I just updated firmware hoping it would solve anything but it dident.

Hope someone else know what's wrong with the NAT reflection

There were some fixes done yesterday and some more will come on this today.

Nicely done mtx!  I was having exactly the same issue.  I (wrongly) assumed that the ccd settings were being automagically set by pfSense.  Having used OpenVPN for quite a while, and being used to creating ccd files, I'm surprised I missed this!

Thanks!

@Gloom:

No problems on my boxes with that driver but if you are on the 64bit build do a netstat -m and check the following line

0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)

If they are NOT zero then increase the value of kern.ipc.nmbclusters. I tend to have it set to 4 times the default value but I'm running full internet routing tables.

Hi,

I looked at these parameters and were cleared. It may be something related to the link aggregation?

Best regards,

I'll give that a try.

i went over there today, it's a national holliday  so nobody around needing internet. I reinstalled esxi and a clean install of pfsense using snapshot of june 12.

I used the dell custom esxi (it might have more up to date drivers for dell hardware).
Pfsense installed with minimal packages required (only squid and squidguard were added).

Also  @cmb:

i tried installing squidguard before squid was installed… This install did not complete giving an error bout a missing file (some squid config file).
I Manually installed squid. then squidguard reinstalled without issues.

Easiest to just script creation of the XML, taking from an export of your existing DHCP server. Can just add one through the GUI and backup your config to see the appropriate XML tags.

There haven't been any IPsec changes in a long time. That's generally the remote end refusing to bring up a new SA as it still has the pre-reboot one if I had to guess based on limited info. IPsec logs would be more telling.

You need at least two public IPs, 3 static ones if you want stateful failover.

Jun 12 snapshot reloading is OK. Thanks, Ermal.

To Mike

Thanks.  I hesitate to do this stuff because, if I understand correctly, it means I can't just cleanly upgrade when a new version comes along.

I place my script in /usr/local/pkg/ and a upgrade will have no impact on it (on nanobsd /cf/conf is the only directory that survive afaik an upgrade). As your problem isn't a fault there will be no fix for it.

To 292957
Start a new post (this one took another direction) with as much information as possible diagram,screenshots etc

You could lower the low and high watermarks of store data in RAM and/or disc. Default is 90% and 95%
Perhaps try it with 50% and 55%.

Probably att, their default (like most of my neighbors) is wep and the use of numbers.

That's really nice to have an unofficial guide.

I think the chicken and egg issue is facing shaping. It doesn't work. noone knows how to use it. While you can do some shaping functions, the wizards and internal gui leads one to believe they can use use for certain "well known" capabilities that were used in 1.2.x, which is misleading, because a lot of these don't work.

What is missing is a statement from the developers of what will be supported/fixed for 2.0 and what will be abandoned regarding shaping.

For example, shaping by ports is broken in the wizard and in general. L7 shaping works (supposedly) but only if the l7 filters are an exact match. Further, there is a resource need for any l7 shaping using DPI, and that has never been discussed or disclosed at to how many resources should be allocated and whether or not it can work reliably on a nano device (where resources are a bit more scarce).

I don't see shaping getting any attention until the devs decide to fix it or address it. They've been quiet when asked bluntly, so one can only assume they are not willing to discuss it in lieu of other priorities or because it is hopelessly broken. There are a lot of us that can't consider 2.x until this is addressed though, and I'm sure they are aware of it (somehow).

Another thing too is Firefox works better with PfSense.  If you don't want to install Firefox on the PC you can use the portable app version so this way you can run it off the USB flash drive.

Darkk

Thank you for your quick reply!

Then I don't have to troubleshoot my configuration any more =)