Thanks ermel, that worked with the new build.

Cheers..

@helpdeskadam:

Has there been any progress on this issue? We seem to be affected by the same bug.

Our setup differs from the one described by DaveQB, though. We have pfSense configured with three interfaces (all bce). It is also the default gateway for all machines in the LAN. Routes are configured on the box for traffic to other branch offices. All checksum offloading has been disabled, but it didn't help. pfSense is configured for bypassing traffic on the same interface.

When I try to transfer a file using scp from office A to office B using pfSense as default gateway the transfer will stall leaving an incomplete file on the receiving end which is exactly 48k. Interrupting the stalled transfer and immediately trying again will succeed.

Circumventing pfSense by adding a route on office A's server to office B's LAN using the VPN router directly (which is also in the LAN) works without any problem.

I have been tinkering with kernel MTU parameters, but to no avail.

We are running 2.0-RC1 (amd64) built on Sat Feb 26 18:07:23 EST 2011. This is an in place upgrade from 1.2.3-RELEASE built on Sun Dec 6 23:21:36 EST 2009.

I haven't done any more. Mine is working great if I have pfsense in DHCP client mode (from the modem) rather than PPPoE mode (and modem in bridge mode) AND basic shaping setup. If either of these 2 things are not true, then my connection is hosed.

2.0-RC1 (i386)
built on Mon Feb 28 18:12:00 EST 2011

Nothing changed in mpd or the PPPoE code over the last few days that I saw. Your problem is completely unrelated to the problem in the other thread, so I've split it.

Good to hear that it's working again, but it was not the same problem the other people had.

Worked on my running install, thank you :)

Now if only I could get PPTP to work  :'(

Yeah you're right, that was just a random guess.

I'd look at the authentication script that gets written out to /var/etc/openvpn/ for that server instance, see if there is anything in it that changes the username.

All fixed :D Jos from applianceshop.eu contacted me and suggested i try disabling ACPI by adding hint.acpi.0.disabled="1" to /boot/loader.conf.

Just in case the dmesg is helpful to anyone else, here it is (with acpi disabled)

Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994        The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.1-RELEASE-p4 #0: Thu Jun  2 04:44:19 EDT 2011    sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pnsesrc/src/sys/pfSense_wrap.8.i386 i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Atom(TM) CPU Z530   @ 1.60GHz (1596.00-MHz 686-class CPU)  Origin = "GenuineIntel"  Id = 0x106c2  Family = 6  Model = 1c  Stepping = 2  Features=0xbfe9fbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mcmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x40c3bd <sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,xtpr,pdcm,movbe<br>AMD Features=0x100000 <nx>AMD Features2=0x1 <lahf>TSC: P-state invariant real memory  = 1073741824 (1024 MB) avail memory = 1026523136 (978 MB) MPTable: <intel  =""  poulsbo="">WARNING: Non-uniform processors. WARNING: Using suboptimal topology. ioapic0: Assuming intbase of 0 ioapic0 <version 2.0="">irqs 0-23 on motherboard wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/ ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in ot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0708980, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 inoot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0708a20, 0) error 1 wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/. wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boooader.conf. module_register_init: MOD_LOAD (wpi_fw, 0xc087b840, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0708ac0, 0) error 1 cryptosoft0: <software crypto="">on motherboard padlock0: No ACE support. pcib0: <mptable host-pci="" bridge="">pcibus 0 on motherboard pci0: <pci bus="">on pcib0 vgapci0: <vga-compatible display="">port 0xe880-0xe887 mem 0xdff80000-0xdffffffxd0000000-0xd7ffffff,0xdff60000-0xdff7ffff irq 16 at device 2.0 on pci0 pcib1: <pci-pci bridge="">irq 16 at device 28.0 on pci0 pci1: <pci bus="">on pcib1 pcib2: <mptable pci-pci="" bridge="">at device 0.0 on pci1 pci2: <pci bus="">on pcib2 em0: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3="">port 0xc880-0xc8bf m0xcfce0000-0xcfcfffff,0xcfcc0000-0xcfcdffff irq 17 at device 1.0 on pci2 em0: [FILTER] rl0: <realtek 10="" 8139="" 100basetx="">port 0xce00-0xceff mem 0xcfc9fc00-0xcfc9fcffq 18 at device 2.0 on pci2 miibus0: <mii bus="">on rl0 rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus0 rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: [ITHREAD] rl1: <realtek 10="" 8139="" 100basetx="">port 0xcd00-0xcdff mem 0xcfc9f800-0xcfc9f8ffq 19 at device 3.0 on pci2 miibus1: <mii bus="">on rl1 rlphy1: <realtek internal="" media="" interface="">PHY 0 on miibus1 rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl1: [ITHREAD] em1: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3="">port 0xc480-0xc4bf m0xcfc60000-0xcfc7ffff,0xcfc40000-0xcfc5ffff irq 16 at device 4.0 on pci2 em1: [FILTER] pcib3: <mptable pci-pci="" bridge="">irq 17 at device 28.1 on pci0 pci3: <pci bus="">on pcib3 re0: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" pcie="" gigabit="" ethernet="">port 0xde00-0xdemem 0xcfdff000-0xcfdfffff,0xff9fc000-0xff9fffff irq 17 at device 0.0 on pci3 re0: Using 1 MSI messages re0: Chip rev. 0x28000000 re0: MAC rev. 0x00000000 miibus2: <mii bus="">on re0 rgephy0: <rtl8169s 8110s="" 8211b="" media="" interface="">PHY 1 on miibus2 rgephy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseDX, auto re0: [FILTER] uhci0: <uhci (generic)="" usb="" controller="">port 0xe480-0xe49f irq 16 at device 29on pci0 uhci0: [ITHREAD] usbus0: <uhci (generic)="" usb="" controller="">on uhci0 ehci0: <ehci (generic)="" usb="" 2.0="" controller="">mem 0xdff5bc00-0xdff5bfff irq 19 aevice 29.7 on pci0 ehci0: [ITHREAD] usbus1: EHCI version 1.0 usbus1: <ehci (generic)="" usb="" 2.0="" controller="">on ehci0 isab0: <pci-isa bridge="">at device 31.0 on pci0 isa0: <isa bus="">on isab0 atapci0: <intel sch="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x,0xffa0-0xffaf at device 31.1 on pci0 ata0: <ata 0="" channel="">on atapci0 ata0: [ITHREAD] cpu0 on motherboard unknown: <pnp0c01>can't assign resources (memory) atrtc0: <at realtime="" clock="">at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0 uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP05on isa0 uart0: [FILTER] uart0: console (9600,n,8,1) ppc0: parallel port not found. unknown: <pnp0c01>can't assign resources (memory) Timecounter "TSC" frequency 1595998260 Hz quality 800 Timecounters tick every 10.000 msec IPsec: Initialized Security Association Processing. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 480Mbps High Speed USB v2.0 ugen0.1: <intel>at usbus0 uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0 ugen1.1: <intel>at usbus1 uhub1: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus1 ad1: 967MB <cf 20090819="" 1gb="">at ata0-slave PIO4 GEOM: ad1s1: media size does not match label. GEOM: ad1s2: media size does not match label. Root mount waiting for: usbus1 usbus0 uhub0: 2 ports with 2 removable, self powered Root mount waiting for: usbus1 uhub1: 4 ports with 4 removable, self powered Trying to mount root from ufs:/dev/ufs/pfsense0 pflog0: promiscuous mode enabled em0: link state changed to UP rl0: link state changed to UP rl1: link state changed to UP WARNING: pseudo-random number generator used for IPsec processing arp: 10.21.3.22 moved from 58:55:ca:07:0d:59 to 00:23:12:0b:4b:b1 on re0</cf></intel></intel></intel></intel></pnp0c01></at></pnp0c01></ata></intel></isa></pci-isa></ehci></ehci></uhci></uhci></rtl8169s></mii></realtek></pci></mptable></intel(r)></realtek></mii></realtek></realtek></mii></realtek></intel(r)></pci></mptable></pci></pci-pci></vga-compatible></pci></mptable></software></version></intel></lahf></nx></sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,xtpr,pdcm,movbe<br></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mcmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

Thanks for the update, obviously I dint see that thread before posting.

I am seeing this issue also. When I fire up my Cisco VPN client from home, which is behind a 2.0-RC2 pfSense box and connects to a Cisco VPN device at work, everything works but then eventually slows down and times out. Running a continuous ping to a server at work shows that latency spikes, then up to 5 pings do not receive a reply, then responses are received again, only for the behavior to repeat.

If I connect to my 4G MiFi or take pfSense out of the loop and use my Airport Extreme as a router, my connectivity is stable.

What can I do to file a bug and help get this issue resolved?

OK, I'm sorry, this was my own fault…

Apparently when I reloaded my backup config after my latest re-install to the 2.0-RC2 05/13 IPv6 snapshot I must have had the old  gitweb.pfsense.org/pfsense/pfSense-smos.git repository instead of the newer git://github.com/smos/pfsense-ipv6.git repo, and because of the fact that up until today I had only been gitsync'ing manually and not installing the latest snapshots, I just hadn't noticed this. Then when I did run the snapshot update today, it auto gitsync'ed to the last thing up at the old repo, which would have bumped me back to RC1.

Just did a manual gitsync with the new repo and all is well.

2.0-RC2-IPv6 (i386)
built on Mon Jun 6 00:12:42 EDT 2011

Sorry to have wasted everyones time. :-/

Remove the gateway from that rule. It doesn't belong there, it should just be 'default'.

There was an issue with a few snapshots that had a problem rebooting when trying to stop packages. You probably caught one of those and may not have had a hardware/driver issue. Might be worth trying an amd64 snapshot again.

Hello,

My Network cards:

Intel Pro , Built in  (bfe0), 3 Dlink DGE-528T (re0,re1,re2)

Thanks

Nicanor

Thanks! I was a little worried that I sounded crazy by arguing a 'closed' bug. ;)

That should do it (though can't say I've tried it, don't have a StrongVPN account, but that option works in general). What do your OpenVPN logs look like when you connect?

Since you can't have the same client config for both, why not just generate another certificate for the tcp side?

You might want to open up a ticket at http://redmine.pfsense.org/ as a feature for 2.1 to add a server-specific CSC, but I don't see it happening for 2.0.

More likely is that you do not have the WAN connected. All of those "errors" are just signs that it can't contact the outside world on the WAN interface.

Either your WAN is not plugged in, or the wrong interface was chosen for WAN when reassigning the interfaces.

Restoring works fine across platforms, the only thing you might have a problem with is packages, some aren't compatible with NanoBSD.