This is another great site for Mail Server Blocklist validation:     http://multirbl.valli.org/ If you have your mail server on a separate WAN IP then your main WAN IP, then it looks like a device on your LAN was caught sending SPAM… Create some firewall block rules to block all outbound MAIL ports from your main WAN IP network... Enable logging, and see if you get any hits on that... Then cleanup the infected LAN device(s)...

If I remember correctly it has something to do with the MAC address VSpehere is assigning the new interface (at random). As most unix/linux sort their interfaces with some kind of "lowest mac address first", there could be the problem in your case. If the random assigned MAC is lower than one of the other 3, it gets mangled. (I stand corrected if that's not the case here, but we had a somewhat similar incident with normal BSD and Linux hosts and vSpheres random MAC assignments) Greets

Michael, you might get better results if you would post your question in one of the numerous support forums you have to scroll past instead of this general discussion forum.  They're arranged logically by topic.  The General Questions forum is a good catch-all if you aren't sure of which forum to post in.

"Perhaps this process could be refined further with the ability to place that config.xml file on the same installer USB stick." That would be nice, but would also require to mount the FreeBSD filesystem in your currently running OS where you create said stick. If I'm not mistaken, even the installer stick is partitioned with the freebsd filesystem & slices and e.g. Windows (and some linuxes) have a bit of a problem with reading and writing to that :)

There are, however, ways to mount filesystems over SCP/SSH depending on your client OS.

If all want to do is monitor something via ping.. Smokeping would be what I would look into.

Huh??  What is the masks on your 10.x.x.x networks? what is pfsense firewall IP of 10.11.12.1 and lan IP of 10.11.10.1 ??? Can you draw up your network labeling your networks and masks and what they are connected too.

Thanks I will start a new thread as this is going off topic.

BUMP Is this a taboo subject in Pfsense? Sorry if it is… was not my intention.. just a thought of how to allow users  to remotely setup rules in a albeit limmited yet simple way. VPNS are not always possible and leaving my ports open for travelling users abroad is caused some issues of late. Cheers -wookiefw

@johnpoz: So they are just moving large chunks of data back and forth? Sometimes, yeah. Most of the GbE clients wouldn't be heavily transferring files all the time, but I'd rather not have, say my laptop over Wireless AC either getting slow speeds or causing slowdowns for everything else on the switch. Even being a half-duplex medium, it would be able to eat a sizable chunk of that 1Gb uplink from the switch by itself, not factoring in other clients' regular internet+intranet traffic. @johnpoz: What exact board did you get with that many integrated nics? It's this one: https://www.supermicro.com/products/motherboard/Xeon/D/X10SDV-TP8F.cfm though I was initially considering Rangely Atom boards (like most of the mid-level appliances in the pfSense store) I decided to go with the newer Xeon-D architecture instead. So it really came down to that board and this one, which for the ~$20 price difference through the distributor I bought it through, it wasn't really worth passing up the extra GbE ports. @johnpoz: You don't need a managed switch, you don't even need a "smart" switch unless your wanting to vlan. That's my main dilemma, I need to VLAN for the access points and management network, so a smart or managed switch would be required if I can't use the ports already on my box. I'll be able to handle some of that on the router that I'd be repurposing as an AP+Switch, but it still wouldn't be able to handle the second AP upstairs or my desktop over 10Gb fiber.

Thanks i found out it is iperf2. Thanks

If your using 2 factor with gmail you will need to setup a APP password in gmail that does not require the 2 factor.

Yes. IPSec is standard. You just have to use a standard identifier and not the Sonic ID.

So I thought perhaps it was a CPU issue with OpenVPN, I disabled encryption and I'm still having dropped packets. The machine is pretty low-end (Atom D525) but processors are pretty free? last pid: 54088;  load averages:  0.76,  0.59,  0.61                                          up 10+19:46:55  13:28:42 482 processes: 5 running, 450 sleeping, 27 waiting CPU 0:  7.4% user,  0.0% nice,  3.5% system,  3.1% interrupt, 85.9% idle CPU 1: 11.3% user,  0.0% nice,  3.5% system,  2.0% interrupt, 83.2% idle CPU 2: 12.9% user,  0.0% nice,  2.7% system,  5.1% interrupt, 79.3% idle CPU 3:  4.7% user,  0.0% nice,  4.7% system,  6.3% interrupt, 84.4% idle Mem: 29M Active, 148M Inact, 427M Wired, 531M Buf, 7317M Free Swap: 16G Total, 16G Free   PID USERNAME      PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND   11 root          155 ki31    0K    64K CPU0    0 245.8H  86.47% idle{idle: cpu0}   11 root          155 ki31    0K    64K CPU3    3 253.4H  84.96% idle{idle: cpu3}   11 root          155 ki31    0K    64K RUN    2 246.6H  76.37% idle{idle: cpu2}   11 root          155 ki31    0K    64K CPU1    1 251.4H  75.20% idle{idle: cpu1} 23044 root          30    0 21624K  5684K select  2  8:53  18.36% openvpn 21063 root          52    0  262M 36096K accept  1  0:02  10.16% php-fpm 54088 root          40    0  262M 36124K accept  2  0:01  7.57% php-fpm   12 root          -92    -    0K  432K WAIT    0 596:01  4.88% intr{irq258: em2:rx0}   12 root          -72    -    0K  432K WAIT    3  22:44  4.79% intr{swi1: netisr 3}   12 root          -92    -    0K  432K WAIT    2 534:21  2.88% intr{irq261: em3:rx0} 72603 root          20    0 21856K  3928K CPU1    1  0:00  0.39% top   12 root          -92    -    0K  432K WAIT    1  60:03  0.20% intr{irq259: em2:tx0} 2475 nobody        20    0 16836K  4100K select  2  0:24  0.20% darkstat     0 root          -92    -    0K  304K -      0  75:03  0.00% kernel{dummynet}   12 root          -92    -    0K  432K WAIT    3  71:32  0.00% intr{irq262: em3:tx0}   12 root          -60    -    0K  432K WAIT    2  16:23  0.00% intr{swi4: clock}     0 root          -92    -    0K  304K -      3  14:40  0.00% kernel{em3 rxq (cpuid 2}     5 root          -16    -    0K    16K pftm    0  7:41  0.00% pf purge 31241 root          20    0 16676K  2560K bpf    1  6:58  0.00% filterlog   15 root          -16    -    0K    16K -      0  4:58  0.00% rand_harvestq     0 root          -92    -    0K  304K -      2  4:32  0.00% kernel{em1 que}