Understood … currently at home so the box is not with me .. will try it when I get back to the office .. thanx jimp :-) @jimp: You don't have to start with a clean interface, it's just not recommended to run with the parent interface assigned. Moving is as easy as setting up a vlan tag for whatever the default vlan is for that interface, setting the switch to tag for that vlan instead, and then reassigning LAN to the new vlan <x>interface.</x>

Upgrade to a newer version is fixed.

FYI - setting debug.pfpptpproxy to 1 will prevent any outgoing PPTP connections if you have the PPTP server enabled. Roy…

Should be fixed now https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/fa1823516519cfc54c75d66e9a7145640af06177

@jimp: You can find the postfix package files under /usr/local/pkg/ - you can adjust the .inc and .xml files to get what you want. If you manage to make that work, do a diff between the old versions of the files and the ones with your changes and we can get them into the "real" package for everyone. Thank you for the info and the reply.. I will figure it out.. Thank you again for all the awesome work.. !!! Respectfully, rk

Look at ipconfig -a and netstat -rn It's possible that your IP is 102 on ifconfig, and 103 is your gateway. Though usually with ADSL on many providers the gatway IP is something in a private net and not a "real" IP, since it doesn't matter so much to PPP links.

Squid is probably at fault, it will only use the default gateway. There are some recent posts in the 2.0 board with a how-to for making it use a load balance or failover gateway group.

Not a half bad idea… it is a PITA to type URLs from the system console. Though over ssh it's easy to copy/paste URLs from the snapshot server. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/b043503a017b1482a0e188885cd460a4842dcca9

@DWAyotte: encryption_algorithm ; I failed to mention I restored my IPSEC settings from v1.2.3 backup. I had to go into each of my phase1 and click save. I also had to reset all the Phase2 encryption options, they were reset. Did you restore the entire config or just that section? Restoring just that section is not likely to work properly if it's from an older config version. Only restoring an entire config from a previous version is supported in that way.

Try to backup your config, and revert to factory defaults. Check out the Captive portal whether it works - I suppose it will. Then load your configuration from backup and check how the portal behaves now.

Just update to a later snapshot i fixed this yesterday.

Hi, I'm having a similar problem. You also want to shape the traffic INSIDE the tunnel don't you? In my case I don't have an extra if configured for openvpn and I'd also like to shape the traffic inside my ipsec tunnels for which I can't assign an extra if. I tried to shape the traffic inside the tunnels just by adding floating rules (pass or queue, quick or not wuick), rules in the openvpn tab, but everything fails. It just works when I have set up lan queues.. If that's the only way to do that (I hope it isn't) I thought of doing something like that: -assign the max. rate of the wan's downstream to the lanif in the shaper, just like you would usually do when you set up lan queues, + add the max. upstream traffic of the wan if (the one which is used by the vpn tunnel) -add a subqueue for the downstream limited to the actual downstream of the wan (qInternet) -attach the usual queues to (qInternet) for the Lan. -add a subqueue (same level as qInternet) limited to the actual upstream traffic of the wan interface which is used by all the vpn traffic (let's call it qVPNup) -add queues for shaping the upstream for your vpn tunnels to qVPNup. I don't know if this would work well, however because there can only be one default rule per interface I'd have to manually specifiy a queue for each fw rule I create..

Hi since noone else with more knowledge replied: Sorry for the dumb question but do both endpoints have this second p2? Is the Roadwarrior VPN also ipsec? If yes and it doesn't work, try adding a gateway (pfsense's lan ip) and add routes for those ipsec networks through the lan ip. That way it should be possible for the firewall to reach the other endpoint directly…

Thanks for your help and hints. I'll keep an eye on the ticket. @wallabybob: I presume the two VLANs share a single physical connection to the VDSL "modem". Yes, correct. I'll use your suggested workaround with a VLAN capable switch. Best Regards Christof

Ermal, queue length, you mean qACK queue limit? I've put 200 and i got same messages Thanks,

http://forum.pfsense.org/index.php/topic,34046.msg177093.html#msg177093