@dtheimer: Setup Email Notifications using the Google Gmail SMTP service.  I am posting this information in an effort to help or save someone else time. E-Mail Server: smtp.gmail.com SMTP Port of E-Mail server: 465 Secure SMTP Connection: Checked From e-mail address: <email address="">@gmail.com account and have left the field blank - both options work Notification E-Mail address: <email address="">@gmail.com Notification E-Mail auth password: Need to use a Google Gmail App Password NOT your login password Notification E-Mail auth mechanism: PLAIN Log Entries: Aug 19 19:23:29 php-fpm 86995 /system_advanced_notifications.php: Could not send the message to <email address="">@gmail.com – Error: 534-5.7.9 Application-specific password required. Learn more at The above error was caused by using the standard login password.  Rather the password needs to be a Google "App Password" created specifically for pfSense Some additional Information: Google SMTP: https://support.google.com/a/answer/176600?hl=en Google App Password: https://support.google.com/accounts/answer/185833?hl=en</email></email></email> That did the trick!

@jimp Just an idea to make it far more obvious what has happened and why. A error in the GUI linking to a wiki page would least have saved me asking why this happened. @virgiliomi I am thinking of either the TP-Link TL-MR3020 or firing up my old OpenWRT RouterStation Pro.

Was having this same problem, multiple devices, and doing a force from the CLI resolved it. pkg install -F pfSense-pkg-freeradius2

There isn't a specific line in that case, it's a general error from pf. Usually happens if some other process is already attempting to access/load rules when the reload happens. There was a race condition in rc.newwanip not long ago that could do that frequently but that has been addressed. I don't doubt there are some others out there, but it's generally harmless since it reloads again after generating the notice.

Add a tunable for kern.ipc.nmbufs=1000000 and see if that helps. Also post the output of "netstat -m" just after a reboot and then after running a day or so.

Use SNMP or a Netflow sever to move the data to another server, there are desktop clients for SNMP and Netflow you could use for monitoring. Trying to pull data from the pfSense GUI 24/7 is not a great concept. Either it would have to get the data without being logged in (bad) or it would have to keep you logged in 24/7 (also bad). SNMP is made for such polling, and Netflow can work as well if you require IP-level detail and can setup the extra server it needs (outside the firewall).

my ethernet model ICH7M integrated 10/100Mbps + PHY 82562ET Marvell 88E8053 PCI-E Gigabit LAN

Your copy of the pfSense book will be a big help too, much information in one well organized spot.

@elementalwindx: We have a hyper-v installed pfsense on the newest version. No packages other than ntopng, and iperf installed. Simple setup of single wan, and single lan, and 1 openvpn connection going. Every Monday morning when the ladies in the office come in, they say the network doesn't work. They power cycle the machine running the pfsense and everything starts working perfectly again through the week. (Of course they do this without me at all) Any idea where in the logs to look for in figuring this out? Any ideas what it could possibly be? Thanks. Also in openvpn logs I'm getting: Aug 29 11:23:25 openvpn 72080 write UDPv4: No buffer space available (code=55) and it happens sporadically. All my routing is done automatically via the firewall itself. It's a basic openvpn connection site to site. Any ideas why I'm getting this?

So how would source lan ever be an input into your wan interface? The complete lack of logic when people start clicking on shit just blows my mind ;) hahaha, yeh I'm pretty fresh with hardcore firewalling and networking in general. I understand the principles and I've run some pretty massive AV/automation networks in the past, but never had to actually build anything from scratch like this before and never more than what is needed for an AV/automate network. The most advanced things I did were: configure a few VLANS, tag/untagged some ports, turn on IGMP snooping for multicast traffic and setup some static routes, forwarded some ports, setup a basic snmp and a winbox terminal. that's just about it in terms of actual networking. Plus the routers we were using weren't exactly cisco so turning on icmp is simply nothing I have ever thought was necessary. Cool basic feature though, especially for a firewall. So the logic there was that I want source LAN to destination WAN, I hadn't started testing that so that doesn't really matter for this…. but of course; port forwarding. that would've fuckd me. silly brain. thanks. I've added an ICMP rule to my WAN port (will take it off when finished testing) and whatayaknow; it pings. like I said, I really didn't expect that to be something needing configuration. It seems I have drastically under-estimated the amount of control allowed in pfsense, now that I know that I have a much broader scope of what is possible and what needs consideration. So did you turn off nat? if your going to be using this internally.  If then you have to create port forward not just open up a firewall rule. oops… it's turned off now... yeh, so all good with the port forwarding. Thanks though, I will definitely have a re-think of how I approach this project now that I have completed the initial fresh-project-sanity-check phase. Thanks so much for the reply, really appreciate the input! MedicineMan25

thanks. how can i restrict access from one VLAN to the other, I need it such that clients connected to the guest vlan cannot even ping the corporate network