It would be possble, though it's likely too late for 2.0 for anything like that. Tabs for each time or a filter would probably be overkill and overcomplicated though. Just adding a column for the type and the ability to sort them by that column would probably be the best bet.

Okay upgrading to Wed Jan 26 09:44:03 EST 2011 went smoothly and I have no trouble with ipsec.

Thanks for the feedback Jim. I also had a config working once  where at least the fallback was immediate, but then it would only fall back once. Some further things I found out: This config works even with more than 2 WAN, just add another interface, include gateway in group, add NAT rule and include the additional WAN(s) in the floating rule. killing the OpenVPN state and then sending SIGUSR1 makes the reconnect faster, and also makes a (somewhat) graceful fallback to the primary WAN (when it is up) without forcing the secondary WAN to go down, maybe one could add this as an afterfilterchange command (I think it is called like that): pfctl -k <lan ip="">-k <openvpn server="" ip="">killall -USR1 openvpn</openvpn></lan> Have only tried this on the command line, though. Stefan

http://forum.pfsense.org/index.php/topic,32696.0.html

Okay, got it just assign a bridge  ;)

Thanks jimp! Wed Jan 26 10:45:46 EST 2011 seems to be working fine. Roy… BTW, thanks for all the hard work and support!

Might be a good idea for then. It's probably too late to hack in a fix for that for 2.0.

thanks ermal, that fixed it

I started on a late December build.  I'm using the full install, embedded kernel option, on ALIX w/microdrive.  The only problem I had originally was with pass-through PPTP client connections "hanging."  That was supposed to have been fixed in a 1/19 build (I think), so I upgraded.  The PPTP hangs seemed to have been fixed, but then the router began randomly rebooting.  Since then, I have tried a couple newer snapshots, but the reboots continue.  I'm now using my backup router (DD-WRT on WRT-54GL) until I can rebuild the ALIX router to pfSense 1.2.3.

Sounds like you want to run netflow (either with the pfflowd or softflowd packages) - but it doesn't queue the data locally, you need a netflow collector to receive the data and store it. http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F#Netflow http://doc.pfsense.org/index.php/Exporting_NetFlow_with_softflowd

Unfortunately there isn't an easy way to preserve that just yet. There isn't a "device.hints.local" either that would stay (like loader.conf.local does). It's also kind of a pain but you could do this before each update: touch /tmp/no_upgrade_reboot_required And then the upgrade will not reboot. You can then make your edits to device.hints after the upgrade finishes and then do a manual reboot.

With latest snapshot " 2.0-BETA5 (i386) built on Tue Jan 25 22:26:25 EST 2011" seems to be fine :D Thanks for reply jimp, im "new" with pfSense ( lot to learn ) but till now im really happy with it. To all pfSense "team" THANKS ! and keep your great job. feel free to close the thread.

Tested again the whole config. No errors present nor seen by me. Updated today with latest snap. still no IPsec. Jan 26 14:21:34 php: /vpn_ipsec.php: Error: Invalid certificate info for Jan 26 14:21:34 php: /vpn_ipsec.php: Could not determine VPN endpoint for 'fonie' Yes, the line "Invalid cert…" ends just like you see. here is my racoon.conf. No cert-entries. # This file is automatically generated. Do not edit path pre_shared_key "/var/etc/psk.txt"; path certificate  "/var/etc"; listen { adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660; isakmp 78.35.x.x [500]; isakmp_natt 78.35.x.x [4500]; } mode_cfg { auth_source system; group_source system; pool_size 1; network4 10.112.36.1; netmask4 255.255.255.252; dns4 10.112.35.13; default_domain "hier.local"; split_dns "hier.local"; save_passwd on; } remote 87.y.y.y                                            ---> remote fixed IP { ph1id 1; exchange_mode aggressive; my_identifier address 78.35.x.x;              ---> actual WAN-IP peers_identifier address 87.y.y.y;            ---> remote fixed IP ike_frag on; generate_policy = off; initial_contact = on; nat_traversal = on; support_proxy on; proposal_check claim; proposal { authentication_method pre_shared_key; encryption_algorithm 3des; hash_algorithm md5; dh_group 2; lifetime time 3600 secs; } } remote anonymous { ph1id 2; exchange_mode aggressive; my_identifier address 78.35.x.x;  ---> actual WAN-IP peers_identifier fqdn "zuhus"; ike_frag on; generate_policy = unique; initial_contact = off; nat_traversal = on; dpd_delay = 60; dpd_maxfail = 5; support_proxy on; proposal_check claim; proposal { authentication_method xauth_psk_server; encryption_algorithm aes 256; hash_algorithm sha1; dh_group 2; lifetime time 28800 secs; } } sainfo address 10.0.4.1 any address 10.0.5.4 any { remoteid 1; encryption_algorithm 3des; authentication_algorithm hmac_sha1; pfs_group 2; lifetime time 3600 secs; compression_algorithm deflate; } sainfo  anonymous { remoteid 2; encryption_algorithm aes 256, aes 192, aes 128; authentication_algorithm hmac_sha1; lifetime time 3600 secs; compression_algorithm deflate; } I think i will downgrade to the snap from 01/22 and see if it works again. Thats really strange!

Not sure about 1), but for 2), the CPU graph widget was deactivated since it had some issues with how it displayed on SMP systems.

I just tried this on: 2.0-BETA5 (i386) built on Thu Jan 13 20:30:46 EST 2011 and it doesn't seems to be sending the extra options defined: 192.168.0.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x295fdbd5, secs 1280, Flags [Broadcast] (0x8000)   Your-IP 192.168.0.7   Client-Ethernet-Address 00:26:****   Vendor-rfc1048 Extensions     Magic Cookie 0x63825363     DHCP-Message Option 53, length 1: Offer     Server-ID Option 54, length 4: 192.168.0.1     Lease-Time Option 51, length 4: 1800     Subnet-Mask Option 1, length 4: 255.255.255.0     Domain-Name Option 15, length 20: "******"     Default-Gateway Option 3, length 4: 192.168.0.1     Domain-Name-Server Option 6, length 4: 192.168.0.1 Although it's in /var/dhcpd/etc/dhcpd.conf: … option custom-lan-0 code 252 = string; ... option custom-lan-0 "http://192.168.2.13:80/wpad.dat"; ... And i restarted dhcpd after config change. I don't think this option was available in 1.* branch, has been a long time since i've used it though... So maybe this should be moved to the 2.0 board? ... it should be in the OFFER, right? Or is it only sent when requesting extra options in an INFORM?

I fixed that just now. Though it is inoquos nothing to worry about.

Follow these steps: 1- Create the first lagg0(fxp0, fxp2) 2- Create the second lagg1(fxp1, fxp3) 3- Go to Interfaces->(assign) 4- Assign lagg0 as OPTx 5- Go to interfaces->(assign)->ppp 6- Create the ppps and choose the interface OPTx 7- Than you can use the setup as you intend too.

Thanks jimp and here's to hoping it will! Gabriel