There is a contradiction here between the apinger code and the gateway wiki document.
The code says:

## "Loss" alarm definition. ## This alarm will be fired when packet loss goes over 20% ## it will be canceled, when the loss drops below 10% alarm loss "loss" { percent_low {$a_settings['losslow']} percent_high {$a_settings['losshigh']} }

but the documentation says:

@Gateway:

Using the Settings tab under System > Routing, you can control the thresholds for gateway warnings. You can defined two tiers of values, the low mark is for warnings, and the high mark is when a gateway will be marked down.

Two different purposes for the high and low thresholds.  :-\

Steve

Anything on this?

Regards,

@kevindd992002:

So in my case, I make two queues, one for video streaming and one for Usenet downloading? And then I use the Floating tab to assign traffic to each queue? How much bandwidth should I assign to each queue?

Let the wizard make all (seven) queues. Change bandwidth and assign traffics as I recommended in that thread.

Thx but it doesnt make a difference. When WAN is up and using DHCP, then it is fast. Using Static config, and it becomes very slow…

You must have a reservation on that host for that IP? It's not going to assign IPs outside the range otherwise.

Got it! Thanks for the answer.

Have you updated to the latest snapshot? I got around the problem you're describing by updating to the latest snapshot, enabling gateway switching under system -> misc, and routing my traffic to the default gateway rather than to the gateway group in the LAN firewall rules. You'll also need to manually specify your DNS servers (without gateways specified), and switch off 'allow override by PPP/DHCP connections'.

@beaven67:

Looks like the shaper is not working on RC2. Has anyone else had this problem?

What problem, exactly?

Must not be the same issue I'm seeing.  I can completely comment out the pfctl line in vpn-linkdown and all my IPsec VPNs still drop after a PPTP disconnection.

FWIW - I did log all 5 arguments passed into the script and got this:

logout,pptpd0,inet,x.x.x.x/32,y.y.y.y,test

where x.x.x.x is the firewall's WAN address and y.y.y.y is the PPTP client's address.

I tried to figure out what the -b option to pftctl does, but it appears to be specific to pfsense - anyone know?

this may be of some help to you…
http://forum.pfsense.org/index.php/topic,36988.0.html

If you check your config.xml there are probably some entires in there like "<config>", you can edit them out of the XML directly.</config>

The dmesg command prints the latest contents of the kernel message buffer. If you are after the boot messages, check the file /var/log/dmesg.boot

I made a commit that will be in the next snapshot that tries to be a little more intelligent about this. If the subnet mask for the tunnel network is 30+, it will not add the server/client-config-dir directives, which should restore the old behavior for people expecting the "old" behavior from before the commit that fixed the issues others had.

"I'm guessing maybe it was because I skipped the first few steps"
"Is the plugin required?"

So you ask for a step by step – and then you just skip steps, yeah not following instructions then sure its a nightmare to setup ;)

packet traces?
logs?

@fastcon68:

I built a bridge that contains all the ports LAN OPT1-OPT8 and the bridge is OPT9.  Where do I build the rules.

Firewall -> Rules
But what rules do you want and how have you got it all configured? For example, do you want a common set of rules for all the interfaces you have bridged? or do do you want particular rules for each interface? Do you want to take advantage of the special rules created for the LAN interface?

I presume from your description

OPT9 is a bridge interface with members LAN and OPT1 through OPT8

OPT9 has an IP address but LAN and OPT1 through OPT8 don't

.

I wonder if you really want all those interfaces bridged. It might make more sense to use one or more switches to reduce the load on the pfSense CPU.

@fastcon68:

However the rules do not auto-create the in NAT.

I don't understand this. I presume you want to port forward from the WAN interface in which case you can specify port forwards from Firewall -> NAT

@johnpoz:

Glad you got it working, but I have yet to actually get a an alert from it, either email or growl.. Not sure what it all is suppose to alert on?  Would be nice if you could setup the alerts you want to see, like vpn access, hit on specific firewall rule, etc.  Maybe you can??

I've been wondering the same thing… like you John, I've yet to receive anything other than the test alerts.
but that would actually seem par (and a good sign we're running smooth on major issues) according to this post by jimp:
http://forum.pfsense.org/index.php/topic,35414.msg183868.html#msg183868

Thank you for the update.