Yes, I agree (2) is a risk but if you have a test box hardware related problems should be found during proper use case acceptance testing. I learned this the hard way upgrading from 2.2RC to 2.2 Release without adequate use case testing. In the event of an unpatchable hardware specific vulnerability, second hand kit capable of running pfSense is both cheap and abundant.

@phil.davis: The bandwidthd issue is bug https://redmine.pfsense.org/issues/3986 If anyone can work out what is causing that interaction with PHP-FPM and even better, how to fix it, you will be a hero! I would live without bandwidthd, and maybe your troubles will all og away. Yeah I saw that last night, lots of error messages in the syslog, I thought I had everything working but the DHCP service tanking, not sure what the heck is going on.  I could get on the web gui but restarting DHCP service didnt appear to be working, was just acting funky.  Kind of like BandwidthD but something is not happy with my configuration, so I might uninstall most of the packages and just get back to the basics and see what that does, when things have been stable for so long kind of a bummer to have things not like they were…. I will be poking around when I get home and see if its still working...

And yes 100% tested ok now  just switch off the BIOS com serial comport and it will boot

I tried it again and it worked. Not sure how long it took since I left the room. Its the 3rd time I posted about this and you are the first one mentioning this. I really appreciate it. Thanks.

@cmb: How is your bridge assigned, or is it assigned at all? The sysctls you're using are opposite the default, so you must assign the bridge. There were some bridge configs in 2.1x and prior versions that could work even though they were wrong in that regard. @opalit: Version 2.0.3 had one of the few IPsec VPN servers that not only did site to site VPN but also IPsec for road warriors and it supported Iphone/Ipad VPN as well as Shrewsoft. All that works in 2.2x versions too. See Pictures in other posting

Possibly this: https://doc.pfsense.org/index.php/UpgradeGuide#Old.2FBroken_GEOM_Mirrors Steve

You cannot flash this on any Linksys router. pfSense is i386/amd64 only, plus requires at minimum 1GB of flash memory for the smallest embedded install available.

Here's a way to install pfSense on the HP thin clients without having to remove the DOM from the client: https://forum.pfsense.org/index.php?topic=87606.msg481510#msg481510 You need a USB stick to boot from. Tested on tens of t5730s, I guess it should work the same with t5740 also.

Key management can be a hassle, yes.  Not too bad for those who actually try to verify the integrity of their downloaded firewall software prior to use.  Only a few people have to be doing it.  They can raise the flag if they see something amiss. You can stop trying to convince me of all the reasons this is not a good idea.  You are wrong.  It's the best, currently-available solution to the problem.  Yes, they should also DNSSEC. They should also PGP sign their announcements.  Even if posted to the forum or blog there should be at least a link to the PGP-signed version.

Fresh install 2.2 with PuTTY. Alix HW output reads with 9600 or 38400. pfSense 1st boot & base setup output works with 115200. Until you've set 38400 in webgui.

Whow… solved... it works after a reboot... ::) Sorry... Pascal.

I hate to dredge up this really old post, but I'm seeing this as well, and I can't seem to find that anyone figured out a solution. Oddly enough, it is only happening on one of our pfSense installs (we have 11 running 2.2.1).  Of course, it is the one at our main corporate office, which means I'd like to get meaningful non-doubled bandwidth usage numbers from SNMP. One thought I had - this is also the only box we have running ipv6 and ipv4.  All of the others are ipv4 only. Any thoughts?

@doktornotor: (Not sure how's squid relevant here, by using the SSL bump junk in Squid, you are breaking all certificates intentionally, SANs are the least of your concern here…  ::)) I'm under active directory, pfsense is a C.A. for all my clients, so the single-name certificate is well-working! My problem is the SANs certificates (facebook, gmail and so on…) because my browser recognize valid only the common name  :o When a website serve a certificate with CN different from its hostname the match fails, also if in the original certificate there is its hostname in the alternative names (SAN).

@Waggles: Is it because it's faster or more efficient if a switch handles the traffic from the WAP when on the same subnet? Both. I'm in the same boat as the OP in that I bought one of the cheap i350 4 port NICs (~$120 on Ebay) as well.  I ended up putting the WAP on the switch, but I initially intended to put it on the NIC.  At the moment, 2 ports on the NIC are not in use.  Placing it on the NIC seemed like the logical choice since that's how I set it up on every router I've used at home (D-Links to Zyxel USGs). Thanks for the input. Home/dedicated routers often have dedicated internal hardware to make the use of multiple NIC ports in a bridged fashion more efficient than the general purpose approach of pfSense. Passing all your NIC traffic through the internal PCI/System data bus is less efficient, but gives far more flexibility in what hardware/packages can be used with pfSense. I know sometimes it feels like you're "wasting" a NIC in pfSense just because it doesn't get used, but at the current price of a reasonably good switch (10's of$) it's lousy bang for the buck trying to internally bridge pfSense NIC's just to save on a switch.  ;)

I would still try hooking the drive up to a different system and see if you can access anything.  Your problem may well be a bad P/S and the drive is fine.

Thanks cmb. I'll check it out in the morning.

You have to compare the HASH of the downloaded file with the CONTENTS of the hash files, not the HASHES of the hash files. $ openssl dgst -sha256 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz SHA256(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539 $ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.sha256 SHA256 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539 $ openssl dgst -md5 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz MD5(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 11f1294a63c376e93538bdbffc05154d $ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.md5 MD5 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 11f1294a63c376e93538bdbffc05154d