:) :) :) :) :) :) Huraaah it works, many thanks Rafi

At the bottom of the link KOM mentioned :-

Status -> System Logs -> Settings

Remote Logging Options

OpenVPN?

It will always allow the ping traffic out. More likely is that whatever is at the other end stopped responding to ping or you moved to a different gateway that doesn't respond. Or maybe it triggered something that blocked pings!

If you set the gateway monitor to an alternative IP accessible over the VPN that should give you back link stats.

Steve

@stratus:

I made the following adjustment yesterday:

Routing -> Edit Gateway

Probe Interval: 3 Down: 60

I dont know if it is just a fluke or not, but I did not register any outages last night. I will continue to monitor and update this post as I discover things

This worked for me.  Made an account just to thank you for it.  Had been troubleshooting it for 2 days.

Well, for a start I now have an AES-NI mini-pc with pfsense running as main router. :)

There are still some processes in pfSense that are thread-locked or do not scale well across cores and those benefit from faster CPU speed.

If you run a number if things though, VPN, snort, squid etc, those can use separate cores so you would some benefit there.

The sweet spot there depends what you're running but 4 fast cores is pretty good for a default setup.

Steve

Probably not.

It depends exactly what that box is doing though. For example pfSense can do ML-PPP itself:
https://doc.pfsense.org/index.php/Multi-Link_PPP_(MP/MLPPP)

Steve

By lying and increasing my subnet size from /29 to /24 on the LAN2 I have avoided duplicate interface addresses on LAN2 and WAN2. At least traffic is now flowing…

@Gertjan:

This is the key word :

Cannot allocate memory

Also check drive space and disk allocations.

If needed, stop en remove the "memory eaters" (packages - and I'm not talking about the cron - or note package here  ;))

Hi Gertjan,

that's not a Problem of mine. The Server has a CPU Load from 3-4 Percent and a low Mem usage.
I found out that the Message and the Problem happen, if a Gateway has Packetloss and it's marked as down. Than the Error is generated. Also if the GW is coming up again. I think this is a bug that has been checked.
As workaround i disabled the gateway-check. Than nothing error happen.

Hi,

Probably freebsd kernel hints file.

See what dmesg has to say.

@SammyWoo:

Looked at the diagram more closely and this is impossible as pfsense is on the same subnet as the laptop.  Bad mask(s) or the Switch is hooked up/configured wrong.

the answer was here

https://forum.pfsense.org/index.php?topic=132528.msg730834#msg730834

the device is kinda defective as shown

Int 1 –-> ibg0
Int 2 ---> ibg2
Int 3 ---> ibg3
Int 4 ---> ibg1

this is the port config of the device..this is why it didnt work because it wasnt the correct port.

"100% True !! I totally agree, I bet even all free DNS's are in it to. "

Then why don't you just resolve.. Are the root servers in in on too?  When you resolve you ask the roots for the NS of the domain your looking for, then you directly act the authoritative ns for that domain.. You do not forward all your queries to some specific name servers..

And you can limit your queries to the roots for only the specifics.. Ie you don't ask root for www.domain.com you ask for .com ns, then you ask .com ns for domain.com - but I found this to be very problematic with many domains that do delegation, etc.. microsoft technet had all kinds of problems if I recall.

there was a whole thread about turning this feature on..

qname-minimisation

If your interested in such a thing.

That makes sense…didn’t think of that.  Thank you!

ETA:  That was the issue...the 4 port NIC now occupies igb0 through igb3 and the onboards start with igb4.  Thanks again!

Hi kshays,

If you had no 3rd NIC on your pfsense you would tag all VLAN's on the LAN NIC and on the switch uplink port (trunk).

You would then untag/tag ports on your switch as per requirements. In your example you would:

Switch Port 1 - Tag VLAN1 & 3 (as it's carrying both Secure WiFi and Guest VLAN traffic to the ASUS RT)
Switch Port 2 & 3 - Untag VLAN1

I hope this makes sense.

SJT.

Well am glad u were able to resolve this with easily replaceable NICs and not some embedded soldered on NICs.  There are some system/advance/network parameters that users can turn off to deal with problematic NICs to try things out as alternative.

????

What do you mean pfSense server?  PfSense is a firewall/router, that can also do things like DHCP and DNS servers.  If you have multiple sites connecting to it, what will you use as a firewall on those sites?