Looks like I missed a halt statement.  I just added the code.

In the meantime, do this.

Boot to single user.

run /etc/rc.conf_mount_rw

cd /cf/conf/backup

Find the most recent file then issue:

mv $mostrecentfile /cf/conf/config.xml

run /etc/rc.conf_mount_ro && shutdown -r now

Replace $mostrecentfile with the filename that you found.

This will get you back up and running.

Linux show and yet 10 minutes was on freebsd:P

rrd databases are stored in /var/db/rrd

you would want to get rid of the wan-traffic.rrd or wan-packets.rrd.

Note that the peaks are caused because I do not know the speed of your internet connection. So we assume the linespeed can go upto 1Gigabit.

Because gigabit can wrap the counter within 30 seconds we get a large traffic spike.

You could manually adjust these numbers in status_rrd_graph_img.php, there is a $downstream and $upstream defined which you can adjust.

Note that the version of the status_rrd_graph.php in your version may be older and have a value of 12500000 included in the graph code for traffic.

The current code in HEAD solves this slightly more intelligently whenever shaper speeds are available. (even when disabled!).

Cheers

@mazott:

Hello,

Using RC1, I'm configuring an OpenVPN cliient to connect to an existing, linux based,  OpenVPN server.
The configuration uses the TCP protocol, the connection to the server via http proxy and PKI for authentication.
Also, the Interface IP field, setting the IP to be assigned to the local interface, is left blank, as the remote OpenVPN server would dynamically set it, likewise my other  working clients (not pfSense based).

As  mentioned above, such  client configuration uses the http proxy to contact the remote server. However, when the relevant fields for the proxy server and the proxy port are filled I experience the following problems:

the configuration is not saved and pfSense complains that a TCP based vpn connection is needed for the configuration using http proxy, although the protocol field is actually set to TCP.

Try a recent snapshot, I believe I fixed that bug after RC1.

@mazott:

Since the http proxy needs authentication (BASIC), I can't find in the gui the fields for username and password to enter.  Should I enter them in some file manually, like the standard openVPN implementation would require?

Enter them in the "custom options" box at the bottom (yeah, I know it's small, that's fixed in the HEAD trunk, sorry) just as if you were adding to the normal config file.

–Bill

Thx
Search - good idea (sorry for FAQ questions)  :-[

Reinstall.

Make sure your Bios at the clients you want to wake up are configured properly and/or support WOL. Sometimes it is also called wake on ring or Wake on PCI event. If it's still no go try with an alternative program if it works. If this fails as well it'S not an issue with the pfSense.

Ok, on new hardware and getting the samething….will check the logs when I get home & post.

pfSense doesn't support interface alias in version 1.0, however this is already present in head.

You can add multiple VLANs to a physical interface. Each VLAN will become a seperate interface providing all the options/services you have for a real physical interface (unique IP/subnet, filtering, dhcpserver, …).

That fixed the problem. Thanks  ;D ;D

Nice Aldo, keep us updated how these values scale when you have the real 1500 user setup  ;D

"In a bridged setup all interfaces involved in the bridge have to be up, so you need a link at lan."

That's what was getting me…...I don't recall seeing that anywhere in the documentation.

Thanks.

Just out of curiousity, are you putting this capture device between the pfsense box and the modem, between the switch and your daughters computer, running a hub for your daughters computer, or spanning the switch port of your daughters computer?

The cheapest solution that I can see by far provided you don't need over 10Mbit is to get a cheap tiny hub, connect it between the wrap switch and your daughters computer, and instead of running a proxy just have the capture device in promiscuous mode to capture everything travelling though that hub.

At my last job we had an IDS and it was basically connected to a switch with a spanned port.  The port that was being spanned was the port of the default gateway.

chmod a+rx /usr/bin/cvs

You should be able to at least slow this down by using the advanced options for the firewall rule that is granting access to SSH (like new X connections/Y seconds, simultaneous connections/host, …).