Reading other posts, it sounds like it might be a state timeout issue.  It's been suggested that switching the Firewall Optimization Options (System-> Advanced-> Firewall and NAT tab) to "conservative" may help.  Apparently typing "pfctl -st" in the console shows you the timings. Below are the normal values.  The fact that the "tcp.closing" timing matches up with your 15 min. disconnect issue is probably not a coincidence : [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  120s tcp.opening                  30s tcp.established          86400s tcp.closing                900s tcp.finwait                  45s tcp.closed                  90s tcp.tsdiff                  30s udp.first                    60s udp.single                  30s udp.multiple                60s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s Here are the conservative timings: [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  3600s tcp.opening                900s tcp.established          432000s tcp.closing                3600s tcp.finwait                600s tcp.closed                  180s tcp.tsdiff                  60s udp.first                  300s udp.single                  150s udp.multiple                900s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s

You don't want to use a network or host alias for that many entries. In 2.3, you can go up to 5000 members. Anything beyond that has to be a URL table alias, and likely anything beyond 1000 really should be as well.

First, complete your network…. and then...  test.  Even though it may work as connected it's not ideal and may not be reliable.  Not to mention, both NICs would need to support Auto MDI/MDI-X and Auto-negotiation. Go buy a switch, finish your network and retest. I would also recommend PCIe NICs if you have the slots.

Can pfsense support up to 16 Nic? Yes it will be able and there are appliances out there that will be able  to offer you many LAN ports as you need it. One of them would be the scope7-8771 from Landitec it is a official European distributor from Lanner. But if you think it might be that you change even the hardware if something is not really running likes expected this would be a hard and expensive trail for you as I see it right. Perhaps you might be getting a Layer3 switch that is then proper routing the VLANs for your network and the pfSense firewall is then only routing the WAN-LAN part. It would be perhaps the better option, or perhaps if money is not rare booth will fit and makes you happy.

There was a circumstance we fixed in 2.3 where radvd would try to run where it shouldn't have. It's just harmless log spam in that case.

Per the hardware requirements page (https://www.pfsense.org/hardware/#requirements), even on bare metal, in order to get over 500 Gbit, you need: Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters. So, I would go multiple cores, 4GB RAM and a 64 bit install to start with. Also, I've seen posts that suggest unless you're using the VMXNET3 driver you will see a ~400 Mbit limit. It may also be worth mentioning that since you have an HP server and using ESXi, you might want to re-install with the HP specific ESXi image, so all the drivers are VMware certified.  It may or may not make a difference, but it's just a thought.

Also one thing you do wrong is the router IPs. If the pfsense firewall itself do have 192.168.1.1 and 192.168.2.1, you CANNOT have the routers/AP's have the same IP. Then you will get a randomly unstable connection since roughtly half of the time, the router will reply on something the firewall should reply on. The routers/AP's should preferable use 192.168.1.2 and 192.168.2.2. So if the WRT54G really has the IP 192.168.2.1, you are getting a IP collision in your network, and thats why you get "Unstable connection" inside Android. So what you should do: LAN = 192.168.1.1 OPT1 = 192.168.2.1 Linksys = 192.168.1.2 WRT54G = 192.168.2.2

Sadly, that does not seem to help.  I dug up an older 100Mbps switch from a closet and stuck it between the cable modem and the pfSense router.  The first thing I noticed after resetting things was that when I powered down the cable modem, the router didn't appear to even notice.  Eventually, it did go into a "Pending" mode, but it still thought it had a valid IP address and I never got a failover to the UVerse WAN.  Turning the cable modem back on resulting in no recovery at all.  I still needed to reset the modem and the router. As far as I can tell, the IP address that I'm given by ComCast is a public one.  It is not an RFC1918 address. Dave

Perfect…thanks again  :)

Use the top command on shell to see the process php-fpm and look if closing the graphical interface the process will get lower. sorry my bad english

Yes. Did work. I comment the stty lines who were not allowing the change: // If the user does exist, prompt for password while (empty($password)) {         echo gettext("New Password") . ": ";         //exec('/bin/stty -echo');         $password = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } // Confirm password while (empty($confpassword)) {         echo gettext("Confirm New Password") . ": ";         //exec('/bin/stty -echo');         $confpassword = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } So i got change the password for both ssh and webgui: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: ( echo admin ; echo password ; echo password ; echo exit ) | pfSsh.php playback changepassword Starting the pfSense developer shell…. Enter username: Changing password for 'admin'.  New Password: Confirm New Password: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: Thank you a lot

I've been using Softether for many years and never had any issues. Would be very nice to add this software to pfsense ;)

I have a similar setup. Basically, rules are tied to interfaces. And interfaces are virtual based on VLANs. So, if you won't remove VLANs, rules should be fine too. You just need to: remove igb6, igb7 from the lagg create lagg1 add igb6, igb7 to lagg1 reassign interface on vlan10  from lagg0 to lagg1 Done. All rules should be untouched. No reboots, not even a downtime. But certainly perform a config backup prior to changes.

Well, that would explain it all then Facepalm What a waste of an evening!!! Thanks

I have solved my problem, it was in the member attribute and the credentials for the ldap bind. Thank you Now i can authentify my users with the authentification diagnostic. I have to setup a captive portal and Freeradius package for the connectivity between pfsense and openldap server Freeradius is obligate for ldap loggin on the captive portal ? Sorry for my english

Thanks for the reply jimp. Do you recommend any particular router to be used in conjunction with pfSense? I can try a different device and test the up/down speed.

Your 3Com switch will need to allow you to configure and use VLANs otherwise this won't work. If you connect the modem to the switch without VLANS then everything on the switch will be able to access the modem and the laptop router won't be doing anything. You will also need to make sure that the NIC on your laptop supports VLAN tagging. You will need to setup one separate untagged VLAN port for your modem (the WAN VLAN) and have all your other devices and ports untagged on another internal LAN (which everything else connects to). The port on the switch which the router laptop connects to will need to be tagged to both VLANs. In pfsense you would then create two VLANs corresponding to those on your switch, and assign one to the WAN interface (the same as the modem's VLAN) and one to the LAN interface. If your switch doesn't support VLAN tagging, then you will need to get either a USB or PCMCIA NIC for your laptop which is compatible with FreeBSD 10.1.