Thanks. I will update and post back.

Thank you for your replies.
I managed to  create the URL alias.
I also found useful this post http://forum.pfsense.org/index.php?topic=24976.0

Thank you onhel, i'll take a look at it but, now i have to go to work.  :(

EDIT: Now i've gitsynced. Get lil scared because front page messed up settings, but it worked after all.
DHCP server problem get fixed, atleast from dhcp server page. Now i'm going to check if interface is working

EDIT2: problem persist at hardware site

I've checked all the CARP ip's configuration and everything seems ok. We have another pfsense server that is plugged in the same switch but with an ADSL extra link.

In this pfsense server we have only an internet link and the lan cable with a different ip number.
We don't have carp settings in this server because it's an standalone server. I have only 3 rules that allow 3 specific machines to browse internet using this adsl link.

And in the pfsense Carp server (main firewall master/backup) I have 3 rules that forward packets coming from this 3 pc's to go out to internet by the standalone pfsense server.

To clarify for you!

Main Firewall
Master: 10.48.3.252
Slave: 10.48.3.253
Carp IP: 10.48.3.254 (main gateway for the whole network)

Standalone firewall
IP: 10.48.3.251

When packets for port TCP/80 comes from 10.48.3.150, 10.48.3.146 and 10.48.3.179 the main firewall routes for the standalone firewall.

In the other side of the main firewall we have two cisco routers in load-balance and failover with the same schema I think (2 specific IP's and 1 virtual ip for both routers), but I have never had any problem in the internet segment of the lan, nor in the dmz, only in my lan segment where I have only 1 carp ip that I tell you above ok!

Thanks!

Hi,

After I am on 2.0-RC3  (i386) built on Fri Jul 8 19:24:31 EDT 2011 and my Modem was swapped, the Amplifier my drop sits on was changed twice I have not had this problem.

BR// Steen

@jimp:

Then read the link I provided and add some policy route negation rules for local networks.

yeah I've done it and it seems to be working now :)

however I am encountering another issue though.. I have a VPN connection to my office network that is on the 192.168.0.0/19 segment and I have another site to site VPN connection to the remote site segment that is on 192.168.90.0/24.. the connection to the 192.168.90.0/24 segment tends to break often and I do have a feeling that it is going across the wrong path  :-\

Capture.JPG
Capture.JPG_thumb

It is very strange. When I run " openssl speed aes-256-cbc -engine padlock ", it display:

$ openssl speed aes-256-cbc -engine padlock OpenSSL 0.9.8n 24 Mar 2010 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes aes-256 cbc  46770864.00k 48338688.00k 48958464.00k 48905216.00k 48988160.00k

When I run "openssl speed aes-256-cbc -engine cryptodev", it display:```
$ openssl speed aes-256-cbc -engine cryptodev
OpenSSL 0.9.8n 24 Mar 2010
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes
aes-256 cbc  46375136.00k 48188992.00k 48698624.00k 48657408.00k 48701440.00k

The results are same. It didn't report any errors. But I think the BCM5823 cryptographic accelerator is working. Because I run the "openssl speed aes-256-cbc" on the INTEL D510 ATOM CPU, the resulte is " > %openssl speed aes-256-cbc > To get the most accurate results, try to run this > program when this computer is idle. > Doing aes-256 cbc for 3s on 16 size blocks: 3360500 aes-256 cbc's in 3.00s > Doing aes-256 cbc for 3s on 64 size blocks: 870605 aes-256 cbc's in 3.00s > Doing aes-256 cbc for 3s on 256 size blocks: 219803 aes-256 cbc's in 3.00s > Doing aes-256 cbc for 3s on 1024 size blocks: 55177 aes-256 cbc's in 3.00s > Doing aes-256 cbc for 3s on 8192 size blocks: 6817 aes-256 cbc's in 3.00s > OpenSSL 0.9.8q 2 Dec 2010 > built on: date not available > options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) > compiler: cc > available timing options: USE_TOD HZ=128 [sysconf value] > timing function used: getrusage > The 'numbers' are in 1000s of bytes per second processed. > type            16 bytes    64 bytes    256 bytes  1024 bytes  8192 bytes > aes-256 cbc      17913.94k    18567.19k    18767.78k    18826.61k    18606.98k

You always want to connect only to the interface IPs for management, so you're 100% sure which box you're on. That's covered in detail in http://pfsense.org/book and is all the same on 2.0.

torrent could be at the limit, in accordance with its rate limiter settings.

thanks.  :)

@Nachtfalke:

If you are connecting e.g. via OpenVPN from WAN site to pfsense GUI than there is only WAN and no LAN traffic.

Could it be a package which downloads blocklists like squidguard ?

No opevpn No squid guard.

@Alan87i:

Try removing the shaper all together  just to rule it out.

but i really need them.

It seems related to AMD64 version…

I installed bandwidthD in a ATOM D525 ( 2.0-RC3 (i386) ) and all seems to be fine.

WAN.PNG
WAN.PNG_thumb
BWD.PNG
BWD.PNG_thumb
Settings.PNG
Settings.PNG_thumb

Just one more note.  It looks like ipfastforward is required to be enable for the CP to work with older snapshots.  I just checked a machine with a dec 2010 snapshot.  When I set ipfastforward to 0, it breaks the forwarding to the cp page on that snapshot… so I'll just have to be careful when upgrading from older snapshots.
Josh

Thank you for info. I already updated to 7th and 8th of june updates today and this setting survived.

CA/Certs are all handled under System > Certificate Manager.
Import your CA and Server Cert/Keys there.

You do not need to import DH parameters.

Thanks for the heads up on the CRL issue.  Not sure why OpenVPN couldn't handle a zero byte CRL file as there aren't any revoked certs during a new install.  So yeah creating a revoked cert worked. Also, good to know that I can remove the revoked cert and it'll keep working.  Haven't tried that part yet in the latest snapshot.

Darkk

pfSense is running on a Fit-PC2i computer.  Here's the spec:

2x 1000 BaseT Ethernet (based on Realtek RTL8111)
802.11n WLAN (based on RaLink RT3070, single antenna)
http://www.fit-pc.com/web/fit-pc2/fit-pc2i-specifications/

-Brian