@cmb:

How is your bridge assigned, or is it assigned at all? The sysctls you're using are opposite the default, so you must assign the bridge. There were some bridge configs in 2.1x and prior versions that could work even though they were wrong in that regard.

@opalit:

Version 2.0.3 had one of the few IPsec VPN servers that not only did site to site VPN but also IPsec for road warriors and it supported Iphone/Ipad VPN as well as Shrewsoft.

All that works in 2.2x versions too.

See Pictures in other posting

Possibly this: https://doc.pfsense.org/index.php/UpgradeGuide#Old.2FBroken_GEOM_Mirrors

Steve

You cannot flash this on any Linksys router. pfSense is i386/amd64 only, plus requires at minimum 1GB of flash memory for the smallest embedded install available.

Here's a way to install pfSense on the HP thin clients without having to remove the DOM from the client:
https://forum.pfsense.org/index.php?topic=87606.msg481510#msg481510

You need a USB stick to boot from. Tested on tens of t5730s, I guess it should work the same with t5740 also.

Key management can be a hassle, yes.  Not too bad for those who actually try to verify the integrity of their downloaded firewall software prior to use.  Only a few people have to be doing it.  They can raise the flag if they see something amiss.

You can stop trying to convince me of all the reasons this is not a good idea.  You are wrong.  It's the best, currently-available solution to the problem.  Yes, they should also DNSSEC.

They should also PGP sign their announcements.  Even if posted to the forum or blog there should be at least a link to the PGP-signed version.

Fresh install 2.2 with PuTTY. Alix HW output reads with 9600 or 38400. pfSense 1st boot & base setup output works with 115200. Until you've set 38400 in webgui.

Whow… solved... it works after a reboot... ::)
Sorry...
Pascal.

I hate to dredge up this really old post, but I'm seeing this as well, and I can't seem to find that anyone figured out a solution.
Oddly enough, it is only happening on one of our pfSense installs (we have 11 running 2.2.1).  Of course, it is the one at our main corporate office, which means I'd like to get meaningful non-doubled bandwidth usage numbers from SNMP.

One thought I had - this is also the only box we have running ipv6 and ipv4.  All of the others are ipv4 only.

Any thoughts?

@doktornotor:

(Not sure how's squid relevant here, by using the SSL bump junk in Squid, you are breaking all certificates intentionally, SANs are the least of your concern here…  ::))

I'm under active directory, pfsense is a C.A. for all my clients, so the single-name certificate is well-working!
My problem is the SANs certificates (facebook, gmail and so on…) because my browser recognize valid only the common name  :o
When a website serve a certificate with CN different from its hostname the match fails, also if in the original certificate there is its hostname in the alternative names (SAN).

@Waggles:

Is it because it's faster or more efficient if a switch handles the traffic from the WAP when on the same subnet?

Both.

I'm in the same boat as the OP in that I bought one of the cheap i350 4 port NICs (~$120 on Ebay) as well.  I ended up putting the WAP on the switch, but I initially intended to put it on the NIC.  At the moment, 2 ports on the NIC are not in use.  Placing it on the NIC seemed like the logical choice since that's how I set it up on every router I've used at home (D-Links to Zyxel USGs).

Thanks for the input.

Home/dedicated routers often have dedicated internal hardware to make the use of multiple NIC ports in a bridged fashion more efficient than the general purpose approach of pfSense.

Passing all your NIC traffic through the internal PCI/System data bus is less efficient, but gives far more flexibility in what hardware/packages can be used with pfSense.

I know sometimes it feels like you're "wasting" a NIC in pfSense just because it doesn't get used, but at the current price of a reasonably good switch (10's of$) it's lousy bang for the buck trying to internally bridge pfSense NIC's just to save on a switch.  ;)

I would still try hooking the drive up to a different system and see if you can access anything.  Your problem may well be a bad P/S and the drive is fine.

Thanks cmb. I'll check it out in the morning.

You have to compare the HASH of the downloaded file with the CONTENTS of the hash files, not the HASHES of the hash files.

$ openssl dgst -sha256 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz
SHA256(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539
$ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.sha256
SHA256 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539

$ openssl dgst -md5 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz
MD5(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 11f1294a63c376e93538bdbffc05154d
$ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.md5
MD5 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 11f1294a63c376e93538bdbffc05154d

@Wolf666:

Let's do it simple.

Taken into account you have a working pfsense WAN IP, got via DHCP.

Set:
1 - pfSense (LAN) IP 192.168.1.1/24 - set DHCP server scope 192.168.1.100 - 192.168.1.150 (if you need DCHP)
2 - Linksys IP 192.168.1.2/255.255.255.0 (disable NAT and DHCP server), set default gateway 192.168.1.1.
3 - Connect pfSense LAN to any LAN port of Linksys, also linksys WAN port should work if AP mode is supported.
4 - Connect the Switch (if you need) to a spare Linksys' LAN port.

Now any wired, wireless client should receive an IP from pfSense DHCP or, in case you are using static mappings, use their own IP  (set them between 192.168.1.3-99 and 192.168.1.151-254, outside DHCP scope).

ALL your LAN is inside 192.168.1.0/24.

Check your outbound nat, check firewall rules.
Let us know if this simple configuration works.

Thank you so much Wolf666! It worked! I did what you suggested and turned on the enabled Dynamic Router RIP, then after that I switched my WAN intel nic to LAN, and LAN tp-link nic to WAN, then it worked! I saw some lights on the tp link nic was not blinking (there are 3 blinking lights, only 1 is blinking) so I tried to switch it to WAN. Then it worked! Thank you wolf666! I'll study this to learn more about pfsense.  :)

Did you install bandwidthd?

There are occasional uses for them but it's cases where pfSense is not acting as a router but as an endpoint (e.g. stand-alone appliance for DHCP, DNS, etc).

It's not a deficiency in the hardware or the OS, it's just that TSO and LRO are not intended for use on a firewall/router. The details are on the wiki.

Today I reinstalled the 2.2.1 fresh. Still no joy. the msk0 driver was doing his show and taking the WAN port down.
When I use an Intel NIC em in the everything is cool. I ordered a new Dual Intel NIC.

Lesson learned:

FreeBSD needs Intel NIC, all the others will ruin your day soon or later. Never trust the automatic pfSense update.