Yeah that is the fix that will be done for 2.1 for now as well. They were removed on 2.1 but somehow something is not behaving right in the OS.

Fixed on new snapshots. Thank you for reporting.

Finally got around to getting back to the site where I was having this issue and it was indeed like jimp said. By not tagging the LAN port with a VLAN (other than 1) when I turned on the Captive portal it effected all my Interfaces that were vlans off the parent. The fix was to create another VLAN and attach it to my LAN interfaces. This got me to thinking though, could I fix this without creating another VLAN? The following is a exercise in my mind and is untested (But should work). Observe the network below: [image: M.png] 1. Create a VLAN 1 under Interfaces->Assign->VLAN 2. Add it to LAN 3. Console over to your Cisco Switch and change the native VLAN on trunk Which will cause VLAN 1 to be Tagged. * 4. Enjoy (should be all good) If you have a IOS device that supports the follwoing command: vlan dot1q tag native this will cause vlan 1 to be tagged on your trunk port. So you don't have to change the native VLAN. I just found it easier to just make a new VLAN and make all the configuration changes needed.

@ElectroPulse: So far HTTP blocking has been working wonderfully… However, HTTPS blocking hasn't been. I've been reading about and working on this all week, and have yet to be able to block secure websites (due to the version of Squid I'm running). pfSense version: 2.0.3 Squid Version: 2.7.9 SquidGuard Version: 1.4_4 By design, squid can not intercept HTTPS traffic. So if you want to block traffic to this site, you have to add firewall rules to block traffic on port 443 to the websites you want to block.

Yes, assuming the commit is critical enough to be accepted for 2.1

Its working fine for me on several 2.1 firewalls I have. The only problem I have is on a couple of them apinger is sending out the pings from the interface that holds the default gateway instead of the interface whose gateway I am trying to monitor. Workaround I have in place is to add a static route for the monitor IP and point it to the gateway I am trying to monitor. Do some packet captures and see if pings are getting sent to the monitor IP from the correct interface and are being responded to. If there are no pings going out then check is the apinger process is running. If the pings are going out then check the contents of cd /var/run/apinger.status Are your RRD quality graphs not getting updated either?

Ubuntu 12.04 - Me too, on this station anyway. Strange.  I'm on firefox. I'm also behind a squid proxy. Haven't had any issues with Chrome either on this box.  (Not chromium?) Not sure what is causing the forum issue for you.

Thx. That post is a big help. I am using Notepad++ as well.

There hasn't been any progress on the re(4) timeouts as far as I know I'm afraid. As you may have read it seems very dependent on what you have it connected to. You could try putting a switch between your Airport and the Watchguard box as a test. Steve

C) Definitely can't be done via UI. It will not allow starting of DHCPV6 unless a static IPV6 is specified for the LAN interface. What I would need is some way to map a fixed /64 subnet to the variable /64 subnet assigned by Comcast… Don't think it's possible, unless I'm looking at this the wrong way?

@Duglz: I can not get anything to forward to my internal network. Below is my current setup. It is often necessary to reset firewall states after "major" rule changes. See Diagnostics -> States, click on Reset States tab, read and click on Reset button.

Oh wait! the interface is ovpnc2 which is this very tunnel OpenVPN client is trying to bring up. How is that route still there when the VPN tunnel is down.

i have the same issue on firefox 17 esr and firefox 24 beta pfsense 2.0.3 is fine though

@rjcrowder: Hmmm… at a little bit of a loss because I can't seem to replicate the problem. Did you install in the same order? Is there any way you could replicate the problem in a Virtualbox VM that I could download and play with? Sadly I am off on business travel all next week and probably the next. Thank you for your offer, I'll set one up as soon as I can.

You are right. It puts the same status in the client as well. Not only when there has been some initial transaction between the client and the server but also when the server is completely down and the client has not been able to contact the server. What was going through my mind when I saw the client status being up and the server status on the other end being blank was that the server was probably spitting out an unhandled status. Probably best to leave it as-is.

Added as Bug #3172. Shahid

The OpenVPN on 2.1 works fine for everything I do, and I believe upgraded configs are also fine. So if you are still having trouble, then post a description/screenshots of your network, OpenVPN links and configs, and more detail of what does not work.

Sorry, I don't understand what the issue is. Apparently you think there is something wrong with the numbers in @blagynchy: $ netstat -m 516/264/780 mbufs in use (current/cache/total) 515/131/646/24896 mbuf clusters in use (current/cache/total/max) 514/126 mbuf+clusters out of packet secondary zone in use (current/cache) 0/20/20/12448 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/6224 9k jumbo clusters in use (current/cache/total/max) 0/0/0/3112 16k jumbo clusters in use (current/cache/total/max) 1159K/408K/1567K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/4/6480 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines Which numbers do you think should be different and why do you think they should be different? One of my systems currently shows:``` [$ netstat -m 197/328/525 mbufs in use (current/cache/total) 195/201/396/8000 mbuf clusters in use (current/cache/total/max) 194/190 mbuf+clusters out of packet secondary zone in use (current/cache) 0/27/27/4000 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/2000 9k jumbo clusters in use (current/cache/total/max) 0/0/0/1000 16k jumbo clusters in use (current/cache/total/max) 447K/592K/1039K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/5/2256 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines $ [/code] and I'm happy with those numbers. Your posting of SMART data and your reformatting of the hard drive suggests to me you might think mbufs are related to hard drives somehow. Is that so?

Hello, Supermicro Mother Board pair of XEON 5450 kern.smp.cpus: 8 FreeBSD/SMP: 2 package(s) x 4 core(s)