The router in front of pfSense has to have a NAT rule to pass along the incoming VPN connection.

If you use the VPN server from pfSEnse, no.

Can't tell. I do not have a clear view your network. But, as always, a VPN - and surround firewall - with a good setup doesn't "leak".

Let's Begin!

1.) Start by downloading one of these certificates to your computer:
…...

This is a joke or what https://www.privateinternetaccess.com/forum/discussion/29231/tutorial-setup-pia-on-pfsense-2-4-2 ?

Looks like I may have found the issue. Under System > Advanced > Miscellaneous > RAM Disk Settings - I unchecked the "Use memory filesystem for /tmp and /var" and the issue seems to have gone away, with the CPU idling around 17% - but only time will tell.

More like every week ;)

Hi,

thanks for your advice.

Sorry for the late reply, I was on holidays for a week.

When I came back and checked the update status of the box it offered me to upgrade to the 2.4.2_1.

And no, as I was on holidays I really did not change anything!

As soon as I clicked on the "upgrade now" it still does not offer to upgrade.

This is the dashboard:```
2.4.2-RELEASE (amd64)
built on Mon Nov 20 08:12:56 CST 2017
FreeBSD 11.1-RELEASE-p4

Version 2.4.2_1 is available.
Version information updated at Sun Feb 11 19:30:25 CET 2018

In System -> System Update (After clicking on the blue cloud to download) it says:``` 2.4.2 Latest Base System 2.4.2 Status Up to date.

So obviously there is an issue- one page shows I can upgrade while the next says it is up-to-date.

Unfortunately I cannot use the option to start the upgrade through ssh as I am remotely (and ssh connection will brake when updating remotely).

Does someone know what the URL for the upgrade check is? Perhaps there is a DNS glitch or proxy issue.

Thanks for ideas!
/KNEBB

Well I answered my own question.  When I installed and booted it told me my VLAN parent interfaces no longer existed and I had to fix.  So I set all the interfaces and hit save and seemingly nothing happened.  A freeze up.  I scratched my head and tried again and then again and then I actually looked at the VGA monitor instead of the webconfigurator and saw the word "reboot".

It saved the config and then rebooted…........and came back alive with a new IP address.  D'oh.  I did it right the first time.

I'll yank the SG-2220 tomorrow and install the new device.  Should be plug and play at this point.

i just uploaded the next crash dump from the same IP address.
I thought I caught the problem: After removing all traffic limiter things seemed to get better. But after connecting our second WAN and our LTE connection reboot failed. Next boot was successfull and brought the mentioned crash dump.

I think that ISPs can impact the reliability of resolver.  I don't really care what anyone thinks about that.

I think some ISPs are living in the 80s and 90s and just havent dropped some bad practices, like blocking all dns other than their own.

I got this working. I didn't have the DHCP turned on on the WAN side. It has to be done on the command line interface and I didn't see where to do this until this morning because its buried a bit. Thanks for all the replies.

No. LiveCD has been discontinued. Install to a disk (or even to another USB thumb drive) and run it that way.

@gtoso:

Hi,
I have a similar problem but not with BRIDGE but LAGG (with LACP enabled).
the problem started after the upgrade of one of two firewall in CARP from 2.3.4p1 to 2.4.2p1.

Could it be related to this bug?
ASAP I will try to better describe my problem.

Sorry, I forgot a BRIDGE between an OpenVPN TAP and an interface.
Now I'm trying after removing the bridge.

Thanks.

EDIT: I confirm more than 2 hours whitout problems.
So even a bridge little used not assigned as interface, that include an interface with an IP CARP triggers the problem.

Use "Policy Routing" https://doc.pfsense.org/index.php/What_is_policy_routing

(same answer to your other Topic/Post) https://forum.pfsense.org/index.php?topic=143742.0

Sure why don't we just re-write all the docs and forum posts right here in the thread for the ease of a 1 post wonder - sounds like a fantastic use of my time ;)

https://doc.pfsense.org/index.php/Installing_pfSense
https://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy
https://doc.pfsense.org/index.php/OpenVPN

When you say natting do you mean port forwarding?
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

etc. etc..

After you have gone through the docs - better yet, maybe buy the book ;)  If you have any specific questions come on back and be happy to help.

I would still consider it experimental on pfSense. We do not have any automated jobs setup for maintaining ZFS pools/volumes or any GUI controls for handling drive status/replacement.

For most it will work fine without any issues, but there are cases where it needs work to improve its integration into pfSense

@kejianshi:

Well, I was just wondering if this guy was using something free and simple like vmplayer, which can make reaching your LAN address a pain.

hi yes, I am using VMPlayer. Will this caused any issue? Or limitations on what I can monitor?

In that case, what would you recommend me to use?

Still broken:

Fatal error: Call to undefined method altq_root_queue::GetParent() in /etc/inc/shaper.inc on line 230 PHP ERROR: Type: 1, File: /etc/inc/shaper.inc, Line: 230, Message: Call to undefined method altq_root_queue::GetParent()