Hi I don't think it's a fan problem, but we need evidence of what processes are running and what your CPUs are busy doing. Here is mine for example… (Diagnostics menu / system activity) last pid: 85388;  load averages:  0.00,  0.01,  0.00  up 171+01:28:55    20:04:35 151 processes: 5 running, 120 sleeping, 26 waiting Mem: 35M Active, 292M Inact, 258M Wired, 52K Cache, 279M Buf, 3357M Free Swap: 8192M Total, 8192M Free PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND   11 root    155 ki31    0K    64K CPU3    3  25.4H 100.00% [idle{idle: cpu3}]   11 root    155 ki31    0K    64K CPU2    2  25.4H 100.00% [idle{idle: cpu2}]   11 root    155 ki31    0K    64K RUN    1  25.4H 100.00% [idle{idle: cpu1}]   11 root    155 ki31    0K    64K CPU0    0  25.3H 100.00% [idle{idle: cpu0}] 81695 root      22    0  223M 31856K piperd  0  0:00  0.68% php-fpm: pool lighty (php-fpm)     0 root    -16    0    0K  192K swapin  0  2:09  0.00% [kernel{swapper}]   12 root    -92    -    0K  416K WAIT    0  1:17  0.00% [intr{irq24: bge0}]     6 root    -16    -    0K    16K pftm    0  1:15  0.00% [pf purge] 9196 proxy    20    0  220M  105M kqread  1  0:53  0.00% (squid-1) -f /usr/pbi/squid-amd64/local/et   12 root    -92    -    0K  416K WAIT    2  0:47  0.00% [intr{irq25: bge1}]   12 root    -60    -    0K  416K WAIT    3  0:30  0.00% [intr{swi4: clock}]   23 root      16    -    0K    16K syncer  0  0:27  0.00% [syncer]   12 root    -88    -    0K  416K WAIT    0  0:21  0.00% [intr{irq16: uhci0 uhc}] 46258 root      52  20 17136K  2348K wait    0  0:20  0.00% /bin/sh /var/db/rrd/updaterrd.sh 24844 root      20    0 12456K  2128K select  3  0:13  0.00% /usr/local/sbin/apinger -c /var/etc/apinge 20836 root      20    0 16804K  2304K bpf    2  0:11  0.00% /usr/local/sbin/filterlog -i pflog0 -p /va 59435 root      20    0 14656K  2336K select  1  0:09  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v   15 root    -16    -    0K    16K -      0  0:09  0.00% [rand_harvestq] If you can do the same, we can see where the CPU cycles are being used, which will cause the CPU to warm up.

Whenever a package resync is triggered, the cron tasks are recreated. No intrusion in there.

Sadly, I have the same issue, did you solve your problem? C

Would a reboot have sold the problem too? Very likely, OpenVPN  tries to keep itself alive through many scenarios but there are a few that require an explicit "Kill-Restart". Once back up and running it should be very stable.

Thanks for reply, this gives me a picture of this mechanism. I will configure it tomorrow and test it, and later I will think about usage for each connection. I might be lucky, because both connections are from the same ISP, I might be able to negotiate to summarize all usage and divide it on half and half for each connection - this would be the best solution in this configuration. I was only worry that if I ask them to divide it on half then at the end of month I would find out that one connection is already reach the limit and on another I still have like 20% left to use and I was wondering how it would affect service quality for every single user. I dont want them to come to me and complain that at the end of month in one moment they can watch youtube with 2Mbps and in another moment (another movie) with 256Kbps.

So you know how to burn iso, but not how to verify your sum?  What I can tell you is the hash checks fine, and iso boots just fine.. [image: hashchecks.png_thumb] [image: hashchecks.png] [image: bootsfine.png] [image: bootsfine.png_thumb]

@divsys: Anybody have already try this configuration ? Unfortunately, as robi mentioned it's going to depend completely on your modem - Make, Model, and probably your ISP as well. Without that info, we have no idea what interpretation of "DMZ" you're dealing with. On consumer grade modem +adsl  what op says it's true at least in my limited experience.

@SaschaITM: I have to relocate a pfSense install to different hardware. The recommended way of doing this seems to be the config backup/restore routine, but as far as I can see this is missing stuff like Squid logs, Sarg reports, etc. . I'd like to have these on the new machine, if that's possible at all. Could this be done by restoring a full backup created with the /etc/rc.create_full_backup script? The tgz archive created by that script seems to include the full file system. If I install the same pfSense version the backup was made with on the new machine and restore the backup with /etc/rc.restore_full_backup, will I get a working "clone" of the old system? Has any of you guys migrated pfSense to new hardware like that? Will you also be replacing the harddisk?  Bad is not like Windows to scream when harddisk is attached to different system.. Or clone disk and plug in other machine reconfigure interfaces and test before migrating..

nano has packages. You'd have to be running off the live ISO or memstick, not an installed system, to not have a packages menu.

@Phishfry: Is it harmful to flash a 1 GB image onto a 4GB card? No, and can be better because of wear leveling. https://doc.pfsense.org/index.php/What_are_the_512M,_1G,_2G,_and_4G_NanoBSD_files

This issue is know fixed. Thanks

System>Packages. If it's not there, you're running from the memstick or live CD and need to install it.

You'd be much better off just putting everything on the HDD RAID. The USB flash is more likely to fail, much slower, has no redundancy, and there's no benefit to putting it on the flash rather than the RAID.

There's no mix to add anything to. Make a configuration backup, get a bigger HDD, reinstall and restore the backup. P.S. Anything USB-based is strongly discouraged.

If the pfsense box has a LAN IP address of 192.168.10.1 and has IPSec server running or a OpenVPN server running that does NOT mean the clients that connect to it via VPN should receive an ip address in the 192.168.10/24 space. In our case we give VPN clients an IP address in the 192.168.20.0/24 address space and have NAT rules that just divert traffic and allow communication between the two address spaces. That is why I said "provided you have appropriate NAT rules". Separating out our address spaces allows us to prioritize traffic and apply filtering rules slightly easier.