How do you know it worked for 10-15 and you were not just getting something cached. When you have a query that doesn't work - then follow it, its really pretty basic stuff.. You query AD server 192.168.1.100 for example.  If it doesn't have it cached it will walk the tree of roots down to the authoritative server for whatever domain your doing a query of.. Simple enough to sniff on the lan interface server is connected to and validate pfsense sees the queries to allow out to the network.. Look on the wan side, do you get anything back??

^ exactly your making it way too complicated..  It would take about 30 seconds to install the openvpn-as ubuntu package.. And prob less to install the app on your ios device.  Clickity Clickity your openvpn server is up and running..  Grab the openvpn connect client that works great on both ios and android devices and is FREE as in beer.. Your making it way way over complicated because you don't want to use the correct tool for the job..  Sure Bob I can drive that nail in with this screwdriver – see its real easy... ARrrrrrghhhhhh ;) Click Click on vpn via my iphone, click click on a different profile using different port and tcp vs udp and even ipv6 access. [image: vpnios.PNG] [image: vpnios.PNG_thumb] [image: vpniosipv6.PNG] [image: vpniosipv6.PNG_thumb]

Right, I am going for a record on the most times in which I can change my mind on what is wrong here. I think it was throwing me because it was intermittent but I thought it was corresponding to certain changes I was making. To troubleshoot further I started from scratch and just kept rebooting over and again and I found that it was sometimes failing to come back up even before I had added additional interfaces to pfsense. I eventually realised (I think) that it was because I was using legacy adaptors in hyperv - In the past pfsense had not worked for me unless I used legacy adaptors but maybe that has changed in the latest release. Anyway, once I added standard adaptors it appears to be working as expected. I have WAN and 3 LAN networks now and it is allowing me into the web admin consistantly so I think and hope I have resolved the issue. Just posting an update here in case anyone else runs into the same problem.

I think you are in the wrong section mate You need to go here https://forum.pfsense.org/index.php?board=21.0

Thought I should reply, I wiped the disk and installed from scratch again and it worked like a charm. It's unlikely I entered in the wrong login credentials (pretty certain I copied and pasted) but it is possible. Thanks for your assistance (:

same thing happen here. i try to boot from pfsense 2.2.5 usb 64 img that i prepare with physwritedisk. first i think that it's my hardware fault, but when i try opnsense 15.17.8 that has same boot loader option …same error show up. i haven't try cd iso because i don't have cd... the funny thing is when i try older version ( 2.0 and 1.8) everything run smoothly...

It seemed like the NIC was down. I'll check weather there are some other issues. Thanks!

Ok, thanks. I'll give it a go.

Answered my own question. It looks like this is the result of having incorrect PPPoE credentials (The ISP gave me the wrong realm name).

use another USB-port. You are booting from a USB 3.0 (blue). You need to use one of the USB 2.0 (black) in stead. They have different color. Go for the black ones. Not hte blue ones. https://forum.pfsense.org/index.php?topic=75015.0

It's never too late to start learning. Looking at Windows 10 these days, I'd advise everyone to start considering open source alternatives for desktop. But that's another story. I never tried squid on pfsense, I played with it once on a Linux box, and I had two problems with it: overcomplicated for my needs fuzzy documentation As far as I can see in pfSense forums, most of the issues people have with squid here arise from these two problems, and it also seems to make the whole system less stable, and harder to keep up to date. Pound is a very easy and straightforward piece of software. It just does what it should and that's it - and that's exactly what I need, nothing more. I really wonder how come nobody made a package for it yet, I even considered once I should make one, but you know, making pfSense packages these days is a real pain in the ass. As for websites requiring client certificates for strong authentication - look for Apache, and forward them with pound directly. I didn't do things like this yet, so I'm not aware of details, but I guess it shouldn't be too difficult.

You could probably get by just fine on 1 GB with that small configuration.

This is caused by pfsense trying to send his UUID with User-Agent on GET command If you UNCHECK the "Do NOT send HOST UUID with user agent", it will work

Thanks again for your reply. I understand that there are "auto" firmware options "System, Firmware, Auto Update" for example.  From console as well, as you seem to be suggesting. I am setting up this box as a replacement firewall and configuring as much as possible before connecting to my WAN/LAN.  So, right, I am not connected to the internet while doing so.  Does not seem to be such an unusual setup plan to me… Cheers, Todd

Why would it not just go Verizon Fios ONT –-> MX64 - switch? Why do you think you need 3 different routers/firewalls? Or if you want to use pfsense Verizon Fios ONT ---> pfsense - switch?

Thats exactly what i thought. I mean 512mb ram will be enough mine is running virtual at the moment with vpn for clients and tunnels and its using 100mb ram so should be ample. Thanks for the response. I might get a X500 for my dads house and an X1000 for me as slightly faster hardware

@David_W: There might be some sort of deterioration in the physical line between you and the ISP, especially if you are using DSL. Moreover, DSL modems sometimes go bad. One of those would be my guess given it started getting spotty for no apparent reason with no changes made, continued and gotten worse over time.

Hi I don't think it's a fan problem, but we need evidence of what processes are running and what your CPUs are busy doing. Here is mine for example… (Diagnostics menu / system activity) last pid: 85388;  load averages:  0.00,  0.01,  0.00  up 171+01:28:55    20:04:35 151 processes: 5 running, 120 sleeping, 26 waiting Mem: 35M Active, 292M Inact, 258M Wired, 52K Cache, 279M Buf, 3357M Free Swap: 8192M Total, 8192M Free PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND   11 root    155 ki31    0K    64K CPU3    3  25.4H 100.00% [idle{idle: cpu3}]   11 root    155 ki31    0K    64K CPU2    2  25.4H 100.00% [idle{idle: cpu2}]   11 root    155 ki31    0K    64K RUN    1  25.4H 100.00% [idle{idle: cpu1}]   11 root    155 ki31    0K    64K CPU0    0  25.3H 100.00% [idle{idle: cpu0}] 81695 root      22    0  223M 31856K piperd  0  0:00  0.68% php-fpm: pool lighty (php-fpm)     0 root    -16    0    0K  192K swapin  0  2:09  0.00% [kernel{swapper}]   12 root    -92    -    0K  416K WAIT    0  1:17  0.00% [intr{irq24: bge0}]     6 root    -16    -    0K    16K pftm    0  1:15  0.00% [pf purge] 9196 proxy    20    0  220M  105M kqread  1  0:53  0.00% (squid-1) -f /usr/pbi/squid-amd64/local/et   12 root    -92    -    0K  416K WAIT    2  0:47  0.00% [intr{irq25: bge1}]   12 root    -60    -    0K  416K WAIT    3  0:30  0.00% [intr{swi4: clock}]   23 root      16    -    0K    16K syncer  0  0:27  0.00% [syncer]   12 root    -88    -    0K  416K WAIT    0  0:21  0.00% [intr{irq16: uhci0 uhc}] 46258 root      52  20 17136K  2348K wait    0  0:20  0.00% /bin/sh /var/db/rrd/updaterrd.sh 24844 root      20    0 12456K  2128K select  3  0:13  0.00% /usr/local/sbin/apinger -c /var/etc/apinge 20836 root      20    0 16804K  2304K bpf    2  0:11  0.00% /usr/local/sbin/filterlog -i pflog0 -p /va 59435 root      20    0 14656K  2336K select  1  0:09  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v   15 root    -16    -    0K    16K -      0  0:09  0.00% [rand_harvestq] If you can do the same, we can see where the CPU cycles are being used, which will cause the CPU to warm up.

Whenever a package resync is triggered, the cron tasks are recreated. No intrusion in there.