Hi Thanks for the reply. I tried your suggestion and it is still not displaying a reason code. When I look in sgerror.php the $err_msg  parameter looks undefined. include "globals.inc"; include "config.inc"; $page_info = <<<eod<br># ---------------------------------------------------------------------------------------------------------------------- # SquidGuard error page generator # (C)2006-2007 Serg Dvoriancev # ---------------------------------------------------------------------------------------------------------------------- # This programm processed redirection to specified URL or generated error page for standart HTTP error code. # Redirection supported http and https protocols. # ---------------------------------------------------------------------------------------------------------------------- # Format: #        sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] # Incoming SquidGuard variables: #        a=client_address #        n=client_name #        i=client_user #        s=client_group #        t=target_group #        u=client_url # Example: #        sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. # ---------------------------------------------------------------------------------------------------------------------- # Tags: #        myurl and output messages can include Tags #                [a] - client address #                [n] - client name #                [i] - client user #                [s] - client group #                [t] - target group #                [u] - client url # Example: #        sgerror.php?url=401 Unauthorized access to URL [u] for client [n] #      sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] # ---------------------------------------------------------------------------------------------------------------------- # Special Tags: #      blank    - get blank page #        blank_img - get one-pixel transparent image (for replace banners and etc.) # Example: #        sgerror.php?url=blank #        sgerror.php?url=blank_img # ---------------------------------------------------------------------------------------------------------------------- EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); define('TAG_BLANK',    'blank'); define('TAG_BLANK_IMG', 'blank_img'); # ---------------------------------------------------------------------------------------------------------------------- # ?url=EMPTY_IMG #      Use this options for replace baners/ads to transparent picture. Thisbetter for viewing. # ---------------------------------------------------------------------------------------------------------------------- # NULL GIF file # HEX: 47 49 46 38 39 61 - - - # SYM: G  I  F  8  9  a  01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B # ---------------------------------------------------------------------------------------------------------------------- define(GIF_BODY, "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url  = ''; $msg  = ''; $cl  = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; # ---------------------------------------------------------------------------------------------------------------------- # check arg's # ---------------------------------------------------------------------------------------------------------------------- if (count($_POST)) {     $url  = trim($_POST['url']);     $msg  = $_POST['msg'];     $cl['a'] = $_POST['a'];     $cl['n'] = $_POST['n'];     $cl['i'] = $_POST['i'];     $cl['s'] = $_POST['s'];     $cl['t'] = $_POST['t'];     $cl['u'] = $_POST['u']; } elseif (count($_GET)) {     $url  = trim($_GET['url']);     $msg  = $_GET['msg'];     $cl['a'] = $_GET['a'];     $cl['n'] = $_GET['n'];     $cl['i'] = $_GET['i'];     $cl['s'] = $_GET['s'];     $cl['t'] = $_GET['t'];     $cl['u'] = $_GET['u']; } else {       # Show 'About page'         echo get_page(get_about());         exit(); } # ---------------------------------------------------------------------------------------------------------------------- # url's # ---------------------------------------------------------------------------------------------------------------------- if ($url) {     $err_id = 0;     // check error code     foreach ($err_code as $key => $val) {             if (strpos(strtolower($url), strval($key)) === 0) {               $err_id = $key;               break;             }     }     # blank page     if ($url === TAG_BLANK) {             echo get_page('');     }     # blank image     elseif ($url === TAG_BLANK_IMG) {           $msg = trim($msg);           if(strpos($msg, "maxlen_") !== false) {               $maxlen = intval(trim(str_replace("maxlen_", "", $url)));               filter_by_image_size($cl['u'], $maxlen);               exit();           }           else {               # --------------------------------------------------------------               # return blank image               # --------------------------------------------------------------               header("Content-Type: image/gif;"); //  charset=windows-1251");               echo GIF_BODY;           }     }     # error code     elseif ($err_id !== 0) {             $er_msg = strstr($_GET['url'], ' ');             echo get_error_page($err_id, $er_msg);     }     # redirect url     elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) {             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             # redirect to specified url             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             header("HTTP/1.0");             header("Location: $url", '', 302);     }     // error arguments     else {         echo get_page("sgerror: error arguments $url");     } } else {         echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); #        echo get_error_page(500); } # ~~~~~~~~~~ # Exit # ~~~~~~~~~~ exit(); # ---------------------------------------------------------------------------------------------------------------------- # functions # ---------------------------------------------------------------------------------------------------------------------- function get_page($body) {         $str = Array();         $str[] = '';         $str[] = "\n$body\n";         $str[] = '';         return implode("\n", $str); } # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # IE displayed self-page, if them size > 1024 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function get_error_page($er_code_id, $err_msg='') {         global $err_code;         global $cl;         global $g;         global $config;         $str = Array();         header("HTTP/1.1 " . $err_code[$er_code_id]);         $str[] = '';         $str[] = ''; if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']) { $str[] = " <center> # {$config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']}: {$err_code[$er_code_id]} </center> "; } else { $str[] = " # Request denied by {$g['product_name']} proxy: {$err_code[$er_code_id]} "; }         if ($err_msg) $str[] = " ### **Reason:** $err_msg";         $str[] = ' * * * ';         if ($cl['a'])        $str[] = " **Client address:** {$cl['a']} ";         if ($cl['n'])        $str[] = " **Client name:** {$cl['n']} ";         if ($cl['i'])        $str[] = " **Client user:** {$cl['i']} ";         if ($cl['s'])        $str[] = " **Client group:** {$cl['s']} ";         if ($cl['t'])        $str[] = " **Target group:** {$cl['t']} ";         if ($cl['u'])        $str[] = " **URL:** {$cl['u']} ";         $str[] = ' * * * ';         $str[] = "";         $str[] = "";         return implode("\n", $str); } function get_about() {         global $err_code;         global $page_info;         $str = Array();         // about info         $s = str_replace("\n", " ", $page_info);         $str[] = $s;         $str[] = " ";         $str[] = '';         $str[] = ' **HTTP error codes (ERROR_CODE):';         foreach($err_code as $val) {                 $str []= "** | $val";       }         $str[] = ' | **';         return implode("\n", $str); } function filter_by_image_size($url, $val_size) {           # load url header           $ch = curl_init();           curl_setopt($ch, CURLOPT_URL, $url);           curl_setopt($ch, CURLOPT_HEADER, 1);           curl_setopt($ch, CURLOPT_NOBODY, 1);           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);           $hd = curl_exec($ch);           curl_close($ch);         $size = 0;         $SKEY = "content-length:";         $s_tmp = strtolower($hd);         $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n"         if (strpos($s_tmp, $SKEY) !== false) {             $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY)));             $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " ")));             if (is_numeric($s_tmp))                   $size = intval($s_tmp);             else $size = 0;         }         # === check url type and content size ===         # redirect to specified url         if (($size !== 0) && ($size < $val_size)) {               header("HTTP/1.0");               header("Location: $url", '', 302);         }         # return blank image         else {               header("Content-Type: image/gif;");               echo GIF_BODY; $str[] = ' MJ ';         } } ?>    [/u][/u][/s][/i]**</eod<br>

OK. Via VPN > OpenVPN > Client, is this right ? Thanks ;) EDIT : Auto-reply : here for those who want. Thanks Nicolas

Your WAN interface can send data out to the Internet or receive data in from the Internet.  IP_WAN is your WAN interface.  In your example, your WAN is receiving data from the Internet at the rate of 6 Mbps.

I forgot about that thread. Yes all info looks correct. It would need flashing to DirectIP for pfsense. That still don't guarantee it will be supported by the freebsd u3g0 driver. Worth a try as DIP will work in most OS.

Thank you very much: after saving twice in a row the rc.d scripts appeared! :) I just started to collect flows again thanks to the softflowd package. Sincerely gratefully.

Yeah, no problem. To answer your question: No, I did not. The Mac Mini was the client's machine.

I think you may be right Stephen. I will try out the localhost tomorrow. Yes it makes more sense not to have it on the LAN. I have no excuse other than it being the weekend and limited unpaid time working on a test machine. I will get there in the end. ;) When I get to a happy conclusion I will amend my previous posts.

@fearnothing: @Nullity: I have LAN and WAN set to deny everything but the traffic I specify. It sounds tedious, but it was much easier than expected. The security and privacy (misconfigured apps are less likely to leak info) improvements are worth the trouble, imo. You also get to see just how spammy some of the stuff on your network really is, if you have logging turned on. My printer seems to think the network is icecream which is badly in need of its UPnP chocolate sprinkles. lol. Yeah, some iOS devices were leaking some reasonably private information in plain-text. I have a love-hate relationship with UPnP, but I think most of us do. That reminds me… I really need to setup a remote syslog service to send all my logs to.

Known issue reported many times, move one, nothing happening here any time soon… If you need monitoring, set it up elsewhere.

Ah that makes sense.  Was running 2.1.5 on this unit until recently and never noticed the messages before. That explains it, thanks guys

I have a Dell i7-920 that if you leave it powered down for more than a  few tens of seconds and you boot it back up, it will get memory errors. Maybe 5-10 minutes before Windows blue screens. Memtest will show problems all over the board. Power it down, wait 5 seconds, power it back up, 3 days of memtest, no errors, months of up-time in Windows, no issues. Stable. This is the strangest problem that I have ran into over my years. Typically something giving these kinds of problems is in its death throes, but instead it has been working well for 6+ years. I finally recently replaced it. The motherboard and CPU are now wrapped in aluminum foil in storage.

Ok, thanks. Tuned a little bit differently kern.ipc.nmbclusters="131072" kern.ipc.nmbjumbo9="20000"

What are your l2tp IP settings like? as far as server ip and remote address range

Really? What ISPs block pfSense? What is your evidence for this? How would they know? Steve

Most proxy settings have an option to bypass for local addresses.  Would this not solve the problem?  Since you're looking at HTTPS anyway, you might want to either check out WPAD configuration or pushing proxy settings down via AD GPO.

I guess we really should have mentioned that this is a not a network that will route ALL traffic via a single pfSense, that would be insane :-) pfSense would be deployed within local segments of the network where Internet connectivity would also be deployed. OpenVPN would be used to connect key locations together over the network.

Oh, thank you, it works!

Thank you all for your reply. When doing the speedtest there is not much in system activity. It's barely taxing the system. I just received a switch I ordered recently (Mikrotik RB250GS) and configured it for my network. I happen to do another speedtest while connected to this switch and voila I am getting what I am supposed to be getting. So I am inclined to think that I may have a cisco switch issue.