A client on your network is pulling something from 184.29.106.120 via HTTP. That's an Akamai IP, which is a CDN used by a bunch of companies to host their downloads. Best that shows is someone is downloading something. Filter states for the external IP to find the internal host.

@stephenw10:

Interesting. So what are you running in the jails and what is hosting, FreeBSD?

Steve

Host is pfsense and the jails run FreeBSD. I don't think an alternate setup is possible. I believe pfsense can't run in a jail, and jails cant run anything but FreeBSD.
I have a guest with asterisk, and another with apache/transmission/samba.

Squid is probably running on port 3128, not 80. The GUI is probably on 80.

Check/change squid to be on port 3128, and configure your browser's proxy settings to use port 3128 and not 80 for the proxy.

You will either have to configure the software firewall on your workstation to answer an icmp echo or turn off the software firewall completely.

Are these all public IPs?

Steve

@cwyant55:

I'm assuming I could also assign the "old" WAN IP to the new box and get it working without rebooting our Verizon box? Thanks for your help.

Not in the most common scenario, where the additional WAN IPs are IP alias or CARP VIPs. If they're routing your additional IPs to your WAN IP, then you'll have to move over the WAN IP so the routing functions. That's less common.

@johnpoz:

Look at the thread he linked too - sorry but a dns server that does not answer recursive queries has nothing to do with pfsense.

Refering to my link?

DNS Forwarder is part of the pfSense install.  DNS Forwarder is not answering queries from clients on the LAN.  This is a fresh install with no packages and no changes outside the setup wizard.  And it does seem that a number of people are having connectivity issues after upgrading their boxes.

Not sure how thats nothing to do with pfSense.

I think what Im seeing so far is that a couple of us have the " Allow DNS server list to be overridden by DHCP/PPP on WAN" box unchecked.  In my case the WAN of this particular machine does not get its address via DHCP and has to be set static.  When I get home I may try and play with this setting on my other 5 installs and see if I can break any of them.

https://forum.pfsense.org/index.php?topic=82479.0

https://forum.pfsense.org/index.php?topic=81086.0

Really thank a lot to all

In order to pass and actually direct VLAN traffic through a switch, the switch must understand VLAN tags, in other words support 802.1Q. Most (all?) of the unmanaged switches don't support it.

I would recommend getting an extra nic (which isn't very expensive by today's standards, hell you can even get an intel pci one for $10) and run the AP off that. PCI maxes out at about 1Gbps, which is nowhere near what the AP will pull through. Even using, ah what's it called…MIMO?, it might even pull up to 600Mbps under the best case scenario.

Scratch that, later saw the actual build. In that case you either have to go with a managed switch (even the cheapest will do, as long as it supports 802.1Q) or consider a different build for pfsense that will give you a bit of leg room to grow in the future.

Hello,
So, after upgrading to 2.1.5, recreate the whole vpn pptp configuration, make again the radius (NPS) Policy rule, the VPN is working.
But I still not understand what happend because the packet (radius request and accept) are still the same  :P

Maybe a small error configuration ? certainly. Thanks again to jimp for his help. See you.

From what proxy are you downloading the file from – your pac file give 10.122 address, while your wpad points to 10.1.2.1 (pfsense)

When a browser is setup to auto detect and it finds a wpad dns record - it well then download the pac file from there..

Dude other than you just giving me control and letting me fix it for you in 2 minutes I don't really now how else to go over this with you…  This is basic 101 sort of stuff here ;)

Why do you have so many different threads on this same topic??  Do you forget where your old threads are??

How do your clients connect to the wan proxy your using - are they all manually setup with explicit settings?  Why can you not just pull the pac from there, setup wpad or dhcp option 252 to hand out the info for that proxy..

You mention this in your other thread "I cannot configure the LAN interfaces with the same domain as it cannot be found."

What???  You can configure a machine with whatever domain you want -- you showed it your ipconfig /all that the machines are in this wifi domain.

Host Name . . . . . . . . . . . . : Aroosh1
        Primary Dns Suffix  . . . . . . . : wifi-systems.com

So its doing to do a wpad.wifi-systems.com  and try and pull the pac file from there!!!  Not your other proxy.. If you want it to pull the pac wpad.dat from your other proxy - then point wpad.wifi-sytems.com to that proxies IP..  If that is where the pac file is housed.

I had comparable symptoms (hanging on login) with a Firefox ESR 31.1.0 (opensuse 12.3 64bit), but both machines didn't go to 100% CPU (iirc, other applications worked fine and the machines are in general slightly overpowered). Deleted CompanyName CAs and the machine went back to normal, but again without distrusting the pfSense certificates.

I have one WAN interface and 2 LAN interfaces configured through pfsense. The reason for 2 LAN interfaces is one for local network communication and throughput SNR testing.

For the LAN interfaces, I do not have any gateway configured. And the machine that i have taken the ipconfig from, has a static IP and hence I configured the gateway accordingly (10.1.2.1 - no idea why it did not show up). The issue is in pfsense, I have assigned the LAN interfaces static IPs of 10.1.1.1 and 10.1.2.1 and also assigned DHCP server to serve different subnets. But this machine had static IP configured (10.1.2.20) and I am not too sure whether I should be configuring the IP configuration and DNS myself, or just leave them to be set automatically by the DHCP server.

So the domain that I have configured the pfsense box is called wifi-systems.com and I cannot configure the LAN interfaces with the same domain as it cannot be found..it's just a random domain…the network is actually not a part of the domain. That being said, I am not too sure how I could leverage my clients to point to that domain when it cannot be a part of the same.

The reason I am pointing to googledns is because I do not have a dns server on the wan side of pfsense. With the correct proxy settings (IP and port) configured in the pfsense box, I am able to get the pfsense box through the internet as I see the message "You are currently running the updated version". But when I am trying to leverage my clients to be able to use the same proxy settings, my clients cannot connect to the internet. Hence I tried setting up WPAD but that failed too :(

Could you please let me know is tehre any step that i need to take? Sorry for the trouble, I am actually really new to pfsense.