Yeah I try not to judge only on release time, especially given how long pfSense has historically gone between releases :-)

You might try adding a bounty to see if there is any interest in someone putting together a package there.

And to make it even easier, you can use gitsync to pull the code in without grabbing files from github by hand.

http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

For those who were interested: Changing the <ports>setting inside the XML to the proper interface was the solution (as i assumed before).</ports>

What happened? What did you try?
I'd be surprised if FitPC had implemented some other watchdog, why would they when there is already one built into the chipset?

Steve

You have to configure the external DNS IPs from Open DNS on every computer. You can do it using DHCP configuration on those clients.

No, never heard of either, I will look into them, thanks for the tip!

@torontob:

Hi everyone,

While back, I setup traffic shaping on a router to allow dedicated Bandwidth to Phones. After a month of being in service, the pfsense router started slugging. The Data subnet would not allow any data to go through because there was a huge Queue for traffic shaping. This happened over time and not all a sudden which makes me believe there was something wrong with my config and the environment. So, I had to restart and get rid of the traffic shapper. Now, I need to put Traffic Shaping in again but I don't want to face the same problem.

If anyone has experience with this please guide me.

Thanks

I am facing the same issue. Any help in this regard would be appreciated, thanks! :)

Hi guys. Thanks for the replies. After stepping away for a while and coming back I made a discovery. I ran packet traces on both the trust and untrust side. On the untrust I immediately noticed something. The 172.30.2.10 address was being seen on the outside. I jumped back into my NAT settings and noticed I "fat-fingered" an ip address.

I can't tell you how many times I checked these settings, but apparently I glossed over it repeatedly. Sorry about that. Thanks again for the replies!

Hmm, OK.
Because you are not using pfSense for DNS things get confusing.

I assume you can access the server from outside your network? And you are using URLs to do so?

You may have to restart the pfSense box before the NAT reflection starts to operate or reset the state table in Diagnostics: States: Reset States.

Steve

myxir,

As for your first problem I'm not sure, I created a test user and assigned him the admin group and was able to login to the admin page just fine. Maybe the test user is disabled?

As for your second problem: When using LDAP I've found that you cannot control or assign groups rights within pfSense. You are using LDAP against your DC (im assuming and that you are using RADIUS) and therefore your DC is going to take care of any permissions. If you want your pfSense to manage the users/groups you will need to manually create each user/group. I may be wrong but this is what I've found.

Overall what is your goal? Are you simply trying to setup VPN and authenticate users against Active Directory?

If you're using ESXi you will need to create a new virtual NIC and assign the physical WAN NIC to a new virtual NIC. Once done you will then want to add another NIC to the VM, and select the WAN NIC.

Hope that makes sense

that did it! thank you again

Setup squid and run a proxy, this will give you the info you want.

Lightsquid is the package you want;
High perfomance web proxy report. Requires squid HTTP proxy.

It's ok with multi-WAN, not ok with server load balancer.

I also advice you to look for Mikrotik solutions - it's proprietary linux-based routers, but they are damn good, and level6 Mikrotik software license are free for their own hardware. Although, again, I have to tell you, that both Mikrotik and pfSense will be overkill in your case - netgear 3700v2 will cover all your needs until you will become something like to Google!  ::)

@krisken:

Well i did everthing…but nothing helped...

Its unlikely you have done everything so please elaborate what you have done and what you expect to happen that isn't happening.

You have made no mention of configuring an NTP client. Have you done so? The configuration information you have provided show ntp server enabled on the WEEPEE01 interface. Therefore you need a firewall rule on the WEEPEE01 interface allowing access to UDP port 123 from whatever clients you want to allow. Then you need to configure ntp on the client(s) to use the pfSense box (IP address of the pfSense WEEPEE01 interface) as its NTP server. You might need to reboot the client. Client NTPs sometimes report what they have done. Have you checked such logs? ntpd on one of my Linux systems regularly writes records like

Dec  8 06:20:51 mythbox ntpd[7413]: synchronized to 192.168.211.173, stratum 4
Dec  8 06:27:24 mythbox ntpd[7413]: time reset +2.452386 s

in /var/log/syslog

Have you checked the pfSense firewall log to see if ntp client attempts to access the server have been blocked?

Unfortunately my pfSense ntpd log remains empty (clog /var/log/ntpd.log) after some days of operation - not even a ntpd startup message.

Yep, just like he did it!  ;)
That's a nice video tutorial.

Steve

thanks friend
i found the answer ultimately.
sorry i was being more lazy :(

http://doc.pfsense.org/index.php/Installing_pfSense

Thanks
kalu

Thank You…that worked.
I knew I was missing something. :)

Thanks again.

Then you can edit first posts subject field with [SOLVED]