Answered my own question. It looks like this is the result of having incorrect PPPoE credentials (The ISP gave me the wrong realm name).

use another USB-port. You are booting from a USB 3.0 (blue). You need to use one of the USB 2.0 (black) in stead.

They have different color. Go for the black ones. Not hte blue ones.

https://forum.pfsense.org/index.php?topic=75015.0

It's never too late to start learning.
Looking at Windows 10 these days, I'd advise everyone to start considering open source alternatives for desktop. But that's another story.

I never tried squid on pfsense, I played with it once on a Linux box, and I had two problems with it:

As far as I can see in pfSense forums, most of the issues people have with squid here arise from these two problems, and it also seems to make the whole system less stable, and harder to keep up to date.

Pound is a very easy and straightforward piece of software. It just does what it should and that's it - and that's exactly what I need, nothing more. I really wonder how come nobody made a package for it yet, I even considered once I should make one, but you know, making pfSense packages these days is a real pain in the ass.

As for websites requiring client certificates for strong authentication - look for Apache, and forward them with pound directly. I didn't do things like this yet, so I'm not aware of details, but I guess it shouldn't be too difficult.

You could probably get by just fine on 1 GB with that small configuration.

This is caused by pfsense trying to send his UUID with User-Agent on GET command

If you UNCHECK the "Do NOT send HOST UUID with user agent", it will work

Thanks again for your reply.

I understand that there are "auto" firmware options "System, Firmware, Auto Update" for example.  From console as well, as you seem to be suggesting.

I am setting up this box as a replacement firewall and configuring as much as possible before connecting to my WAN/LAN.  So, right, I am not connected to the internet while doing so.  Does not seem to be such an unusual setup plan to me…

Cheers,

Todd

Why would it not just go Verizon Fios ONT –-> MX64 - switch?

Why do you think you need 3 different routers/firewalls?

Or if you want to use pfsense

Verizon Fios ONT ---> pfsense - switch?

Thats exactly what i thought.

I mean 512mb ram will be enough mine is running virtual at the moment with vpn for clients and tunnels and its using 100mb ram so should be ample.

Thanks for the response.

I might get a X500 for my dads house and an X1000 for me as slightly faster hardware

@David_W:

There might be some sort of deterioration in the physical line between you and the ISP, especially if you are using DSL. Moreover, DSL modems sometimes go bad.

One of those would be my guess given it started getting spotty for no apparent reason with no changes made, continued and gotten worse over time.

Hi
I don't think it's a fan problem, but we need evidence of what processes are running and what your CPUs are busy doing.
Here is mine for example… (Diagnostics menu / system activity)

last pid: 85388;  load averages:  0.00,  0.01,  0.00  up 171+01:28:55    20:04:35
151 processes: 5 running, 120 sleeping, 26 waiting

Mem: 35M Active, 292M Inact, 258M Wired, 52K Cache, 279M Buf, 3357M Free
Swap: 8192M Total, 8192M Free

PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND
  11 root    155 ki31    0K    64K CPU3    3  25.4H 100.00% [idle{idle: cpu3}]
  11 root    155 ki31    0K    64K CPU2    2  25.4H 100.00% [idle{idle: cpu2}]
  11 root    155 ki31    0K    64K RUN    1  25.4H 100.00% [idle{idle: cpu1}]
  11 root    155 ki31    0K    64K CPU0    0  25.3H 100.00% [idle{idle: cpu0}]
81695 root      22    0  223M 31856K piperd  0  0:00  0.68% php-fpm: pool lighty (php-fpm)
    0 root    -16    0    0K  192K swapin  0  2:09  0.00% [kernel{swapper}]
  12 root    -92    -    0K  416K WAIT    0  1:17  0.00% [intr{irq24: bge0}]
    6 root    -16    -    0K    16K pftm    0  1:15  0.00% [pf purge]
9196 proxy    20    0  220M  105M kqread  1  0:53  0.00% (squid-1) -f /usr/pbi/squid-amd64/local/et
  12 root    -92    -    0K  416K WAIT    2  0:47  0.00% [intr{irq25: bge1}]
  12 root    -60    -    0K  416K WAIT    3  0:30  0.00% [intr{swi4: clock}]
  23 root      16    -    0K    16K syncer  0  0:27  0.00% [syncer]
  12 root    -88    -    0K  416K WAIT    0  0:21  0.00% [intr{irq16: uhci0 uhc}]
46258 root      52  20 17136K  2348K wait    0  0:20  0.00% /bin/sh /var/db/rrd/updaterrd.sh
24844 root      20    0 12456K  2128K select  3  0:13  0.00% /usr/local/sbin/apinger -c /var/etc/apinge
20836 root      20    0 16804K  2304K bpf    2  0:11  0.00% /usr/local/sbin/filterlog -i pflog0 -p /va
59435 root      20    0 14656K  2336K select  1  0:09  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v
  15 root    -16    -    0K    16K -      0  0:09  0.00% [rand_harvestq]

If you can do the same, we can see where the CPU cycles are being used, which will cause the CPU to warm up.

Whenever a package resync is triggered, the cron tasks are recreated. No intrusion in there.

Sadly, I have the same issue, did you solve your problem?

C

Would a reboot have sold the problem too?

Very likely, OpenVPN  tries to keep itself alive through many scenarios but there are a few that require an explicit "Kill-Restart".

Once back up and running it should be very stable.

Thanks for reply, this gives me a picture of this mechanism. I will configure it tomorrow and test it, and later I will think about usage for each connection.

I might be lucky, because both connections are from the same ISP, I might be able to negotiate to summarize all usage and divide it on half and half for each connection - this would be the best solution in this configuration.

I was only worry that if I ask them to divide it on half then at the end of month I would find out that one connection is already reach the limit and on another I still have like 20% left to use and I was wondering how it would affect service quality for every single user. I dont want them to come to me and complain that at the end of month in one moment they can watch youtube with 2Mbps and in another moment (another movie) with 256Kbps.

So you know how to burn iso, but not how to verify your sum?  What I can tell you is the hash checks fine, and iso boots just fine..

hashchecks.png_thumb
hashchecks.png
bootsfine.png
bootsfine.png_thumb

@divsys:

Anybody have already try this configuration ?

Unfortunately, as robi mentioned it's going to depend completely on your modem - Make, Model, and probably your ISP as well.

Without that info, we have no idea what interpretation of "DMZ" you're dealing with.

On consumer grade modem +adsl  what op says it's true at least in my limited experience.

@SaschaITM:

I have to relocate a pfSense install to different hardware. The recommended way of doing this seems to be the config backup/restore routine, but as far as I can see this is missing stuff like Squid logs, Sarg reports, etc. . I'd like to have these on the new machine, if that's possible at all.

Could this be done by restoring a full backup created with the /etc/rc.create_full_backup script? The tgz archive created by that script seems to include the full file system. If I install the same pfSense version the backup was made with on the new machine and restore the backup with /etc/rc.restore_full_backup, will I get a working "clone" of the old system? Has any of you guys migrated pfSense to new hardware like that?

Will you also be replacing the harddisk?  Bad is not like Windows to scream when harddisk is attached to different system..

Or clone disk and plug in other machine reconfigure interfaces and test before migrating..