Conversly I have three high numbered ports open here and it can only 'see' one of them. It sees a port forwarded to a skype phone. It doesn't see a Skype port forwarded to a machine that's currently off (as expected). It doesn't see my openvpn server even though it's definitely listening.

Steve

Does anyone have a suggestion of how best to move the Squid cache outside of /var??
Since I'm using a SSD for the pfSense installation, I use the RAM disk option for tmp and var, but these are too small and volatile for the Squid cache. So Squid will fill up, and not work in this scenario.

Here's my output from df -hi

Filesystem                    Size    Used  Avail Capacity iused ifree %iused  Mounted on /dev/ufsid/539c74fd15a8a779    46G    943M    41G    2%    34k  6.3M    1%  / devfs                          1.0k    1.0k      0B  100%      0    0  100%  /dev /dev/md0                        77M    656k    70M    1%    141  10k    1%  /tmp /dev/md1                      116M    29M    77M    27%    191  15k    1%  /var devfs                          1.0k    1.0k      0B  100%      0    0  100%  /var/dhcpd/dev

and gpart show has

=>      63  117231345  ad1  MBR  (55G)         63  117231345    1  freebsd  [active]  (55G) =>        0  117231345  ad1s1  BSD  (55G)           0        16        - free -  (8.0k)         16  100454113      1  freebsd-ufs  (47G)   100454129  16777216      2  freebsd-swap  (8.0G)

Pretty sure its a Broadcom chip. Try use dual or quad port INtel's.

If you want to log into pfsense admin with ad users, you need to enable active directory as an Authentication Server.

Go to:
System - User Management
Settings tab
You will see Authentication Server, in the drop down select your ldap/ad server

pfsense1 is a vpn server for remote access.
pfsense2 is a vpn server for site to site.

Update your links.  None of them are working.

The issue with squid does appear to have been the culprit.  I'm not sure how squid got "installed', when PFSense didn't report it as installed.

To fix, I installed squid, then removed it.  I've not had any issues since.

david

It appears to have been another bug with the system. I've reinstalled most of the system, and everything has come back online. Weird.

WAN: 826MB in
WAN2: 821MB in

LAN 29GB out

Doesn't pass sanity sniff test
WAN: In-pass Average 1.46Mb/s Period 826.65MB
WAN: Out-pass Average 80.99kb/s Period 1.54GB

Since average is "Total/Time", and the Time is the same, it is logically impossible for the Out-pass to have a smaller average and a larger total. I agree, Something is wrong.

I restored from a snapshot I had, completely wiping the system. I have re-built to the stage I was at, and the system works fine. Just putting it down to a gremlin.

It's not normally necessary to set it. It should negotiated during the connection process.
For example my WAN here at home is PPPoE, I have not set any MTU or MSS value at the interface setup. Also in the UK.
In the PPP log I can see:

Jan 6 18:09:01 ppp: [wan_link0] MRU 1492

Also if I interegate the interface at the command line I can see:

[2.1.5-RELEASE][root@pfsense.fire.box]/root(2): ifconfig pppoe0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::290:7fff:fe3c:9609%pppoe0 prefixlen 64 scopeid 0xd inet 87.113.*.* --> 195.166.*.* netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast>

Steve

Just in addition, a graceful reboot fixes it.

On the ALIX installations, a power cycle doesn't do it.  It'll OpenVPN connect back up to me at my office but clients on the LAN and OPT1 side can't get out.

Today, it happened on the Alix for the first time after 50 days of uptime.

Ok, figured it out.

ifconfig bridge0 addr

responds with the vlan tag

bump ~

When you can afford it.

Sadly I dont have GCHQ's or the NSA's budgets.  ;)