to set one gateway as default, and when that one is "full use", the next gateway takes over? I've set weight on both gateways, but still I switch between both WAN. The reason why I would like WAN1 to be default is because it has lower latency than WAN2. Other than that it works perfect  :)

I don't know how, but now all works fine. All what has been changed - removed swap for increasing / - my / is overfilled (free 1% or 9 MB). Now used 73% and PPP connection up and works fine

Well, it's now solved. Wasn't pfSense at all. Rather, ESET was screwing everything up. Only found this out through trial-and-error reinstall. Apparently, it simply does not like when a network is set as 'Home', but with a public network it all works. Obviously with a public network sharing becomes a hassle so… Anyway, back to writing up the paper  ::)