If anyone could give me an idea, I'd be very grateful  :)

Just noticed this thread got some more replies.

One doesn't really have anything to do with the other.  Just because you are using the DNS forwarder doesn't necessarily mean that you don't also have a good reason for allowing some machines to use external DNS.

I made the assumption it did because pfsense does a lot of things automatically; many rules are implicit. A warning such as I suggest is just a warning; it wouldn't harm people who did not make the assumption, and it would help those who did (not to mention, those who have to straighten the latter out…)

4.1 is quite old, an issue perhaps? I don't run ESXi though I can't really comment.

Steve

That's just how it works I FreeBSD. I have a similar 'parent' inerface shown in ifconfig. The ath driver/hardware can support multiple virtual access points and each is represented by a different interface. In pfSense the interfaces are named athX_wlanX which makes it easier to read IMHO. See:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html

Steve

Thanks MindfulCoyote. You are correct. I am going to create a subnet specific for developers, and bypass the proxy altogether for them. Its the "least worst" solution on this occasion, but we lose the ability to track their behaviour which is a shame.

That did the trick, thank you.

Thanks chemlud I'll probably try that next.

@jimp:

other than by looking at the source and patches to see their meaning by the context in which they're used.

Thanks jimp. That was actually where I went first… but the source is harder to see nowadays than most. I'm slowly grinding  my way through the super secret authorization source code access process.  ;)

Did you look at the details of the certificate to see how it was generated and dated? The GUI certificate is self-signed so it would not show as revoked.

I experienced this today across 3 complete re-installs using the following setup:
mBUFF filled to 99% and stopped working or outright crashed

Physical Server Hardware (ESXi Host):

HP DL360 G4p

12GB RAM

Dual 72Gb U320 drives in RAID 0+1

2 tgz3 NICs onboard the server

2 INTEL Dual GB 82546GB NICs installed - (bringing total interfaces to 6.)

ESXi Host :

4.1.0 u1 (fully patched) - BUILD: 1682698

Guest OS Configuration for PFsense 2.1.4 i386:

PF NIC:                    ESXi NIC:
0: WAN1  DHCP  –------->  ESXi_NIC1
1: LAN  192.168.1.1  -->  ESXi_NIC2
2: WAP  192.168.2.1  -->  ESXi_NIC3
3: DMZ  192.168.3.1  -->  ESXi_NIC4
4: WAN2  PPPoE  -------->  ESXi_NIC5
5: LAN  192.168.5.1  -->  ESXi_NIC6
6: PFL  192.168.6.1  -->  ESXi_BLIND_SWITCH (PFlink to other PFsense FW VM on SAME ESXi host)

Using official VMware Tools drivers and install.
(NOT Open Vmware Tools Driver Package)

This guest OS continuously has driver issues or something because i cannot keep the guest running correctly.
I lose network connectivity constantly and/or the PFsense firewall hangs.

That's true. But software authors and configs do have the possibility to cache some items but not others, or cache them one way and not another. So perhaps I should have been more specific:

Do any of the current caching packages allow selective caching of URL content according to a rule (ie URL matches this domain/mask/regex then cache, otherwise don't)? Or are they all, "all or nothing"? Do any of the current antivirus/antimalware scanner packages allow scanning either without caching, or using a RAM based (rather than disk based) scanning mode or caching mode, or using a ramdisk for the disk based cache?

That's probably what I should have asked…

@MindfulCoyote:

@elementalwindx:

Ok so it ended up that I was trying to do the impossible. Trying to get 2 virtual adapters to use 2 different VLANs. So I simply added a 3rd gigabit nic I had laying around (7 total now) and I simply put vlan 6 in that enable vlan id in the hyper-v and configured the proper firewall rules, and everything started working perfectly. Added blocking rules to separate the networks and its working perfectly :)

Those are very interesting findings. I've seen other issues caused by hypervisor's network implementations. It's seems that virtual pfSense instances definitely face obstacles that bare metal does not.

@elementalwindx:

Ok well I took pfsense out of the equation and put a dd-wrt router in place of it.

Just curious, when you when you swapped in dd-wrt, was it also virtual or bare metal?

It was bare metal off a netgear router I had.

I'm now having issues of my pfsense 2.2 alpha pushing it's own ssl cert onto my exchange clients. :/ . Wish I could figure out how to stop that.

This page may help you:

https://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems

As for how pfSense works with them, I have no idea.

Yeah well…!!! I have posted it as a bounty... but so far no one has answered.... I´ll be a little bit more patient...

Your advice about the script helped... at least now I have a better idea on how to do it...

I already got the ups...  So I´ll wait for the bouty to be taken>>> and in the mean time I'll continue to learn how to code...

Thank you for your attention and time!!!  ;D ...

Link to the bounty !!! https://forum.pfsense.org/index.php?topic=78832.0

This is just quick test setup I put together with minimal configuration, to reproduce the problem in the simplest way.
The actual setup is an usual single WAN pfSense box.

If your default action in Common ACL is Deny then there is no web access.  Hard to tell what you did without seeing some screens.

Well here is reboot timed pinging to outside pfsense

2014-07-04 05:52:50.311: From 4.2.2.2: bytes=60 seq=0033 TTL=57 ID=51e8 time=10.075ms
2014-07-04 05:52:54.320: Timeout waiting for seq=0034

so offline  05:52:54 for reboot

2014-07-04 05:53:58.327: Timeout waiting for seq=0075
2014-07-04 05:53:58.327: From 4.2.2.2: bytes=60 SEQ=0077 TTL=57 ID=51e9 time=11.180ms

pinging outside again at 05:53:58, so 1 minute

But that is counting shutdown time..  And the 3 second wait until it boots.  So yup under 1 minute.  Now I am on SSD for my datastore, maybe the others with 1 minute boots are as well.. Do you have other freebsd vms that boot faster?

Also - as already stated its a router, why are you rebooting it?  Mine runs for weeks if not months without reboot.  Only time would be upgrade or power outage, etc.

The numbers you see on the forum are often just the maximum download speeds through the box as seen from a client behind it. A single http conection. Sometimes they are a result from a speedtest website which might be 3-3 TCP connections. Some people who have gone to some trouble might post a result from an iperf test using a server and client on each side of the box on test. Even that is often not directly comparible because the iperf server/client do not always have the same default settings. It is also not a real world test and doesn't help guage Snort or Squid perfomance
The numbers you see given for commercial 'hardware' firewalls are usually from a test that has been tweaked to give the highest possible numbers for better marketing value. Usually a sum of many connections through ther box at large TCP window sizes.

It's hard to compare anything directly.  ;)

Steve

I agree with heper, unless you have a good reason to need the Cisco box in place just let pfsense handle the whole setup.
VLans under pfSense work well and it sounds like you already have a switch in place (already configured? ) to handle the client side.

Can you describe a little more about your environment and what you're try to accomplish?

@elementalwindx:

what about adding a line in the advanced section of the openvpn -> client "route 192.168.16.0/24" on the opposite client pfsense box? and vice versa on the other opposite one? (or according to documentation "route 192.168.16.0 255.255.255.0"

Yes, that is the preferred  solution over a static route.

Edit: If that doesn't work as expected, the book mentions some caveats to pushing routes.