Just a follow-up… I fixed it by plugging the cable modem right into the ESXi host vmnic, as opposed to plugging both cable modem & ESXi host in to switch ports in the same VLAN off the 2960. CDP/LLDP/keepalives were off, so not sure what caused it, but it's resolved.

Holy moley GhostBSD is really nice! And worked perfectly, thanks!

This:
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

@jwelter99:

I'd setup at least two vlans - one for the pc's and another for the VOIP traffic.  Once you have it setup to break this traffic across the 2 plans you may find other logical groups your want to segregate onto a vlan.

This allows you to be more selective on your firewall rules - e.g.: voip has a different footprint versus desktop pc's, etc.

As for switches you want to reduce hops when possible.  So I'd have a root switch that plugs into the PF sense box, and all your other switches plug into that switch.

That's exactly how I would do it also.

Did you ever get to the bottom of this? I am getting the same error message in dhcpd.log (unable to add forward map REFUSED) and DHCP leases aren't getting registered in DNS.

EDIT: Looks like I had some DHCP reservations on an old unused interface that were conflicting. I removed the reservations, restarted the DHCP service, then new leases seemed to get their reverse maps properly added. To force update all the existing leases I un-checked "Register DHCP leases in DNS forwarder" under DNS Forwarded, applied, then re-checked it and all my leases showed up.

My apologies for the necro-post, but I couldn't find hardly any info on this issue except this thread. Hopefully this will help someone else. :)

If you can see traffic going, approximately equally, on all 4 WANs then the load balancing is working correctly. It may be that you are hitting some other limit further upstream. The modems you're using appear capable of 150Mbps if the correct data network is available. Do you know what data network type your ISP is providing?
I don't have much experience with mobile broadband but when I have used it I found I was able to get close to the advertised bandwidth only at times of day when nobody else was using it. You might be better trying to use either different cells for each modem (directional antennas?) or different networks.

Steve

@voxmagna1:

Hi, I was wondering if members could say which USB NICs are working with pfsense?

I have one which configures o.k with zeroshell bound to PPPoe, but pfsense will not autodetect it.

The strange thing is I can see it getting picked up in the boot screens and if I unplug and replug it I get the line ugen4.4 <realtek>at usbus4 (disconnected)</realtek> so pfsense knows something is there.

It is a clone of something and has no NIC name in its firmware.

Works fine for me, dont need anything faster as our broadband is not very fast.

http://plugable.com/products/usb2-e100

do your lan clients have their gateway set to pfsense ?

does your openvpn-client-device have a route for the lan-subnet by the tunnel (the defaultv openvpn client for windows, needs to be run "as administrator' to be able to SET the routes)

did you try turning off windows-firewall (for testing). It is known to block pings outside its own subnet.

Same error here with a new install.
Any ideas out there?

A lot more info please.  ;)
Where is pfSense in this setup? Is it running Squid? Squidguard? What firewall rules do you have? Where are you testing from?
What do you see in the firewall logs when the "app" in blocked?

Steve

what was the solution here? can someone update?

I've come across this problem once. I had left the network cables plugged in and it just hung on 38%. Only figured it out when I backtracked to what I had done before and what I was doing now and realized that the network cables being unplugged/plugged in were the only difference.

You don't want the memstick version. That acts exactly like the install CD, it will run live but won't remember any changes.
Use the NanoBSD version.

Steve

bump. Do you want to use squid cache on a separate disk (msata) ? If so im also looking for the answer.
im running the enbedded version on a SD card but would like to use my msata disk for cache. Does anyone know how to achieve this?

Noting the version of Firmware for the Raid Controller between the 2 systems.

The working system was running Perc 6i Integrated with firmware 6.3.3-0002
The non working system was running Perc 6/i Integrated with firmware 6.3.0-0001 and 6.3.1-0003

However when i tried to find 6.3.3-0002 for a Perc6i on Dells Support site under PowerEdge 1950, i could not find it. I then searched Dells site specifically for Perc 6i firmware, and found the proper version 6.3.3-0002 (note NOT for a PERC 6E, but PERC 6i).

Booted to a live CentOS disk, upgraded the firmware and viola, success!

Below is the link to the proper firmware:

http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=F96NR

This can be marked as Solved.  I see that many people out there find this same issue, and i hope they find this.

Thanks.  Flashing a spare 4 GB Transcend 300x CF to the 2.1.5-RELEASE worked fine.  I imported the configuration I had saved before I started, and I was off and running.  Two mistakes I made that slowed me down were 1) to forget to expand the image before flashing it, and 2) to flash the upgrade version, when I should have flashed the full install.  As a backup during this process, I kept the original Kingston 4 GB 133x CF that shipped with my unit.

Just as an example figure an Atom D510 will push ~50Mbps of VPN traffic. That's software only.

Steve

What OS was running on the Asus when you tested?

Its just before rack servers with quad ports existed I had some of these quad port intel nics in windows servers 2003 and either the MS drivers coming from the windows update or Intel drivers would not work properly, although I think it was the MS drivers which didnt work properly from memory.

So even though your Asus might have appeared to have worked, not all features on the card may have worked.

FWIW.

@heper:

i wouldn't know why there would be a difference between up or downstream on your VM. are you seeing a difference in CPU usage between up or downstream ?

are you sure you don't have limiters / shaping configured on pfsense?

No limiters, no CPU difference, I put my AC66u router back in place and have the same upload restriction…  I think its an issue with Verizon.. sorry to jump the gun.  Always speed test before and after!

There are not any known issues with logging on 2.1.5, but it's possible something has corrupted your log files.

rm /var/log/*.log and then reboot, it should start working again.