AFAIK, there  is nothing doing this at the moment. You can open a feature request at redmine.pfsense.org to not be forgotten.

Thank you for the reply, I will test this asap. Sorry it took me so long, i forgot my password =(

at last i found my periodically ipsec disconnect problem after researching in redmine,i'm using pptp from home to connect corporate PF 2.0 RC1 firewall. Same issue as Chris Buechler described in  bug 1421 (http://redmine.pfsense.org/issues/1421),today i noticed that after my pptp disconnect all ipsec tunnels disconnecting.I can supply any log and configs for deeper research. regards.

can you ping the monitor-ip from your opt1 interface ? If the monitor-ip blocks icmp (ping, ….) then it will allways show offline you can specify any public ip as a custom monitor ip, but static routes will be added for that Ip-adress on that interface. So for example if you set your monitor-ip of OPT1 to 8.8.8.8 then all traffic from lan-->8.8.8.8 will go over opt1 your gateway monitors need this to be online if you wish to loadbalance using the loadbalancer-gateway-group in your firewall rules

I get this when I try that: Fatal error: Cannot unset string offsets in /usr/local/www/system_advanced_firewall.php on line 148

…not if you're trying to reach that IP from the LAN side.

Solved it. I knew from the beginning this was a self created problem, but I knew of no way to rule out which piece of the puzzle was causing it. I lucked up and found it through no special dianostic method other than remembering I had changed a setting in an attempt to solve a different problem I was having a month or so back. I have specified an MTU of 1460 for the WAN interface. If I set it to 1500 or blank, everything works like it is supposed to. I have no idea why this only affected traffic that was bypassing the proxy services.

with the DHCP trick, the connection stayed alive for 2 days and counting.. but I wouldn't want to have this as a permanent solution :-\ are there any ways I can see verbose output of what is happening on the LCP ?

Yes!  Finally my network feels like Utopia again, many thanks JimP.

Same exact problem as Sharpless. Tried the web gui and nothing happened after uploading the file. Then tried via the shell and it just gave hashes for hours on end after successful download of the file. I am running Geode LX: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007

No. I mean I tried all (really all) possibilities before finding out how to work with the queue any rule. It is not very stable but it works. I finally decided not to use it for an other reason (couldn't monitor it by pftop).

A few hours ago I  made adjustments to gateway , nics and upgraded to latest snapshot, and problems are solved. the issues were possibly  caused by adding a 3-rd nic and not configuring it correctly. in addition the lan has another pfsense running in production, and most computers use that as the gateway. i was having issues with port forward to computers which had the other pfsense set as their  router.

Thanks.  I think my issue at the most problematic site is actually my Realtek NIC in it.  I've disabled hardware checksum and hardware tcp segmentation offloads so hopefully that should help.

Seems to be fixed. Thanks!!

@marcogi: @GruensFroeschli: The rules are processed from top to down. If a rule catches, the rest below is never considered. […] I thought it were the last matched rule to "win". I mean, the rules are all processed from top to down, the last rule matching the packet, catches it. So, what does the 'Apply the action immediately on match' in the rule editor do? I'm asking to clarify myself how pfsense works. Thanks Floating rules are different. Floating rules can either have quick checked to be top-down, or unchecked to be last-match-wins. Floating rules are not used by most people, and are mostly used for traffic shaping. On every other tab, the rules are processed top-down.

Found my own answer, the export package somehow got "stuck" It was still packaging up the original cert instead of the newly build ones. Now if anyone has advice how to fix the "WARNING: No server certificate verification method has been enabled." problem, I have tried adding: ca server-ca.crt ns-cert-type server But I start getting: Wed Feb 09 11:44:45 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Fatal TLS error (check_tls_errors_co), restarting SIGUSR1[soft,tls-error] received, process restarting Thanks all!

No other suggestions come to mind, other than avoiding USB ethernet dongles…

pfflowd package, softflowd. Google netflow site:doc.pfsense.org