Solved resetting to factory defaults. The system than upgraded completely to 2.0RC1. Thanks, Stenio

I believe I found my problem.  Bad Hardware acceleration card for encryption.  Makes sense that the web interface may freak out since it uses SSL and OpenVPN would definitely cause problems.  Not sure why the NTP was not working properly though.

Ha!  Jimp, you gave me a clue. I find that 4 out of my 11 VPN links that have the problem may due to an option in SonicWall. All 4 of them (also for other SonicWall) "Enable IKE Dead Peer Detection" are enabled and with 60/3 setting by default.  But these 4 SonicWall firmware have a sub-option "Enable Dead Peer Detection for Idle vpn sessions" which are not enabled by default. Do you know or anybody know this is may be the culprit? In SonicWall documentation, it says "Unless your SonicWALL has a lot of remote sites and you’ve been advised to use this function, please do not enable it".  I'm reluctant to enable it as there are a lot of VPN links on these SonicWall; not just me. -Raylund

Kind of a follow up question, I'm able to query snmp on the openvpn tunnel interface IP, does the snmp process not attach to vlan interfaces? I've disabled the LAN interface since I use multiple vlans, so I was wondering if that is why I couldn't get to it on any of those interfaces.

@axscode: https://rcs.pfsense.org/projects/pfsense/repos/axscode-pfs/commits/2d74f1cf28a734fe1880dce7638bc1cbab558ab8 this will allow to use tls/ssl support for mail server like gmail and yahoo on port 465, i hope it will be reviewed and added. Did you submit a merge request for that? Or tell anyone else about it? We don't generally look at user repository commits at random.

redmine.pfsense.org create a feature request there. If you can provide a patch as well it can make faster to the repo :)

@GruensFroeschli: On 1.2.3 you could install the "rate" package. It will display current traffic per IP on an interface (under Status –> Traffic Graph". But this is only for "current" speed and not to create long term statistics. That is on the 2.0 traffic graph out of the box, but it wouldn't count traffic through a specific gateway, but for the whole interface by IP (which can be done a variety of ways) He has WAN with four gateway IPs in the WAN subnet, and he wants to graph the traffic for each of those gateways individually. mark_orion - Do you have access to those boxes that are the individual gateways? Can they be monitored via snmp?

I tried having him adjust the MTU several times to no (good) effect.  Looking at a packet capture, everything seemed okay.  I also tried manually creating the <speed>entry under the PPP section of config.xml, just to see if that might have an effect. In the end, he only had 12 days to check it out before he would be locked into a contract for the device, so we gave up on it.  Satellite internet was actually substantially faster throughput than the Pantech through pfSense or the Cradlepoint device.  :-\ Thanks for checking in on this topic, jimp.  I really hope you guys have a 2.0 book planned … the first one was very helpful.</speed>

I had created Feature 1361 in redmine as suggested and I have updated it with the patch. http://redmine.pfsense.org/issues/1361

My test pfSense 2.0 box has a Gigabyte PCI WiFI card which has a Ralink chipset and is controlled by the ral driver. I have not seen that particular problem. I wonder if you are configuring your card differently from the way mine is configured. I have used a rum device on the same box and I don't recall seeing that problem though it is some months since I have tried a rum device. Do you configure your WiFi interfaces as Access Points (I do)? On that test box WLAN and LAN are on separate subnets. On my production pfSense I have bridged WLAN (Atheros chipset, not Ralink) and LAN.

I too feel your heartburn. I'm using epic 4g, prior I was on 2.1, it wouldn't connect because 2.1 is missing mppe. 2.2.1 fixed this issue, and I can now connect. I might get 1-2 minutes of connectivity, and then I get the same errors. If I try to go to a local webserver on the LAN side, or access pfsense directly, I instantly can no longer access anything. Mar 15 20:55:14 pptps: caught fatal signal term Mar 15 20:54:30 pptps: [pt0] LCP: protocol 0x00b9 was rejected Mar 15 20:54:30 pptps: [pt0] LCP: rec'd Protocol Reject #29 (Opened) I noticed in the firewall logs, my phone would sometimes show up as the assigned IP, and sometimes show up under the IP given by sprint (shown as the source). @vinsomething: I've been playing with PPTP and my Android (Droid 2 Global running 2.2 Fission ROM) over the last couple of days.  I have an allow any protocol/any source/any destination rule on the PPTP interface for now.  I also have rules on my LAN interface which permits traffic to/from PPTP clients.  I have the PPTP server/client addresses on the same subnet as my LAN. I successfully got PPTP working via my Macbook tethered to my Android; but the native PPTP client on the Android is giving me some heartburn.  It seems like I could some traffic working (very rarely through the Opera browser on the phone) but nothing consistent.  PPTP logs indicate a rejected protocol error with each packet and the firewall is blocking packets sourced from a 10.235.x.x or 10.245.x.x address on the PPTP interface (which is not used on any of my subnets).

@receptiveit: Just tried the AMD64 build of pfSense 2.0 RC1 and I have noticed that my Dlink DFE-580TX PCI 4-port 10/100 pci nic is not recognised with the multi-processor kernel. The nic was not in the list of available interfaces, and I could not see any obvious kernel output on boot. It was detected fine with the live CD kernel, and the uni-processor kernel. The amd64 kernel should report it then. Please post the output from the pfSense shell commands after booting the amd64 kernel: # dmesg; pciconf -l -v @receptiveit: Could this be a missing driver? Possible but unlikely.

I just upgraded to the 16th Release and it broke my ipsec as well.  I keep getting``` [Remote Side not responding]

I saw the package for BGP, but I haven't heard of OSPF before. We're currently using BGP for the level 3 T1s. I see under packages OpenOSPFD is listed for 1.2.1, is this in production for other companies using 2.0? If it isn't apparent already, I do not have a very deep knowledge of networking, I barely have my eyes above the water :-) Well after using the infamous search button, I believe I see where quite a few use it including Jim P. Very awesome.

Yes, the snapshot 2.0-RC1 (i386) built on Wed Mar 16 17:04:38 EDT 2011 fixed the problem. All my VPN links connected right after reboot. Thanks. -Raylund

@jimp: Did you switch from auto to manual, and then from manual to auto, and then back to manual again? It will make a new set of rules every time you do that. I think that is what I did… I tried again this morning and it created the same amount of rules so maybe that isn't the case. After the rules were created. I clicked Save/Apply... Deleted all the rules, Save/Apply... Click on Auto, Save/Apply... Then switch back to Manual, Save/Apply..... The same amount of rules were created again....

I get this php: /status_rrd_graph_img.php: Failed to create graph with error code 1, the error is: ERROR: No DS called 'inpass' in '/var/db/rrd/wan-traffic.rrd'/usr/bin/nice -n20 /usr/local/bin/rrdtool graph /tmp/wan-traffic.rrd-day.png –start 1300166886 --end 1300253286 --vertical-label "bits/sec" --color SHADEA#eeeeee --color SHADEB#eeeeee --title "hostname - WAN :: Traffic - 1 day - 5 minutes average" --height 200 --width 620 DEF:wan-in_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass:AVERAGE DEF:wan-out_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass:AVERAGE DEF:wan-in_bytes_block=/var/db/rrd/wan-traffic.rrd:inblock:AVERAGE DEF:wan-out_bytes_block=/var/db/rrd/wan-traffic.rrd:outblock:AVERAGE CDEF:"wan-in_bits_pass=wan-in_bytes_pass,8," CDEF:"wan-out_bits_pass=wan-out_bytes_pass,8," CDEF:"wan-in_bits_block=wan-in_bytes_block,8," CDEF:"wan-out_bits_block=wan-out_bytes_block,8," CDEF:"wan-in_bytes=wan-in_bytes_pass,wan-in_bytes_block,+" CDEF:"wan-out_bytes=wan-out_bytes_pass,wan-out_bytes_block,+ 2 GB nanoBSD 2.0-RC1 (i386) built on Sat Feb 26 16:33:51 EST 2011

@wallabybob: Thanks for writing that up. I have a RT3070 based USB WiFi NIC that I use as an access point in pfSense. It provides reasonable coverage around my two floor 300sq mtr home. I have just down loaded a 25MB file from the Internet over this link and Firefox reported a download speed between 50kBps and 80kBps. Certainly not a speed record but rather faster than molasses I think. I have a Tenda W311U. What brand and model number device are you using? Have you checked you have the WiFi device configured correctly? From your account the RT3070 device should be configured in pfSense as Infrastructure mode since its conversing with a WiFi AP. Have you tried different orientations of the USB stick (or external antenna) to maximise the receive signal strength? Hi Wallabybob, I'm currently using an Alfa AWUS036NH adapter.  It's a high powered adapter that works over 802.11b/g/n.  Although, it primarily is an 802.11n card.  That might be the problem, so I'm also testing out an Alfa AWUS036H card which is strictly a b/g card with much higher receive sensitivities in those standards. Yes, the WAN interface is configured correctly.  It's definitely not in host_ap mode.  It is in infrastructure mode, and I have it configured for 802.11g.  Also, the card is connected to the little laptop via a 16 ft USB cable with the yagi antennae connected via RP-SMA.  It's line of sight, not omnidirectional.  PfSense does do a great job with the internal wifi interface, though.  The LAN interface is attached to the onboard wifi adapter, and I put that in host_ap mode.  If I bridge that to a WAN interface attached to the onboard ethernet directly connected to the internet, things are fast.  So, I'm sure it's not that.  I think it's just crappy RT3070 support on FreeBSD.