Found this that seems to answer this question: http://timita.org/wordpress/2011/07/29/protect-your-windows-laptop-with-pfsense-and-virtualbox-part-1-preamble/

The mechanism for disk writes in pfsense for nanobsd was changed in 2.2.3 or somewhere around there.  Net effect was exactly what you are describing but it should have been fixed in 2.2.4 if memory serves.  Fact that you are using 2.2.6 I would not think you should be seeing that behavior.  Try a different USB key.  I have the same chipset (BLKD2500CCE Intel Desktop Board D2500CC) but I'm using a USB to SATA flash card adapter SYBA SD-ADA50024 and a WinTec FileMate 8GB 3FMCF8GBS-R compact flash card.  My backups are several Kingston DataTraveler USB keys (if the sata to USB dies) but I haven't used those enough (other than just booting to confirm functionality) enough to know if they have the slow down you describe or not. https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes#Security.2FErrata_Notices The forcesync patch for https://redmine.pfsense.org/issues/2401 is still considered harmful to the filesystem and has been kept out. As such, there may be some noticeable slowness with NanoBSD on certain slower disks, especially CF cards and to a lesser extent, SD cards. If this is a problem, the filesystem may be kept read-write on a permanent basis using the option on Diagnostics > NanoBSD. With the other above changes, risk is minimal. We advise replacing the affected CF/SD media by a new, faster card as soon as possible. https://redmine.pfsense.org/issues/4814

than you both very much

https://forum.pfsense.org/index.php?topic=9642.0 got solution from this article

I'm in this exact same situation.  Did you ever find an answer to this one?

Thanks JohnPoz, DivSys, and Heper  :) With all of your help I have been able to resolve my issues. Not only that….but I've also been able to configure a TP-Link dual-channel wireless NIC that I installed in the machine, and it is now allowing our wireless clients (tablets, smartphones, laptops etc.) to work at the 5Ghz level, and therefore there's also no more complaints about the microwave causing stoppage of Netflix movies, games, youtube videos etc. @DivSys, I like your idea of drawing a diagram of what I expect my network to look like. I do have a diagram of my as-is setup (which I had attached to another post, from a few days back)...and I will certainly update that one to show my to-be layout, and work towards achieving that objective. I will also be looking for (at least) a 16 port managed switch. Cheers guys!

With the amount of info you have given… What do you want us to explain exactly??  I could go into why the moon is not made of cheese if you would like..  I get as much info for that topic from your post than your actual problem.

Status > RRD Graphs, Quality Tab??

Thank you once again (JP and muswellhillbilly) for an excellent short, succinct primer on pfSense and 3 of its packages. I do have kids, one teen, and another tween…and I certainly like the idea of using Squid to see where they've pointed their browsers...but perhaps I'll keep that one for another day. As JP suggested....I'll "get pfsense up and running, start playing with some of the packages and if you like them and need the space then can always up the disk at later time". I think I'll take a pass on ntop and snort as well, based on what I've learned (about those 2 packages) from the both of you. Totally grateful to you guys for having taken the time to help me out. Cheers

That text in FreeRADIUS has nothing to do with OpenVPN user certificates. For OpenVPN users with Certificates you would create the user certs under System > Cert Manager (rather than the User Manager) Which auth system to use is really up to you. RADIUS scales much better to larger numbers of users, but is more complex to manage. Generally, for a low number of users, you'd use the built-in user manager unless you already have a dedicated RADIUS or LDAP auth server (Active Directory, etc).

Thanks.  I will follow your advice then and leave well enough alone for now.  At least until I get my gigabit internet one day….

I've tested the pfSense in various ways, and so far, I gave up using pfSense in just one application, edge router in an ISP network. Each client will access via a dedicated VLAN, so we will have hundreds or even thousands of VLANs.

I'll try. not great at this stuff! I checked in 'show states' there is no evidence of that port being used and I tried the port checker using my phone on 4G. I might take this opportunity to install a smaller PC I have and start again, I really think something has gone pear shaped. For instance when I first set up PFsense 'back to mac' a mac only sort of VPN thing worked great, without changing anything that no longer works and also I gave up entirely on OpenVPN it worked for a little while, but no longer. I need to sort it, my son wants his minecraft server to share with his mates.

They can coexist fine so long as they aren't both trying to carry the same network traffic. So OpenVPN from A to B and IPsec from B to C is OK, or even IPsec from A to B and OpenVPN remote access, etc, etc. You just can't have the exact same source and destination on both IPsec and OpenVPN.

Looks like a busted filesystem. panic: ufs_dirbad: /: bad dir ino 49690 at offset 0: mangled entry cpuid = 0 KDB: enter: panic db:0:kdb.enter.default>  bt Tracing pid 48018 tid 100083 td 0xfffff80003f5f490 kdb_enter() at kdb_enter+0x3e/frame 0xfffffe00003ec340 panic() at panic+0x175/frame 0xfffffe00003ec3c0 ufs_lookup_ino() at ufs_lookup_ino+0xec2/frame 0xfffffe00003ec4d0 VOP_CACHEDLOOKUP_APV() at VOP_CACHEDLOOKUP_APV+0xa1/frame 0xfffffe00003ec500 vfs_cache_lookup() at vfs_cache_lookup+0xd6/frame 0xfffffe00003ec560 VOP_LOOKUP_APV() at VOP_LOOKUP_APV+0xa1/frame 0xfffffe00003ec590 lookup() at lookup+0x56c/frame 0xfffffe00003ec610 namei() at namei+0x4d4/frame 0xfffffe00003ec6d0 vn_open_cred() at vn_open_cred+0xd5/frame 0xfffffe00003ec820 kern_openat() at kern_openat+0x26f/frame 0xfffffe00003ec9a0 amd64_syscall() at amd64_syscall+0x351/frame 0xfffffe00003ecab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe00003ecab0 Reboot in single user mode and run "/sbin/fsck -t ufs -y /" until it stops finding errors. Or backup the config, wipe, and reload.

The same way you would on FreeBSD.

Or get a switch with port isolation (even the cheap TP-Link gig switches have it). Then they can only talk to the gateway and never to each other (on ports where you have that set).