In the default install on Nano it will still cache a little in RAM, I guess.
To make it not cache anything at all, you might need to set "cache deny all" as a custom option.
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#Can_I_make_Squid_proxy_only.2C_without_caching_anything.3F

Whether you are forwarding the requests or not is normally not relevant.

This helps very much, thanks :)
So my information was just wrong (got it from an unofficial forum about pfsense-talk) and the grahps are working fine, as they are programmed to.
I will join the discussion from the link, you gave me.

Tanks  ;D

There was a problem with it earlier, if your system fetched the problem file you'll need to force it to do an update under Diag>Tables.

It works, most of our site to site and remote access VPNs are AES256-CBC.

the point being the rules number 3 and 6 r repeated in location 9 and 12 so i deleted them and the screenshot is with them deleted where as enabling AON shouldnt repeat same rules. i bet if i had 3 wan connections then they would be repeated 3 times whereas u only need one rule for localhost to each wan

Go to the bottom of this page

http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

follow the instructions for GIT URL Moved.

The GIT address changed within the last few days.

I pushed some reducing of the swap size to 64M for minidumps as a minimum.
So your issue should be fixed, please test with new snapshots.

No hard feeling, let's try to get 2.1 polished to the maximum and out of the door before tinkering around with switching the base OS.
Experimenting with 8.4 was just for my very own interest (more to see how much things have been backported to 8-STABLE  ;-)

@dhatz: Yes, I've actually had some issues with the virtio SCSI drivers that looked similar to what I've seen.
Hope we can get it before 2.1 ships it would be like adding 2 patches from 8-STABLE and test things.

– Mathieu

Saw that as well when the following topic happened to me.

http://forum.pfsense.org/index.php/topic,59876.0.html

There's a workaround in that thread.

@jimp:

Last time this happened to me, I had a static route for the monitor IP that was, in fact, sending it out over the wrong gateway.

Check your monitor IPs against the routing table and DNS servers and static routes.

I have no static routes so I don't think that's the issue.

@ermal:

Its a software issue of apinger.
pfSense already adds the routes but whenthe interface goes down i think the routes and socket gets re-configured wrongly.

I'll open a ticket as soon as I have a minute. Thanks for the replies.

To point 3)

I would love to see a DHCP6 lease reservation system which does not care if the reserved ip is from within the lease range or outside.

But i think it is not working yet as expected on 2.1BETA1 from 4.3.13

1. I did a reservation without adding an IP and expected it takes one out of the pool
2. the reservation shows up on the list, but as offline, while the system still has tha initial added dynamic lease
3. the reservation entry has a light red "x" at the end, but the reservation cannot be removed

As i cannot remove the reservation i cannot add one with an ip entered

I notice that Github has moved from BSDperimeter name to pfSense name. The build that was running at the time stopped. cmb seems to be doing Github work now, so I guess a build will be kicked off any time soon.

Essentially breaks the router since it prevents other tables from loading too.

Temporary workaround is to remove /etc/bogonsv6 contents (zero length file) and reboot.

May as well, perhaps under a different filename or method so that we can easily swap back to the other version if needed without completely reverting the work.

gitsync solved it :) thanks Phillip and Ermal :)

Yes, I would agree with drewy and athurdent. When you install bare metal on atom you can use the hardware offload options on your NICs and significantly reduce cpu overhead. When installing pfsense in a VM it's now using virtual nics and all of the networking has to be processed by the cpu. Atom doesn't support VT-d or you might be able to pass the nics directly to your pfsense vm, and gain the benefits of hardware offload.

From the VMware ESXi guide:

In a native environment, CPU utilization plays a significant role in network throughput. To process higher levels of throughput, more CPU resources are needed. The effect of CPU resource availability on the network throughput of virtualized applications is even more significant. Because insufficient CPU resources will limit maximum throughput, it is important to monitor the CPU utilization of high-throughput workloads.
„ Use separate virtual switches, each connected to its own physical network adapter, to avoid contention between the VMkernel and virtual machines, especially virtual machines running heavy networking workloads.
„ To establish a network connection between two virtual machines that reside on the same ESXi system, connect both virtual machines to the same virtual switch. If the virtual machines are connected to different virtual switches, traffic will go through wire and incur unnecessary CPU and network overhead.

www.vmware.com/pdf/Perf_Best_Practices_vSphere5.0.pdf

I think when you install bare metal and test the same workload you might see half the cpu utilization. Given the 90% number you saw on the ESXi box itself it sounds like all of the cpu is being used up. 70% is used by pfsense, and the other 20% being used by the hypervisor to process the virtual switch and actually send the data out on the network. (Just a guess)

Please do not post things from freebsd-net here.
Most of us follow those lists and are aware of things.

bytheway i have another system with just one wan connection so obviously its set as default, now if i go edit it and untick default and save then the default flag goes away but still surfing etc keeps working fine, but if i edit it again and tick default gateway and hit save, then it wont flag it as default no matter how many times u try whereas in system log i see this

php: /system_gateways.php: ROUTING: setting default route to 203.109.65.1

CropperCapture[1].jpg
CropperCapture[1].jpg_thumb

Yes these are manually entered (not the ISP-assigned ones) via System → General

Here's WAN1 interface

WAN2

Gateways

GW group

Routing LAN→WAN via HAroute

am I doing something wrong??