@scan:

@hoba:

PPPoE happens on layer2, this means you don't need anything else at this interface allowed and it still will work after authentication. If you only want users to be able to pass through your firewall after they connected to PPPoE delete all rules at the Interface you run PPPoE on and disable the DHCP-Server for this interface.

how?

Let's say you run the PPPoE-Server at OPT1, delete all rules for OPT1 and don't set up a  DHCP-Server for this interface. Add pass-rules for your PPPoE Interface. Done.

Edit your /etc/sysctl.conf and add kern.timecounter.hardware=TSC. That's it.. problem solved!

@cheech:

I am "upgrading" some SonicWall equipment to pfsense. The SonicWall has settings for both TCP and UDP "Timeouts" (I can maybe understand TCP but isn't UDP stateless?) ANYWAY… I run terminal sessions via telnet over a VPN and I had to adjust the TCP Timeout on the SonicWall from a default of 15 mins to something like 60 mins otherwise users were getting dropped when they were idle. I don't see any settings like this in pfsense and am wandering if I might end up with a problem?

Thanks!

Default established timer is 24 hours using "normal" state timeouts.

–Bill

If you are asking if you can do the same thing with pfSense on the fly, the answer is not at the moment.

You should be able to use G4U (Ghost 4 unix) to do something similar to Ghost.  Maybe that would be quicker.

http://faq.pfsense.org/index.php?sid=61682&lang=en&action=artikel&cat=1&id=165&artlang=en

@rneily:

@sullrich:

This is done.   Note that for 1.0 you can simply touch /var/etc/use_pf_pool__stickyaddr to get the same effect.

Is this still present in beta4 and will it be included in release 1.0?

Yep.

NTOP needs a package maintainer.

pfSense core is busy getting the release out the door so we will not be spending any time on packages until 1.0 is done.

great faq :) but please tell me what to do if i would like to add another cilent certificate after some time?
what step to do?

This was fixed after beta4. Reinstall and run a cvs sync or wait for RC1 which should be available soon.

Yep, looks like thats not going to be fixable for 1.0.

I'll remove the feature now.  Thanks for bringing it to my attention.

This was already fixed in HEAD at some point.  Sent you a patch to apply to RELENG_1.

–Bill

That does fix it, but I would like the router to pull time from the central AD server as the rest of the clients do. I have researched some and found some distros of Linux work with it, some don't. (AD that is). I will just point the pfSense firewall at the pool.ntp.org along with the AD server for its external source. Thanks!

On all interfaces except LAN.  And even then I think it only kicks in if an optional interface is a WAN interface.

Thanks for reporting, just was fixed: http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/vpn_pppoe.php.diff?r1=1.28;r2=1.29;f=h

You can specify the subnet that is handled by the PPPoE Server, so you can have any subnetmask you wish. Speed and throughput of course is depending on your hardware.

I'm sorry Bill.
In fact you could be right.
The "Copy MAC" link that I'm talking about could actually well be the one in the DHCP server section.
Sorry about that ;)
Cheers

thanks scott, all ok.

You can also change the optimization level in System -> Advanced.