@Codewarrior: Hey, Pretty new to pfsense and I'm honestly a bit confused. I was trying to connect a test computer to a domain that is outside our local network. upon typing in the domain I get prompted to login upon logging in, I get an error stating "The network path was not found" (I get this with fake credentials or with real ones) This only happend when its behind pfsense. If I connect it directly to the internet I can connect without a problem. Windows firewall is disabled and I have the DNS server setup as the domain server as well. Most settings are default and not alot has been changed. Pinging the domain's address connects to the correct IP address. Screenshots http://d3gq0spernq6eg.cloudfront.net/9n91y.jpg (Censored for anonymity) http://d3gq0spernq6eg.cloudfront.net/y9f9c.jpg http://d3gq0spernq6eg.cloudfront.net/w11vc.jpg Any assistance or links to appropriate documentation would be greatly appreciated! Solved. Had nothing to do with Pfsense was a problem on the Windows server with file and printer sharing being disabled on the network adapter Works fine after enabling it.

@irj972: With appropriate hardware you see a 10%hit on your non vpn throughput I'm on a 120/10 and see 111/9 usually aes256 blah blah aes-ni on a c2758 board etc Right.  I've got a c2558 board and think I'll be OK in that regard.  I'm more concerned with the speed of the Air VPN servers.

Well I guess if it's on a separate virtual interface and only that interface has offloading enabled in the host then maybe. The offloading options in pfSense are global though so I would expect it to affect all servers equally. Also the slowing down described here doesn't sound like the 0.4Kbps described in the known symptoms. However since this is a known issue I would definitely be disabling off-loading everywhere anyway, that's why I linked to it. I don't use Xen so I'm completely open to being wrong here.  ;) Steve

It's a pretty much accurate comment.  Though the resource in the /documentation is using the traditional way. :)  https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL

Thank you very much for your reply. Managed to get it done by re-mounting the file system to read write.

I see what you are saying here, but I should mention that the remote PC is not company owned equipment either. Which means I am not going to have exclusive access to it. This is another reason why I was thinking the manual proxy route would be better. No one has so far answered my question, does that mean that it is not possible to do what I am thinking or does it just mean that no one has done it before?

Can you resolve names or not?  If you can resolve names it's not a DNS problem. What are the firewall rules you put on your LAN? You mention load balance and default gateway.  Which is it?  For the former you set Gateway: GWGROUP for the latter, you set Gateway: default

No one an idea? vnstat2 info                       rx      /      tx      /    total    /  estimated em0:       Mar '15    987.65 MiB  /  485.98 MiB  /    1.44 GiB       Apr '15    13.06 GiB  /  625.77 MiB  /  13.67 GiB  /  52.27 GiB     yesterday    363.27 MiB  /  131.27 MiB  /  494.54 MiB         today    357.13 MiB  /  46.83 MiB  /  403.96 MiB  /    476 MiB em1:       Mar '15        57 KiB  /      0 KiB  /      57 KiB       Apr '15    649.12 MiB  /  12.09 GiB  /  12.72 GiB  /  48.64 GiB     yesterday    124.28 MiB  /  191.94 MiB  /  316.22 MiB         today    59.52 MiB  /  141.16 MiB  /  200.68 MiB  /    235 MiB ath0_wlan1:       Mar '15      4.18 GiB  /      0 KiB  /    4.18 GiB       Apr '15    92.84 MiB  /      0 KiB  /  92.84 MiB  /      0 KiB     yesterday    29.23 MiB  /      0 KiB  /  29.23 MiB         today      4.95 MiB  /      0 KiB  /    4.95 MiB  /      --    ath0_wlan2:       Apr '15      3.16 MiB  /      0 KiB  /    3.16 MiB  /      0 KiB     yesterday      2.47 MiB  /      0 KiB  /    2.47 MiB         today      241 KiB  /      0 KiB  /    241 KiB  /      --   

re1: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet=""> port 0xd000-0xd0ff mem 0xf0004000-0xf0004fff,0xf0000000-0xf0003fff irq 18 at device 0.0 on pci3 re1: ASPM disabled re1: Chip rev. 0x48000000 re1: MAC rev. 0x00000000</realtek> php-fpm[67150]: /rc.linkup: Hotplug event detected for GVT(lan) but ignoring since interface is configured with static IP

Those files will be overwritten by upgrades. Outside of that, nothing else should touch them. Should be easy to use the system patches package to patch that file.

here is where you run into a problem.. The host headers the box sends out would be for the fqdn your trying to access, just redirecting it to an IP would not change that.  You would need something telling the browser hey the resource your looking for has moved, basically a 301 response http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html 10.3.2 301 Moved Permanently The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise. The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: When automatically redirecting a POST request after       receiving a 301 status code, some existing HTTP/1.0 user agents       will erroneously change it into a GET request.

@BlueKobold: Well, that seems to have worked.  Looks like it's all functioning again. And can we also know  what does the trick? Sorry, of course. Full disclosure:  after some email with customer support at pfSense, I probably caused the original problem;  pulled power without doing a shutdown first, causing fsck to get overly aggressive on reboot and making a mess of things.  Lesson learned, do  a full backup of the device before mucking with it. What I did: Grabbed the LiveCD ISO for amd64 from the pfSense support site, stuck it on my FreeBSD desktop.  Unzipped, did  the following: mdconfig -f <diskimage.iso>-u 0 mount -t cd9660 /dev/md0 /mnt find etc in the /mnt tree copy passwd, master.passwd, group and crontab from the /mnt to a flash drive umount /mnt Boot the SG2440 with the serial console attached (I used a putty session),  stick in the flash drive, then do: mount -t msdosfs /dev/da1s1 /mnt (da1 was my device) copy passwd, master.passwd, group and crontab from flash to SG2440 /etc cd /etc pwd_mkdb -p /etc/master.passwd umount /flash I then did passwd admin just to make sure I knew what the password was, rebooted and all was happy again. The trick was finding install versions of passwd, master.passwd, group and crontab, LiveCD ISO was best shot at that, then it was digging back in my brain about mounting the ISO and pulling the files off.  If you can mount an ISO file and get to the files on it, this should work just about anywhere.</diskimage.iso>

Cables straight I have a cable testing device I do not have a crossover cable I will bring and check

for unrelated functions. If you are using a network switch between them it would try to set up LAGs (LACP) so you will be able to set up 2 GBi/s aggregated throughput.

@kejianshi: Whats the current CPU load on the media server (average and max)? Its unlikely that pfsense will cause much additional load. It's hard to say because I don't believe vSphere keeps performance logs by default (and I never setup any) other than what you can see is currently happening over a one hour span.  However I know that my media serve at night will often have 4-5 files transcoding at the same time. The main purpose for me setting up the site-to-site VPN is the secure all transmissions between the two sites which will start including daily/weekly backups of my media server.  So that could be something like 5-10GB per night or 50+GB per week.  The VPN's stress on the CPU was the reason I went with the Avaton 2558 in my current pfSense box.

No idea about BGP. But you for sure won't get any counters with pf disabled.