@stan-qaz:

Have you tried a different NTP server? I'm not seeing a noticeable delay with the Mar 13 snapshot on x64. I'm using my ISP's NTP server a couple hops away instead of a more distant one.

Thanks for that stan, Figured out, it was caused by the failed CMOS battery on the system! Changed it and the time in the bios, no more issues!

Thank you guys!

Thanks, I forgot to mention that I'm still running 2.0.1-RELEASE.  I'd like to upgrade to 2.1 and FreeBSD 8.3 but it was hard enough getting this installed on my headless Soekris box (a custom binary to boot with only a serial terminal).

Andrew

Thanks, that did the job.

@suicidegybe:

So what rules do you have to set to give vlans internet access, and how would you grant access from one vlan to another.

I don't mean to highjack this post but this is exactly what I'm trying to do too.

I have this right now: internet-pfsense-netgear gs724t-rest of network(data,voice,tv)

What I would like to do is separate data, voice, and tv out to their own vlans. I set three vlans on my pf sense box and generally understand how to configure the switch. But my issue is that I have two devices that need access to two separate vlans. My servers have the same need but only because the vm's need a different vlan so I will just tag the vm vlan and leave the host to be tagged by the switch, or is this not the way to do it? How would I access say the web gui for my PBX server if it is on a different vlan than say my work station? Is this configured through rules if so how? Same for all rdp type services. I would like to be able to manage all my devices from my work station but not be on all vlans?
Thanks

Determine what network addresses you want to use for each VLAN, create the necessary VLANs on your switch, apply them to the ports for devices you want on each VLAN, setup your trunk port on your switch, then create the VLAN interfaces in pfSense. Once you create the VLANs in pfSense you can go to the (assign) option under the Interfaces tab and create new interfaces for each VLAN. Then just assign an IP address on each new VLAN interface to your pfSense box, using an address from the network you want to use for that VLAN. At this point these new interfaces will be available under your Filters, so you can allow/deny traffic to/from each of your different VLANs from your LAN. It sounds like you want to allow your LAN to access your VLANs but not the other way around. In that case, just create block or reject rules on each new VLAN that prevent those networks from accessing your LAN.

To access the pfSense web interface from a device on that VLAN just open a browser or SSH session to the IP you assigned to pfSense on that VLAN. By default the filters will allow access to the web interface from each VLAN unless you disabled the anti-lockout option on the Advanced setup screen.

This page describes most of the setup quite nicely: http://doc.pfsense.org/index.php/Multi-WAN_using_VLANs_with_pfSense

Just note that site is for using Multi-WAN which isn't what you're after, so ignore the parts about assigning gateways for each VLAN as you're only creating LAN-type VLANs, not WAN-type (you only have a single WAN, so you only want a single gateway in pfSense). Good luck!

@Cry:

Before you launch the application the next time, run up Wireshark first (on the PC running the application) and start a packet capture. Then launch the application and once the error appears stop the packet capture. The packet capture may help you work out what's causing the error (it may be useful to compare it with a capture done when the application works).

Thank you, I will try that when i get the chance.  I will see what errors i get.

this issue is resolved now.  i installed 2.1 beta version which has newer release of FreeBSD and updated Intel nic drivers and i am having no more daily crashes.  
i assume the older version of FreeBSD that the 2.0.x pfSense uses had bad em(4) drivers :)  the 2.1 beta version is performing well for me.
thanks
Richard

Put any port specific allow rule above any blanket deny rules.

Are those VLANs truly the same VLAN, or just the same ID on different, isolated switches?

@wallabybob:

You could use pfSense package pfflowd to export flow records to another system. The flow records also contain traffic statistics.

This package worked perfectly. Thanks!

@jimp:

Netflow should work, but failing that, you'll have to wait until we incorporate this feature:
http://redmine.pfsense.org/issues/2118

That sounds like a good feature to have, looking forward to it. Thanks for the update.

I was using PPTP and supporting IPSec via 3rd party software for years on pfSense.  Finally broke down a few months ago and implemented OpenVPN.  I'm very happy with OpenVPN and it's ability to pump out client configuration files or integrate into Active Directory.

Did you submit crash report(s)? If not, please do. If so, let me know what public IP they came from (via PM with a link to this thread is fine if you don't want to list publicly).

Thanks for clearing that up.

Well I tried the i386 embedded image (2.0.2) on a flash drive and got a bunch of "g_vfs_done" errors, so I guess that doesn't work. strangely I could still get through the dialog where it asks about the ethernet devices, while it was cranking out these errors. But finally it choked.

Still wondering if this is a kosher thing, putting a CF image on a flash drive (to prevent most writes and make it last longer).

See http://forum.pfsense.org/index.php?topic=10138.0;prev_next=prev - and indeed it is not an easy process.  Here's a blog detailing a process to achieve a SIMILAR (but not IDENTICAL) goal:  http://www.libcrack.so/2012/02/25/installing-tor-alix2d2-running-pfsense-2-0/.

Best Wishes on this, and if it works out well post back with info on what you did to make it work!

I have those kinds of log entries too.  They come from an Apple Airport Express wireless AP.  It's in bridged mode and pfSense thinks the MAC address changes from the wireless device to the Airport's MAC address.  It's weird but I think it might have more to do with how the Apple AP does whatever it does.  I have an Airport Extreme which does not exhibit this behavior.  Both are on the latest firmware releases.

We have a customer with 2 devices also on Apple Airport Express units that do this also.  I can confirm its the same device with a statically assigned address. Does it to them as each device roams through the building.

Other (third device) Apple desktop does this when the Apple tech insists on turning the wireless back on while still connected to the hardwired port.

kernel: arp: 192.168.10.22 moved from 00:23:df:ad:41:e2 to 28:37:37:3f:26:8b on igb0
kernel: arp: 192.168.10.22 moved from 28:37:37:3f:26:8b to 00:23:df:ad:41:e2 on igb0

41:e2 is the desktop-
26:8b is the airport express.

Im pretty sure its the AP causing this log.

tim.mcmanus,
thanks for proposal, will try it.

cmb

I am agree with you that "The fact that X doesn't work for someone doesn't mean X doesn't work" but i see that you agree I could be faced with a real bug at my setup..
1. So need the process of identification what is the real bug and what is not at forum/other sources. We are free testers for PFsense :) Need to utilize us.
2. Also some formal process of product readiness to sign off, for example by number of reported bugs in a period and no major bugs at stable release. Pfsense is not a commercial product, so no pressure from high-value, top customers to release product to a specific, predefined date. The main goal is stable and perfect product.
3. Major bugs discovered at stable release during production use should be an exceptional case. Need process for rapid patches…See current situation - we have stable 2.0.2 and fix at 2.0.3 which is still not released..Pfsense already have functionality for checking updates, so that could be easy to implement. See the debian process - major releases with new features and a lot of patches between them. Users should not wait for the next stable release to apply critical patches for existed packages/functionality.

I understand that I could missed some opensource development nuances. That is Just my thoughts in an air.. :)
I understand that you, pfsense guys, already have stable development process and great coordination - > currently you at top of free routers solutions.

With respect,
one of pfsense users.

It is definetely some sort of problem between the ath0 driver and the traffic shaper…

At work we recently started dealing with VoIP traffic. The shaper on the other interfaces works great, but I will need to come back to this and figure it out soon. I need the shaper on the WLAN as well... :-\

I'll keep you updated on any findings.

Regards!

http://forum.pfsense.org/index.php/topic,57400.0.html

http://forum.pfsense.org/index.php/topic,54343.0.html

http://forum.pfsense.org/index.php/topic,53214.0.html

http://forum.pfsense.org/index.php/topic,47245.0.html

http://forum.pfsense.org/index.php/topic,52082.0.html

Hi…my problem that pfsense box updates my domain slowly (about 15 minuts) , can i set time to update that domain ?