@doktornotor: (Not sure how's squid relevant here, by using the SSL bump junk in Squid, you are breaking all certificates intentionally, SANs are the least of your concern here…  ::)) I'm under active directory, pfsense is a C.A. for all my clients, so the single-name certificate is well-working! My problem is the SANs certificates (facebook, gmail and so on…) because my browser recognize valid only the common name  :o When a website serve a certificate with CN different from its hostname the match fails, also if in the original certificate there is its hostname in the alternative names (SAN).

@Waggles: Is it because it's faster or more efficient if a switch handles the traffic from the WAP when on the same subnet? Both. I'm in the same boat as the OP in that I bought one of the cheap i350 4 port NICs (~$120 on Ebay) as well.  I ended up putting the WAP on the switch, but I initially intended to put it on the NIC.  At the moment, 2 ports on the NIC are not in use.  Placing it on the NIC seemed like the logical choice since that's how I set it up on every router I've used at home (D-Links to Zyxel USGs). Thanks for the input. Home/dedicated routers often have dedicated internal hardware to make the use of multiple NIC ports in a bridged fashion more efficient than the general purpose approach of pfSense. Passing all your NIC traffic through the internal PCI/System data bus is less efficient, but gives far more flexibility in what hardware/packages can be used with pfSense. I know sometimes it feels like you're "wasting" a NIC in pfSense just because it doesn't get used, but at the current price of a reasonably good switch (10's of$) it's lousy bang for the buck trying to internally bridge pfSense NIC's just to save on a switch.  ;)

I would still try hooking the drive up to a different system and see if you can access anything.  Your problem may well be a bad P/S and the drive is fine.

Thanks cmb. I'll check it out in the morning.

You have to compare the HASH of the downloaded file with the CONTENTS of the hash files, not the HASHES of the hash files. $ openssl dgst -sha256 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz SHA256(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539 $ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.sha256 SHA256 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 095a7458e41130dd98824ce132190398bea26bb070d1b74ef2f7a101a9af4539 $ openssl dgst -md5 pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz MD5(pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz)= 11f1294a63c376e93538bdbffc05154d $ cat pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz.md5 MD5 (pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz) = 11f1294a63c376e93538bdbffc05154d

@Wolf666: Let's do it simple. Taken into account you have a working pfsense WAN IP, got via DHCP. Set: 1 - pfSense (LAN) IP 192.168.1.1/24 - set DHCP server scope 192.168.1.100 - 192.168.1.150 (if you need DCHP) 2 - Linksys IP 192.168.1.2/255.255.255.0 (disable NAT and DHCP server), set default gateway 192.168.1.1. 3 - Connect pfSense LAN to any LAN port of Linksys, also linksys WAN port should work if AP mode is supported. 4 - Connect the Switch (if you need) to a spare Linksys' LAN port. Now any wired, wireless client should receive an IP from pfSense DHCP or, in case you are using static mappings, use their own IP  (set them between 192.168.1.3-99 and 192.168.1.151-254, outside DHCP scope). ALL your LAN is inside 192.168.1.0/24. Check your outbound nat, check firewall rules. Let us know if this simple configuration works. Thank you so much Wolf666! It worked! I did what you suggested and turned on the enabled Dynamic Router RIP, then after that I switched my WAN intel nic to LAN, and LAN tp-link nic to WAN, then it worked! I saw some lights on the tp link nic was not blinking (there are 3 blinking lights, only 1 is blinking) so I tried to switch it to WAN. Then it worked! Thank you wolf666! I'll study this to learn more about pfsense.  :)

Did you install bandwidthd?

There are occasional uses for them but it's cases where pfSense is not acting as a router but as an endpoint (e.g. stand-alone appliance for DHCP, DNS, etc). It's not a deficiency in the hardware or the OS, it's just that TSO and LRO are not intended for use on a firewall/router. The details are on the wiki.

Today I reinstalled the 2.2.1 fresh. Still no joy. the msk0 driver was doing his show and taking the WAN port down. When I use an Intel NIC em in the everything is cool. I ordered a new Dual Intel NIC. Lesson learned: FreeBSD needs Intel NIC, all the others will ruin your day soon or later. Never trust the automatic pfSense update.

Thanks I will try that. And thank you for all your help. It's greatly appreciated.

Ha.  ;D 5.5.22 in 2.2.1: https://doc.pfsense.org/index.php/2.2.1_New_Features_and_Changes#Misc_Binary.2FOS_Changes You don't have to tell us of course. However it's hard to offer advise if you can't give us some idea. Steve

/var/run should normally have almost nothing in it. Mostly the pid files of running processes. Either you have something odd going on, like thousands of processes or there's some calculation error happening. Either way installing 2.2.1 directly and restoring your config is the quickest way past this. Steve

I did a rolback to 5.5, and everything worked greate. Think I will wait for som ner updates, or test it on a different server before upgrading again.

You shouldn't need to do anything at that point it should auto-boot the F1 option after a few seconds. The fact that it isn't implies it's stuck there at the boot loader prompt for some reason. The most likely cause is that you have some unusual drive controller. I couldn't find anything about that board but if it has any sort of raid controller you should turn that off. Also try chaning the SATA mode. See: https://doc.pfsense.org/index.php/Installation_Troubleshooting#Boot_from_hard_drive_after_CD_installation_fails Steve

hi renatohpc As Escorpiom said, the CD go bad quickly. I was wondering if the USB PEN installation could be a workaround in your scenario case. I looked up onto the MOBO web site and the MANUAL have NOT a word about the USB in the BOOT PRIORITY section. That let me believe that is not supported. But a Try cost you nthing else than time. But what the read of the manual have poped up is that fact that the MOBO is NOT 64 bit compliant and since you picked up a x86_64 image to install it could lead to further problems… Have fun.