I wanted to say thanks for taking the time in this detailed write-up. I am facing similar issues with a customer's VOIP provider. We replaced an existing SonicWall solution with a pfSense-based appliance (the SonicWall was having horrible problems with the VOIP). The pfSense appliance installed like a dream. Since then, the VOIP issues had been slightly better, but still existed. Your post was detailed enough so I could apply your findings to our setup. We'll see how things improve over time. I'll post back here if I develop useful follow-up.

Thanks charliem! I'm starting to think that USB is the root of the issue. I fired up the apcupsd status panel and got the "could not connect to service" error; according to the system logs apcupsd was not started as the UPS could not be found. I unplugged the UPS, plugged it in again, checked dmesg and got the following: ugen0.2: <unknown>at usbus0 (disconnected) uhub_reattach_port: could not allocate new device ugen0.2: <american power="" conversion="">at usbus0</american></unknown> I went into the apcupsd panel and hit "Save" on the configuration page then clicked over to the "Status" tab and lo and behold, the UPS service had been started and the status was printed out. This was a couple of hours ago; I've just checked the RRD graphs / vmstat and the wired memory has stopped increasing and leveled off, and no funny USB related stuff in dmesg either. I've checked the UPS' USB port on my linux dev machine and all seems just fine, my guess is that there is an issue with the USB driver and the way it is initialising the USB hub which is hung off the controller on the motherboard. I've detached the UPS' USB for the time being, will restart it and see what happens. Incidentally I plan to upgrade the hardware to a more modern Haswell CPU / board in order to save some power so I'll do the same set of experiments once that's up and running in a couple of weeks. Many thanks for your help! If things start to get wierd again I'll append this thread with an update as it does seem there may be an underlying issue with the kernel and this USB configuration.

You can also use "tip" or "cu" which are already included.

Did you ever found out how to do this? I have the same problem.

Your post is useful and knowledge so true.

Where are you testing from? You can't test from the pfSense LAN because of: https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks Steve

Anytime.

don;t know if this can be a bug or it's the way it should work. maybe some of you can reply on this thx

Assuming you've probably tried another network cable, if not, do that. If your ISP is being less than helpful, you could try plugging some other device into your cable modem. See what it ends up with. If it also ends up at 100 half, then there's a good chance the duplex is forced on the modem, or the modem is bad.

Have just taken out the pfSense box and opened up the Wifi for now. I will work on the box tomorrow evening and see what gives. I will report back here to let you all know. Thank you all very much for your help so far. Colm

arch…....i saw that in the GUI but thought maybe the GUI is'nt showing the right value. Thnx for the lesson !

I have a similar if not identical issue.  This is on nanobsd 2.1.5 -  any way to "fix" this without a full system reboot? any idea why it's happening? [image: ut0CvE4.png]

Thanks again Steve. I'm asking in relation to that other thread of mine you replied to, in case I need to build another box.

I raised a bug report: https://redmine.pfsense.org/issues/3951 That way it does not get forgotten.

You don't have $60 ? http://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ Bridging the pfSense interfaces will be: 1. More complicated 2. Exhibit inferior performance Yes, it can be done, but to be frank, I'm not sure I have the patience to spend a bunch of time talking you through doing it wrong so you can avoid spending $60. https://doc.pfsense.org/index.php/Interface_Bridges Here it is in a nutshell, though: Create VLANs 100 and 200 on eth1 (or whatever your available interface is) Create a bridge containing LAN and  eth1_vlan100. Assign interface LAN to BRIDGE0. Assign interface GUEST to eth1_vlan200 Set your guest IP info and firewall rules on the GUEST interface. Your AP should be set to send your internal SSID tagged on VLAN 100 and your guest SSID tagged on VLAN 200.

FYI- There is not currently any script to perform that function on the command line or to otherwise bulk create certificates.

This seems to be perfect! Thank you so much!

Thank you for the clarification. I guess I was expecting /32 addresses expanded through the whole range. I like this truncated method better anyway.

Hi, Thanks for the good suggestions from you guys i really appreciate it.