Thanks Jimp, I'll go check out the alternate driver.
Who knows, I've changed so much since I switched from an x700 to this new machine that I might have inadvertently changed some other value.
Still, that doesn't help the TS.

I have a Jetway mini-ITX motherboard with connector for a daughter card. I have a daughter card with one 10/100 NIC. For a time I had problems with intermittent interface reassignment on boot. Some tweaking of the daughter card position and adjustment of the holding screw seemed to fix it.

i tried a second time now again and it took 12mins after upload just to give the message in console firmware being updated as well as the message in the gui, earlier it used to give message as soon as almost 3-5mins after upload or as soon as the click yes for unsigned page opens in the webgui which made u believe its working fine rather than waiting sometime without any message or prompt. During those 12mins i opened the shell and ran top and it showed all process close to 0% cpu usage which earlier used to show php consuming higher cpu which also made u believe there is still some activity going on in regards to the upgrade.

all in all it works now but i guess giving a prompt or message earlier would be better

@jimp:

I'm saying you can do just IPsec for client access, you can do just L2TP for different clients to access, but you can't do IPsec+L2TP together for client access.

L2TP on its own provides no encryption, it's just a tunneling protocol. If something connects with purely L2TP, it would work fine, just doesn't get encrypted. That's why people want L2TP+IPsec, IPsec handles the encryption (in transport mode), and L2TP handles the tunneling of client data.

So if you have, say, an iPhone connecting with IPsec, and an Android phone connecting separately to L2TP, they could both connect and work. You just really wouldn't want to do that since the L2TP client would have no encryption.

Oh, I see. Thank you for your reply.

jimp,

That did the trick!

Reset misc. options to default and made sure DNS was set correctly for both WAN connections.  Failover worked beautifully!

Thanks!

Jeff

/root/

@jimp:

That's a software interrupt, so that being so high usually means that some bit of hardware is seeing a lot of traffic/activity/etc. Check dmesg, vmstat -i, ps uxawww, etc, in order to see what is really on swi5.

Thank you Jim… next time I will see something abnormal on the cpus I will run that commands to see what's going on... even if I think was a guy sending thousands of udp voip registrations (unsuccessful because after a while I closed the port for the public network, but he continued quite a lot, I got full of snort alerts/bans about that)... was really huge as brutal force attack...

Thanks,
Michele

I just hit this with a customer last week as well. The problem is that checking by pid, something was running on the stale pid, so the functions thought things were running normally. Only removing the pid file was enough to get it going again.

I understand and I apologize, I got everything working and left it alone for 6 months. Did not know until a few weeks ago.

Still a fair amount of work to go but that is an important step. We had a bunch of things that can't go into 2.0 that we didn't want to get lost, so they can go into mainline without getting lost on someone's hard drive or forgotten. So mainline will go (slightly) toward 2.1 but there will still be fixes on 2.0 before the release of course.

It means exactly what the text says. Tables are places where lists of IPs are held, like Aliases. On some systems people use these to hold a lot of data, such as lists of IPs/netblocks in certain countries, so they need to increase this size. Most people do not need to change that.

Those default values are determined based on the amount of RAM available in the system. More RAM means a larger default. The default is meant to be reasonable for most people, but obviously in many cases would need to be increased. (The default in 1.2.x was a measly 10,000 :-). You can set that as high as you can handle in terms of RAM; 1 state == 1k of RAM, so 1 million states is 1GB of RAM.

Try disabling the Gateway Monitoring on the bottom of the Miscellaneous Tab under System: Advanced.

I had to do this to get the GUI to respond during setup before I had the WAN connected.

Note:  I did have to uncheck it in order to get failover working.

Not really dumb; usually dynamic DNS services have a rate limit that prevent you from changing IPs too often (most APIs have a rate limit for public services to prevent abuse), and pfSense likely uses a hook on the IP-change routines and not a cronjob in the background to update the dynamic DNS registration. Since the IP shouldn't change, updating a dynamic DNS host with a value that hasn't changed would just be a waste of bandwidth and likely frowned upon by the DDNS services for that reason.

Thanks - I did do a search but never found that.

The IPSEC issue remains and is a mystery …

I didn't have opened, but after I post the message I've tried to open and now the are accessing FTP server on the net, but I've to open ports from 1024 to 65535, but I din't like to open a big huge of outgoing ports, because we'd like to control and block P2P access, skype, torrents and etc…

Do you have any other clue or tip to help me blocking these kind of programs?? I saw that pfSense now has Layer 7 support but I didn't understand very well how the configuration works!!

Thanks!

Or you can monitor the ISP's DNS servers as it too will have a better idea of the network connection.

Either way will work just fine.