As long as you hardcode those IPs, it should be OK for them to be in the same subnet as long as their gateways are different.

Tired the update and it fixed my problem

Thanks

Great!!!  ;D thank you so much…

Please try latest snapshots where some fixes related to restarting processes where made.

pfSense is working i think that there is network noise in your equipment.
But if you are happy with it live with it ;)

Thank you so much
the fix did indeed fix the problem

Kind regards
Aubrey Kloppers

thanks, generally good paper to get a foot into what's, how, why fragmentation is happening. i posted my post in the ipsec section because i don't think its related to 2.0, but would be interesting anyway.. did you experienced problems with the same 1.2.3 setup on 2.0?

to me just setting the mtu on wan interface didn't solved my overhead problem.

you do site to site with psk, i think, there is more overhead depending on your configuration, lets say ipsec with rsa keys and x-auth has more overhead then, for site to site sufficient psk.

but as you can read on the other post, i`m by far not an network engineer and have hard times imagine myself what exactly happening in that profoundness.

if you're interested, jim advised to do mss clamping on vpn traffic, mentioned in the other post.

http://forum.pfsense.org/index.php/topic,29105.msg151281

You might try to upgrade to the next new snapshot that comes out today, or it might be up now, I haven't looked. Apinger wasn't being restarted when a change was detected, but it should be now.

Thats what I am trying to test, my uptime isn't dropping back to 0 but the gateway occasionally changes after an apinger error and I can't tell if the gateway change instigated the apinger error or vica versa or even what triggers the gateway change. My ISP reckon it only changes on login, DHCP request or gateway failure but changing it is. If I could fix the gateway IP I reckon I could find out which end of the connection causes the change because I could eliminate DHCP at least.

I am going to drop back to my Draytek for a while because it will allow me to fix the WAN IP details and do some more latency tests over the next 24 hours to see what happens.

How long would you expect the link to go down for before the uptime counter dropped to zero?

If you want those to be hard limits, use the Limiters tab, setup limiters for each direction, and then apply them in firewall rules. Don't use the wizard.

Limiters are covered a bit on the doc wiki.

Okay. Thanks.

Jits

fixed with install lastest snapshot.

With snap built on Tue Oct 12 02:05:23 EDT 2010 it seem to be OK.

Update done.
No changes in time zone or NTP time server setting.
Firewall logs still one hour ahead. See picture.

time_sys_fw_10_12_2010.png
time_sys_fw_10_12_2010.png_thumb

No, for that just use a normal host or network alias and type in the hostname, www.google.com (no http://). The hostname will be resolved and updated internally periodically.