@wallabybob:

You could use pfSense package pfflowd to export flow records to another system. The flow records also contain traffic statistics.

This package worked perfectly. Thanks!

@jimp:

Netflow should work, but failing that, you'll have to wait until we incorporate this feature:
http://redmine.pfsense.org/issues/2118

That sounds like a good feature to have, looking forward to it. Thanks for the update.

I was using PPTP and supporting IPSec via 3rd party software for years on pfSense.  Finally broke down a few months ago and implemented OpenVPN.  I'm very happy with OpenVPN and it's ability to pump out client configuration files or integrate into Active Directory.

Did you submit crash report(s)? If not, please do. If so, let me know what public IP they came from (via PM with a link to this thread is fine if you don't want to list publicly).

Thanks for clearing that up.

Well I tried the i386 embedded image (2.0.2) on a flash drive and got a bunch of "g_vfs_done" errors, so I guess that doesn't work. strangely I could still get through the dialog where it asks about the ethernet devices, while it was cranking out these errors. But finally it choked.

Still wondering if this is a kosher thing, putting a CF image on a flash drive (to prevent most writes and make it last longer).

See http://forum.pfsense.org/index.php?topic=10138.0;prev_next=prev - and indeed it is not an easy process.  Here's a blog detailing a process to achieve a SIMILAR (but not IDENTICAL) goal:  http://www.libcrack.so/2012/02/25/installing-tor-alix2d2-running-pfsense-2-0/.

Best Wishes on this, and if it works out well post back with info on what you did to make it work!

I have those kinds of log entries too.  They come from an Apple Airport Express wireless AP.  It's in bridged mode and pfSense thinks the MAC address changes from the wireless device to the Airport's MAC address.  It's weird but I think it might have more to do with how the Apple AP does whatever it does.  I have an Airport Extreme which does not exhibit this behavior.  Both are on the latest firmware releases.

We have a customer with 2 devices also on Apple Airport Express units that do this also.  I can confirm its the same device with a statically assigned address. Does it to them as each device roams through the building.

Other (third device) Apple desktop does this when the Apple tech insists on turning the wireless back on while still connected to the hardwired port.

kernel: arp: 192.168.10.22 moved from 00:23:df:ad:41:e2 to 28:37:37:3f:26:8b on igb0
kernel: arp: 192.168.10.22 moved from 28:37:37:3f:26:8b to 00:23:df:ad:41:e2 on igb0

41:e2 is the desktop-
26:8b is the airport express.

Im pretty sure its the AP causing this log.

tim.mcmanus,
thanks for proposal, will try it.

cmb

I am agree with you that "The fact that X doesn't work for someone doesn't mean X doesn't work" but i see that you agree I could be faced with a real bug at my setup..
1. So need the process of identification what is the real bug and what is not at forum/other sources. We are free testers for PFsense :) Need to utilize us.
2. Also some formal process of product readiness to sign off, for example by number of reported bugs in a period and no major bugs at stable release. Pfsense is not a commercial product, so no pressure from high-value, top customers to release product to a specific, predefined date. The main goal is stable and perfect product.
3. Major bugs discovered at stable release during production use should be an exceptional case. Need process for rapid patches…See current situation - we have stable 2.0.2 and fix at 2.0.3 which is still not released..Pfsense already have functionality for checking updates, so that could be easy to implement. See the debian process - major releases with new features and a lot of patches between them. Users should not wait for the next stable release to apply critical patches for existed packages/functionality.

I understand that I could missed some opensource development nuances. That is Just my thoughts in an air.. :)
I understand that you, pfsense guys, already have stable development process and great coordination - > currently you at top of free routers solutions.

With respect,
one of pfsense users.

It is definetely some sort of problem between the ath0 driver and the traffic shaper…

At work we recently started dealing with VoIP traffic. The shaper on the other interfaces works great, but I will need to come back to this and figure it out soon. I need the shaper on the WLAN as well... :-\

I'll keep you updated on any findings.

Regards!

http://forum.pfsense.org/index.php/topic,57400.0.html

http://forum.pfsense.org/index.php/topic,54343.0.html

http://forum.pfsense.org/index.php/topic,53214.0.html

http://forum.pfsense.org/index.php/topic,47245.0.html

http://forum.pfsense.org/index.php/topic,52082.0.html

Hi…my problem that pfsense box updates my domain slowly (about 15 minuts) , can i set time to update that domain ?

So is it accepted to create a VPN server on the pfsense computer, that you login to first?

http://cable-dsl.navasgroup.com/#WhyItMatters

This used to matter more when connections were slower but increasing in speed and before the standard OS's really became meant to deal with the new latency speed combinations.

With satellite, I used to get a little better performance out of our system… But that was older technology and Windows 2000.

Newer OS's are supposed to handle todays connections much better and should pretty much work out of the box. Once again though the satellite thing...

Speedguide.net has an optimization program you can look for... or

Cablenut.com has a program that can help you if your XP or earlier...

Your on your own if it breaks. I assume nothing ect ect...     Good Luck!

The aliases section is not relevant here. Sounds like you want to use inbound load balancing. See:
http://doc.pfsense.org/index.php/Setup_Incoming_Load_Balancing
That might be a bit outdated but it gives you the idea.

Steve

Im no means in any way an expert but will link CMB from another thread:

http://forum.pfsense.org/index.php/topic,51238.0.html

Thanks everyone. That got me the information I was looking for.

@pookguy88:

Ok, so I've decided I want to try playing with VOIP and VLANs.

… I've purchased a VLAN capable 5 port Netgear switch to test.

Hope this is still helpful… I noticed you mention Netgear, so the attached show my VLAN / Netgear setup. It's working fine.


@dhatz:

What does "re-staging" mean?

to clear and set up a device for redeployment,  after it had been in service.

Did you wipe clean the disk / cflash and re-install pfsense 2.0.2 and restore the .xml config file?

format yes,  restore no.  I didn't want to potentially import the issue.  As I mentioned my set up is simple,  it firewalls,  proxies,  routes, reports  and has fail over set up.  everything else is basically disabled or at default values so there wasn't a lot of vaule to use the xml.  Only took a few minutes to put it back to where it was.  Keeps you familiar with where the settings are which you don't often access.  8)

-g

@Mrfairweather:

Now I don't have access to the GUI. I tried killing the squid via cli but it keeps restarted.

There is a process called sqpmon (SQuid Proxy MONitor) that checks every minute or so to see if Squid is running. If Squid is not running it will restart it. If you really want to kill off Squid to test something, then you need to kill sqpmon first.

@Mrfairweather:

Side note should i update the base OS or is that frowned upon in these establishments  :)

pfSense is tightly integrated with the underlying FreeBSD (extra patches and goodies to make things even better). You need to stick with pfSense builds.