@stephenw10: The box should remain responsive though. Responsive - not really. Was barely recoverable by reverting to previous config via serial console.

Not enough of the exchange to really tell from that, but probably a difference such as PAP vs CHAP or other settings in the RADIUS server that govern what it claims to support. It could also be a difference in the compile-time options given to freeradius and not in the config file.

They may not timeout, mine don't under normal use. There's an easy fix anyway.  :) Steve

when you boot into single user mode, do: fsck -y -t ufs / fsck -y -t ufs / (yes, twice) mount -a -t ufs pwd_mkdb -p /etc/master.passwd

Thank you both for your answer, I will digest it  ;D

Great!! Thank you!!

@stephenw10: It's handled by the FreeBSD lagg(4) interface which can do both loadbalancing and failover (and some other stuff). It's worth noting though that it acheives the extra bandwidth by load-balancing the two connections. Thus to see any benefit you need to have multiple IP connections running across it. In your case that shouldn't be a problem because in routing between two VLANs via pfSense you will always have two streams connections. Steve I actually have a total of 5 VLANs that use the pfSense box as a gateway– 2 on one interface, 3 on the other. I guess I should leave them separate rather than mess with combining them and possibly creating other issues. shrug

Ok thank you for your help Kind regards

Looks like it has an RJ45 console port, presumably serial. Edit: Yep, 9K6 serial connection. Steve

Also, whichever end is the OpenVPN server will need to have a known public IP address so the client can connect. If one of you already has a static IP, then use that for the server end. Otherwise you will have to sign up to a dynamic DNS service. pfSense can keep the dynamic DNS name up-to-date with the current IP address of your OpenVPN server end - Services->Dynamic DNS.

Nothing changed with scheduling cron jobs since 2006. (You can install cron package to do this via GUI.)

Ah, yes you're right. Traffic between two hosts in the same subnet will not pass through the pfSense box. However you may want to, for example, separate your wifi clients from wired using an additional interface in which traffic would have to be routed. Steve

I got some more issues now. I changed the system network cards around, and i wanted to reset the RRD data. now that i did that. under quality tab and then graph i dont see LAN, LAN2, WAN.. i just see allgraphs, and outbound, i did a restart now i see LAN2, but LAN and WAN is missing. Any ideas. i checked. the /var/db/rrd folder i do see WAN-qaulity.rrd i went to the interfaces and completely disabled LAN2. stoped RRD, cleared data, started RRD. and now same thing i see the wan-quality.rrd file and in the graphs i see LAN2, i think at one point the current LAN2 was my WAN2, and now my current lan2 is my wan, and my current wan is my old wan2. if that makes any sense? so i think its grabbing the old names.. how can i fix this?

What you want is absolutely not a job for DNS server. You need some webserver with a proxy which will look at the HTTP headers and redirect the requests to appropriate internal servers according to the requested hostname. Simple Apache example: <virtualhost *:80="">ServerName server1.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.1/    ProxyPassReverse / http://192.168.1.1/</virtualhost> <virtualhost *:80="">ServerName server2.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.2/    ProxyPassReverse / http://192.168.1.2/</virtualhost> <virtualhost *:80="">ServerName server3.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.3/    ProxyPassReverse / http://192.168.1.3/</virtualhost> You forward all requests to port 80 to this server, which deals with the rest. Reading: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

What I have done in some cases is this: 1. Make sure there is enough space on the slice to hold the upgrade image 2. Go to the shell prompt and run: fetch -o /root/update.img.gz http://wherevertheupdateimageisonthewebsites/pfSense-blah-blah-512m-blah.img.gz 3. Wait for that to finish, that's just downloading the image to your CF. 4. When that is done, back up to the console menu and use the console update function, then by file, and give it /root/update.img.gz

It's normal to see the router's real IP in traceroute rather than a CARP VIP.

It won't help because they won't have the privileges to actually use the menu. If you install the sudo package and allow them to run /etc/rc.initial without a password, you could then add "sudo /etc/rc.initial" to their .tcshrc or .profile and it may have the intended effect.

I strongly discourage anyone from using Acronis products for anything. Esp. since it (almost irreversibly) damages the host system.. (This is still valid even with 2013 versions of their products.)