Hi thank you for the clarification.. I will start a new thread regarding those other questions.

Snort installs its own copy of fbegin.inc - it should really not do this on 2.0, as it will cause all kinds of issues, including breaking the link to OpenVPN (which has an open ticket)

I don't recall why the package maintainer chose to do that, though.

ur right i ll check config.

"peer to peer (ssl/tls)"  is 1:1 connection

"remote access (ssl/tls)"  is 1:n connection, so u need to use remote access for 3 sites and more i think, i ll test it.

good night.

thx for replies

Each graph has a different interval for each step. Because of that, the newest step of the lower graphs may not have enough data to put on the graph for that interval.

CMB,

Thank you by responses. I'll test PfSense 2 here.

@cmb:

@raragao:

The pfSense 2.0 Beta 3 can now make the squid to work with multi-wan?

Yes

@raragao:

Another thing, what improvements were made in the load balancing multi-WAN?

mostly listed here.
http://doc.pfsense.org/index.php/2.0_New_Features_and_Changes

HI,

i just create a NAT rule:

If Proto Src. addr Src. ports Dest. addr              Dest. ports            NAT IP       NAT Ports Description
LAN TCP      *      * 123.123.123.123(ext ip)      21 (FTP)         192.168.1.2 21 (FTP)      FTP

and it works fine now.

Is my NAT seems correct for my configuration?

Thanks,

Should I not try to install the driver? Or it might be that it is supported in the release?

EDIT:
Ok, how do I install a git package on pfSense 8.1-R1? I want install this driver.
http://repo.or.cz/w/ralink_drivers.git

I'm seeing the same thing. LAN interface set to 100Mb, child queue qInternet set to 22Mb (ISP speed) and dDefault with bandwidth %. Downloads come in at around 12-14Mb with shaping turned on, 22Mb with it turned off.

I see drops also incrementing on the queues page. Where would the queue length be adjusted?

Ok, now I understand.

@jimp:

I haven't seen any such behavior and I've been using and working with OpenVPN a lot on 2.0. I don't think I've tried that one scenario, though.

I'll need to know exactly how you have your server instance setup, any client-specific config entries you may have, etc.

Rebooted the user on this one.  I was certain when I'd tested this before it had worked fine.  Ends up I inadvertantly added a duplicate secondary IP a few weeks ago between testing and final rollout that was causing the problem.

pkg_delete squid* will match squidguard. Just don't use the *, use the full package name as shown in pkg_info.

If that doesn't work, I don't know. I wouldn't recommend using lusca, as that changes your package repository to pull from their repo and not the official package repo, so there is no telling what you are getting.

A couple things:

1. There is a firewall rule which always exists, and which you do not see in the UI, that allows all packets that are part of an existing state.
2. User-created firewall rules operate only on connections entering an interface, never leaving.

So, when a client on OPT1 is able to use the internet, it is because you have created a firewall rule on OPT1 allowing packets to pass from the client to the internet. Rule 1 above takes care of the return packets.

If you want to use the firewall to block OPT1 clients access to the internet, then you must do it using block rules on OPT1. I expect you should be able to create a rule explicitly allowing clients on OPT1 to access the address of the CP server (i.e., pfsense) and place it at the top. Below that, create your rule to pass packets from OPT1 hosts to anywhere (or !LAN, as the case may be), and use the scheduler to activate and deactivate this rule according to your desired schedule.

Note that if you disable your pass rule at 15h00 on a schedule, any states existing at that time will continue to pass. You can use CP timeouts to kill these.

Not sure offhand, but you might be able to pull it off with squidguard if not in squid alone, or just put your line in the custom options box if it will work there.

1.2.x and before, like m0n0wall, don't generate certs, they use a single hard coded one.

Not sure offhand what you're seeing there.

You already have a server certificate, just add that to the client configuration. That'll be added to the client export before release.

That is not a standard package server. You may have installed a package from someone else (like Lusca) which modified your pfSense install to get your packages from them only, which can be dangerous.

Is the error always on "rl0"? (See the current process)

You might have a flaky network card, or some other faulty hardware.