I have also updated to a snapshot which has the lines moved - unfortunately not a real improvement.
I have tried switching to direct IPv4 addresses which seems to work, so yet the problem somewhere lies with DNS.

As I used to add a CNAME to our DCs (ntp1 and ntp2) I don't know if it's related to the usage of that yet.
I'lld try to add a host override too locally to see if it's taking too long for the local resolver to get an answer.

On my main system which does not exhibit the issue the default max table entries is 200000.
This system is an old DELL Insprion 5100 notebook with 2GB RAM.

On the system that exhibited the problem the default max table entries was only 100000.
That system is an i3 NUC with 8GB RAM.

I'm thinking there is a problem with the default size calculation.  Perhaps a variable that needs to be a larger data type.

With WiFi and LAN bridged, the pfSense software is not going to be examining the detail of packets between WiFi and LAN. It will simply be forwarding packets back and forth between the 2 interfaces,  so that they look like one. It will only be when pfSense talks to the client itself that the static ARP comes into play.

building in a jail doesn't work last I knew. It used to take several patches to the jail system to allow things we need to work properly. I'm not sure what the current state is though.

As nice as that sounds, it's probably not really all that necessary except from a theoretical/unit testing type perspective. In reality most builders keep going indefinitely and don't need much prodding. The case with pcre would be unnoticed by someone who didn't update their ports tree or rebuild pfPorts. We could have kept building with what we had indefinitely, but the ports would have been outdated.

In our colo we do have several "base" VMs that we clone from when making new builders, but they can also get a little stale now and then.

Ok,

Well I bit the bullet and did a complete reinstall of pfsense i386 dec 8 build and restored my configuration. This has seemed to fix the bandwidthd problem of viewing the graphs.

Conclusion.. upgrading from the stable 2.01 build to the 2.1 nightly build can cause issues. I suspect as mentioned in my other post

http://forum.pfsense.org/index.php/topic,56788.0.html

that it has to do width multiple versions of the same dependency files ie:png or libconv

Sounds like we're missing input validation to prevent unsupported configs in the underlying relayd, you can't have v6 on one side and v4 on the other.

HI. Using of the the latest snapshots i'm getting some security and browsing issues with the latest pfsense snapshots and squid3 package.

I have to say that latest pfSense snapshots look and work even better than pfSense 2.0.1 so i'm using the latest snapshots for production environment even if tons of people want to suggest me not to.

The only issue i'm having is with Squid3 installed from pfSense packages.
No matter what setting i put i always have issues logging into facebook. Sometimes it does logs in but then it doesn't work properly. Sometimes even shows me other clients facebook walls but soon it requires me to log in.
That means that i can actually have a preview of other facebook walls that belong to other people without logging into theirs.

Sometimes it just tries to log in but then facebook tells me i have cookies turned off!

Below this i pasted the squid setting i have been using for several months and worked always good.

A nice gentleman in this forum told me to set dns_v4_first on; (default is off) to make sure https works fine in IPv4 networks but no matter if dns_v4_first is on or off the facebook login issue is still there.

GMAIL, HOTMAIL and other HTTPS websites didn't work at all until november 2012 when somebody fixed the latest squid package. Now it works with GMAIL, Hotmail and stuff but with facebook there are still issues. Maybe there are problems with other https websites as well but i could not test squid3 as much to find out more.

This is my squid configuration setting: please tell me if there is something that could affect HTTPS compatibility and caching efficiency.
Note that this is the most aggressive caching config i could set for squid.
It always worked fine until i used the latest squid3 packages.
It also works fine with squid 2.7 and Lusca cache.

refresh_pattern -i .$ 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http:// 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://. 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://... 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://...-* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://...-.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://...-.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://....* 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://....- 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://....net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.gg.in.th 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://.org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www.....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www.....net 99999 999999% 99999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www....com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www....net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www...co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www...com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www...in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www...net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www...org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www..co.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www..in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www..net 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^http://www..org 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^https://.com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^https://.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^https://www..com 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i ^https://www.*.in.th 99999 999999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(3g2|3gp|asf|asx|avi|divx|flv|iff|ifo|m3u|m4a|m4v|mov|mpa|mpeg|mpe|qt|qtm|viv|mpg|ogg|rm|rmvb|scr|swf|vob|wmv|x-flv|xvid)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate override-lastmod store-stale;
refresh_pattern -i .(aif|aiff|amr|cda|mid|wav|wma|midi|au|ram|ra|snd|mp2|mp3|mp4)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(3dm|ai|ani|art|bmp|cdr|cdt|cmf|cur|drw|dwg|dxf|eps|eps2|gif|icl|icm|ico|indd|jpeg|jpg|jpe|max|pct|pcx|png)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(ps|psd|psp|qxd|qxp|rels|svg|tga|thm|tif|tiff|wmf|wrl|xbm|xcf|xif|yuv|pnm|pbm|pgm|ppm|rgb|xpm|xwd|pic|pict)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(accdb|bfc|cbr|chm|csv|db|dbf|doc|docx|dot|hlp|kml|Kmz|lab|log|mdb|msg|odt|ost|pages|pdb|pdf|pps|txt|ppt|pptx|pst|pub|rtf|wpd|wps|wri|xlr|xls|xlsx|xlt)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(app|bat|cmd|com|exe|gadget|msi|pif|vb|wsf|torrent)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private reload-into-ims ignore-must-revalidate refresh-ims override-lastmod store-stale;
refresh_pattern -i .(8bi|bin|cat|cpl|dbx|dll|drv|gam|hex|hqx|lnk|nes|plugin|reg|rom|sav|sys|xll)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(arj|sit|zip|rar|rgz|psf|lzh|lha|cab|tar|tgz|gz|Z|wp|wp5|7z|pkg|rpm|sea|sitx|tar.gz|zipx|prn|srf|tex|latax|gpf|upd|jar|bz2|gzip|ace|kf|a[0-9][0-9]|r[0-9][0-9])$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(fnt|fon|otf|ttf)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(dmg|iso|toast|vcd)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(api|bas|c|cbl|class|cpp|cs|dtd|fla|java|m|pl|py|vbx)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(bak|bup|cdl|cfg|dat|deb|dss|dvf|efx|emf|eml|gho|gpx|ini|key|keychain|m4b|m4p|mcd|mim|mswmm|ori|prf|ptb|qbb|qbw|raw|sdf|ses|sql|ss|tmp|uue|uxx|vcf|xml|xsl|xtm)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i .(ht|htm|html|shtml|xhtml|css|js|jsp|asp|cer|cgi|csr|part|php|phtml|rss)$ 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern ^gopher: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern ^ftp: 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern . 99999 99999% 9999999 override-expire ignore-no-cache ignore-no-store ignore-reload ignore-private ignore-must-revalidate reload-into-ims refresh-ims override-lastmod store-stale;
refresh_pattern -i (/cgi-bin/|?)$ 0 0% 0;
tcp_outgoing_address 127.0.0.1;
max_filedescriptors 65536;
quick_abort_min 0 KB;
quick_abort_max 0 KB;
quick_abort_pct 0;
ie_refresh off;
client_db off;
range_offset_limit 0;
reload_into_ims on;
retry_on_error on;
via off;
refresh_all_ims on;
half_closed_clients off;
vary_ignore_expire on;
strip_query_terms on;
server_persistent_connections on;
ipcache_size 16384;
fqdncache_size 16384;
log_fqdn off;
positive_dns_ttl 999 hours;
negative_dns_ttl 999 hours;
negative_ttl 999 hours;
dns_v4_first on;
pipeline_prefetch on;
maximum_object_size_in_memory 384 KB;

Ok, my fault, i misunderstood your post.

If i have time this w-e, i'll try to use the latest x64 image with my config and see if it works and if the gateway is showing.

It is only one port card Gigabit ethernet

I'm not sure if that's what you want to do, but did you try the checkbox
Interfaces –> name_of_interface --> "Enable Interface"

All rules for this interface won't be deleted and are still there if you enable the interface again.

Something seems to be moving afterall in the ipsec-tools front:

http://sourceforge.net/mailarchive/forum.php?thread_name=20121212115419.1e94b02b%40vostro&forum_name=ipsec-tools-devel

The patches applied since the original mail are:

2012-08-29  Timo Teras <timo.teras@…>* src/racoon/isakmp_inf.c: From Roman Hoog Antink <rha@...>:
          Accept DPD messages with cookies also in reversed order for
          compatiblity. At least Cisco 836 running IOS 12.3(8)T does this.

* src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: add
          remote's IP address to the "certificate not verified" error message.

* src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: do not
          print unnecessary warning about non-verified certificate when using
          raw plain-rsa.

* src/racoon/isakmp.c: From Rainer Weikusat
          <rweikusat@...>: Release unused phase2 of
          passive remotes after acquire.

* src/racoon/isakmp.c: From Wolfgang Schmieder
          <wolfgang.schmieder@...>: setup phase1 port properly.

* src/racoon/: cfparse.y, cftoken.l, racoon.conf.5: Allow inherited
          remote blocks without additional remote statements to be specified
          in a simpler way. patch by Roman Hoog Antink<rha@...></rha@...></wolfgang.schmieder@...></rweikusat@...></rha@...></rha@...></rha@...></timo.teras@…>

According to the discussion, there are two last patches to be committed any day now:

Attached patch is a somewhat smarter X509 subject name compare.
X509 names may contain entries with different encodings (like UTF-8)
The old code (some copy from the ancient openssl 0.9.7 release)
did not handle that.
The new code does only handle stripping of the wildcards from the name
and let openssl do the compare of all non wildcard entries…

And another patch to check that building ipsec-tools is done with a reasonably recent OpenSSL 0.9.7 or newer

Thanks for your help wallabybob and cmb!

Your were right, IP was private. Luckily, for my current provider (www.drei.at) it is possivly to change from a private to a public IP just by setting this in your account options online. Interestingly "Open Internet" ist set to OFF as default… Found this information after browsing some local UMTS forums.

Now the NAT and firewall rule work as expected.

Here is the issue : https://redmine.pfsense.org/issues/2715

Thanks !

Thanks for the reply. I do realize there can be multiple builds daily. I should have specified that I tried updating multiple times from my current version to the version listed. I'm just going to try to update to today's latest build. I assumed it would eventually sort itself out, but I did want to let the community know what was going on. =)

@johnnybe:

Halt from GUI or console doesn't work as well. I still need to press the power button off/on.

I note proxy_monitor.sh. Try uninstalling squid and test. Then try installing the squid3 package instead.