@wallabybob:

The output of pfSense shell command```
/etc/rc.banner

It's not obvious, reading this, how your various networks are setup. Please post the ouput from the above command.

@MLWALK3R:

The DHCP for the Wan is handled by the modem "Dlink DSL-520B" but for local computers its handled by Windows Server R2

If the above is true have you disabled the LAN DHCP server in pfSense? Have you changed the pfSense LAN IP to be in the 10.0.0.1/8 subnet? /8 seems excessively large, how many machines do you have?

Steve

It depends.

On a full install, no, it's not possible. Too many files would get left in place that would break things. You have to reinstall.
On NanoBSD, yes.

However either way you'd need to restore a config from before the upgrade, since the config format changed from 2.0.x to 2.1.

As reliant as schools seem to be on internet content these days…

1gBps connection. Limit actual users to 10mbps. Wifi users jjust student devices?  Same thing. Limit by blocks of addresses.

I'm interested in this as well.  I'm able to successfully WOL my Win7 htpc using two separate iPhone apps, and even use one to route across different subnets because it allows a port to be assigned to the packet.  Neither are able to WOL a Mac mini, however, even on the same subnet.  pfSense WOL works in both cases.  I wasn't too motivated to investigate the Mac mini problem further since the pfSense solution fit the bill.

More specifically I believe he's looking for the .conf files that are generated when setting up OpenVPN servers and clients.

Run the following command in the GUI:  Diagnostics/Command/Execute Shell Command

find /var/etc/openvpn/ -name "*.conf"

You can then copy and paste the output to 'File to Download' to download and inspect them.

I would say that for some reason your tcp transmit buffer is full. Or at least it's emptying far slower than it should.
Just a guess though.

If you Google the problem you'll see it can be caused by something as simple as a loose network card or bad cable.

Steve

Please see my past post on this topic, on which you also commented:

http://forum.pfsense.org/index.php/topic,48966.0.html

I have checked a number of times with my ISP on this matter and they can supply me with no information/clue as to what is going on, but on a few occasions I know I was not the only customer who went down.  What I don't understand is why I have to do a complete reboot of pfSense in order to reestablish the PPPoE connection.  I do use a PCI modem card (Viking) in bridge mode in my pfSense box for my DSL connection, so it is possible that the card is crashing.  The interesting thing is that I do not loose DSL sync when my PPPoE connection goes down and the basic ATM protocol on top of PPPoE stays connected (I know that from my ISP).  The only way I can reestablish my PPPoE connection is to reboot pfSense, then I always end up with a new (dynamic) IP address from my ISP.  The routers I owned prior to building a pfSense box also all did the same thing, however, so the problem may not be with my modem card.  The disconnects are seemingly random, but seem to happen during web surfing (not inactivity).

When my MTU was set at 1500 I could force a disconnect simply by doing an online speed test (apparently during the upload portion of the test).  Changing the MTU down to 1492 and the MSS (box setting) down to 1452, however, allowed me to do online speed tests without crashing my connection.  That is why I am wondering if lowering MTU/MSS further might solve my "random" disconnects.

The only other thing I can suppose is perhaps my ISP runs a program to periodically and automatically disconnect users like me who leave their modem/routers on all the time in order to free up a larger pool of available IP (ver. 4) addresses, but that supposition is merely speculation on my part.

Hello rajatag,

I don't use the captive portal. In the web-IF are only this options:

WebCfg - Services: Captive portal page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit MAC Addresses page
WebCfg - Services: Captive portal: File Manager page
WebCfg - Services: Captive portal: Mac Addresses page
WebCfg - Services: Captive portal Voucher Rolls page
WebCfg - Services: Captive portal Vouchers page
WebCfg - Status: Captive portal page
WebCfg - Status: Captive portal test Vouchers page
WebCfg - Status: Captive portal Voucher Rolls page
WebCfg - Status: Captive portal Vouchers page

So I don't think it is implmented in pfsense.

@rajatag:

Also, I do not find any code in the php files that authenticate captive portal logins to the LDAP. Have you come across something similar?

Did you tried to just reset states instead of pfSense reboot?

Public IPs are static. And there are 7 of them and I only need one for pfSense so rest of them should be given to the person who manages the servers - hence I really need that "switch" port but with capability to allow me run the VoIP network smoothly with traffic shaping or QoS.

Thanks

now it works flawless.

;D ;D

Well, I've learned a few things on this journey:

Endian looks nice. However it's buggy, and unsupported. Optimum Online sucks. Pfsense has a lot of cool features I wasn't even aware of. I missed pfsense.

I left Endian working over the weekend, and the connection was perfect over the weekend. So, I put in Pfsense to see if I could play with settings and get it working, but it worked fine, and has been fine for the past 24 hours. I was really hoping the problem would still be hanging around, so I'd have a chance to change settings and figure out what was going on. If anybody ever has an idea why this happened, I'd be grateful to know for next time.

@stephenw10:

Good result. Interesting thread too.  :)

Steve

Indeed

To do this using hardware similar to that in the first post you would need to check two things:
1. Your wifi APs must be able to assign different virtual APs (SSIDs) to VLANs. This is a feature commonly found in enterprise grade APs but not often cheap wifi equipment design for the SOHO market. You may be able to add that feature by using an alternative firmware (dd-wrt, openwrt, etc).
2. Your switches must be able able pass vlan tagged packets. They probably do but it's worth checking first.

Then you assign some vlan interfaces in pfSense and use the same VLAN tags in the APs. Put in place appropriate firewall rules to isolate the different wifi networks.

Steve

Edit:
The TP-Link TL-WA901ND quoted above does support this:
@http://www.tp-link.com/en/products/details/?model=TL-WA901ND#fea:

Up to 4 SSIDs and VLAN support, it allows networks administrator to segregate different services or applications to different designated users

Try a pfSense 2.1 snapshot

http://snapshots.pfsense.org/

You'll need to reapply a firmware update.

You must have installed a package that replaced the ldap library, such as squid, and then uninstalled it, which removed it.

Reapplying your current firmware will replace the files with the proper versions and allow them to work again.

Well if it were any other use of the word, you'd be right… but the misspelling made it into the spec and we're stuck with it now. :-)

that would solve your issues if you have rouge dhcp server on the network.  Just the that the rule is not required and keeps the listing cleaner.  No reason for duplicate rules, etc.