Yes, that's the full list of known issues. As always, it'll be out when it's ready. That'll definitely be well before the second half of 2015. Currently aiming for release in 2014, as we're not far.

It's common in the commercial software and hardware industry to charge a yearly support fee that's roughly 20-25% of the cost of the software license in the first place. If you end up falling behind on maintenance, you are often offered the option to either re-license the software at full price with a year's support or to pay for the missed renewals to get caught up. More often than not, for anything of about two and a half years or less time, it's much less expensive to pay the retroactive support.

The other option would have been to go out and buy a brand new device at full price.

Since you just "took over the account", I would expect you to be fully aware of this.

WOW i missed that lol thx i feel dumb xD ill try that out btw sorry for wasting time
I am learning how to network while I am doing this

Thank you!

That is easy. I was expecting a 100 step process to do this. I will try this later today.

Again, thank you!

From https://github.com/pfsense/pfsense/blob/master/conf.default/config.xml

<minute>30</minute> <hour>12</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command></command>/usr/bin/nice -n20 /etc/rc.update_urltables

and what it looks like from the Cron package GUI display is attached.
Seems to be 12:30 local time every day.

update-url-tables.png
update-url-tables.png_thumb

pfsense should by have a lot of agents  to integrate logs with third party solutions like OSSIM , ELSA etc etc, I love OSSIM and I'm waiting for a serious agent to full integrate pfsense with OSSIM, i'm dream with that … lol, i'm not fan of syslog.

@firewalluser:

Could this issue with the states also affect the wan connection?

No, it's the other way around: dropped WAN causes stale states when it comes back up.

One thing I have noticed which I have not seen in previous versions of pfsense ie 1.2  . . . .

. . . . this is new hardware and a new isp, I'm still tracking down what exactly is occurring, hence the question about if the states might affect the wan connection?

Sounds like you have issues with your new ISP.  What kind of connection is it?

Whats your setup like and what exactly are you trying to achieve?

For example do you have a setup like this?
1 Wan to ISP A
1 OPT1 to ISP B
1 Lan to a number of devices like games consoles, computers, tablets, phones via wifi and ethernet?

Is one of the ISP's a mobile data provider? If so these networks work differently compared to normal net access due to the way the mobile phone system traffic management works, its more burst like, unlike normal net access which is more continuous and consistent in the transmission of data. This would make sending games console data out over mobile not so good and something to avoid.

Some of the fancy things you can do with pfsense is have your games console traffic come in over wan, but send the games console data out over Opt1 (ISP B). Any fixed ip's in use and need to be used?

Likewise you could route some traffic to use Wan and other traffic to use OPT1. You can load balance, traffic shape, plus lots lots more.

If you know the games consoles mac id's then you can assign it a fixed ip address (Services, DHCP Server assuming you are using a pfsense dhcp server).

Then you can add some rules (Firewall, Rules, Lan tab), that sends the games consoles SOURCE ip address traffic to the WAN net Destination or OPT1 destination.

If you have many games consoles, consider creating an alias (Firewall, Alias) and add a new alias called Games Console, and add the HOSTS fixed IP addresses. Then back in the lan firewall rule from above, change t he SOURCE ip address to the alias, then the same rule will apply to all the ip addresses listed in the alias.

Do you need to restrict access to between certain hours for these games consoles? If so in the lan firewall rule from above edit the rule and choose a schedule from the drop down list. To create a schedule like no internet access after 10pm mon to fri, go into Firewall, Schedule, add a new schedule, name it, select the weekday headers Mon through to Fri and then set the time 6am to 22pm. This will make the rule work only mon to friday 6am to 22pm. If you want to allow different access on a Sat & Sun, edit the schedule and add Sat & Sun plus the couple hours missing Friday night and restricting access from 22pm Sunday night.

To have all other devices use the other net access, create a lan rule which NOT allows the alias group access to the wan or opt1 net Destination connection.

Dont know if the above is useful or not, it depends on your network setup and what exactly you want to achieve.

If you manage the certificates on another system you could get away with only needing the OpenVPN server certificate private key (not the CA private key or the user certs/keys). You couldn't use the export package, but it would work.

In that scenario the only certs on the system (aside from the GUI's cert/key) would be the CA cert, Server cert, and Server key.

I'd setup a linux box with two bridged nics and put it between the internet & the wifi access point(s).

tcpdump can do all the packet captures quite easily, you can specify how long timewise each packet capture file is, ie hourly or daily packet captures, and then from there monitor the tcpip data, pulling out what you like!

I'd start with the ARP packet to get each unique device and then track the assigned ip accordingly. Unless someone has changed the id in the arp packet, possible but harder than spoofing a mac id, then you should get a good overview of your wifi users usage.  Some of the things you should see is if anyone has attempted to change the unique id given out in the ARP packet.

A basic example you can adapt by running on a different linux distro.
http://williamknowles.co.uk/?p=16

You'll just need to make sure you have enough disc space to store everything captured and have spare capacity before analysis.

In case you haven't noticed yet:

1. Traffic blocked by the default rule (in other words, traffic which matches no firewall rule) can be logged by selecting "Log packets blocked by the default rule" in "Status: System logs: Settings". Same for bogon and private subnets. This will of course also show any portscans and hack attempts.

2. For each firewall rule, logging can be enabled individually.

3. By clicking the icon on the "Act" column of the firewall log, you can see which rule was responsible for blocking or passing the traffic.

Nice! Hopefully that will help others.  :)

Steve

Got it. Used Wire Shark and then plugged it in to the network and saw the ARP request :)

MITM in India?

People do that?

https://www.youtube.com/watch?v=o66FUc61MvU

I have to say I would always advise you leave outbound NAT set to automatic unless you really need to set manual rules. The suggested rule should work though.

@jonfil0130:

When I check the Status "Gateway" its only the WAN interface that's online

This implies there might be more than one gateway. A common mistake is to add a gateway to the LAN interface which is almost always incorrect. Remove it if you have and then make sure the WAN gateway is set as default in System: Routing: Gateways:

@jonfil0130:

for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN.

The two rules you are seeing 'block bogons' and 'block private networks' are not a problem if your WAN interface is receiving a public IP via PPPoE. Even if it isn't it won't prevent internet access from LAN.

Steve

I stumbled upon an interesting article about Windows RWIN auto-tuning that may have answered my question (router does not impact RWIN).  Everyone who uses Windows 7/8 should read these observations:

https://www.duckware.com/blog/how-windows-is-killing-internet-download-speeds/index.html