Enabled sticky connection and all is good in the world. For now! Thank you  :D

Captive portal has no direct relationship to DHCP leases. DHCP leases are available to be re-issued once the DHCP lease time has expired. Your lease time's too long, and/or your pool size too small.

Port speed and duplex mismatch is pretty much what I was thinking. In particular, if your network card on your PC is set to auto-detect and the port is as well, this can lead to potential latency issues, or even connection problems. Check the NIC settings on the PCs that work and compare that to the PC that doesn't. Same on the ports - assuming you're using a manged switch. See whether the working ports have static speed and/or duplex. The only other possibility I can see might be a faulty cable.

I removed both Broadcom pci nics, rebooted and still got the Fault error.  So I put one back in, turned on the motherboard nic and went to the boot menu and chose 'default config'.  It booted and I was able to login thru the web panel!  I had to setup the PIA vpn interfaces again but it seems to be working.  At least for a while.  How do I save the config to a file on a usb drive so I can restore later if I need to reinstall the complete pfSense from cd? Thanks!

Would depend on what your wanting to do exactly..  Is this external bind server authoritative for your local clients domain?  Does your dhcp server enter records there for your clients, do you clients register their names and IP there? Do you want all your clients sending every query to this server?  Or would you like pfsense to cache some of those for you?  So if client A looks up www.pfsense.org, that when client B asks for that you don't have to send traffic to this bind server, etc. Without understanding the what your wanting to do, its impossible to tell you if you need dns services on pfsense be it just forwarder (dnsmasq) or resolver (unbound) or not.

That was hitting the PHP memory limit for some reason, generally only happens when you have a really large leases file (thousands of hosts) that's been around for some time and it's trying to do an operation on it that requires more memory than PHP is allocated. Regardless it's safe to disregard in this case, it's not related in any way to how much resources are generally available on the system.

did you put server: in the advanced option box above your private settings? My guess is this what your forgetting to do if you want to add them back in.

your udp 67-68 rule should be on top. Otherwise, yes (assuming the typo you already spotted has been fixed)

I don't believe so, one of the limits currently is that pfsense has to have an interface in the segment it will hand out dhcp for.  So using it for a dhcp server with multiple scopes for downstream networks is not really an option as of yet. If you need such features you prob better off running dhcp on something else in your network.

Hello @icedata, Maybe you can use additional small switch and put before pfsense and use the same switch to connect to LAN clients? :)

Windows 8.1 PC on Client Segment Default Gateway:  N/A How is going to go anywhere but its local network without a gateway???? And you sure you want a /23 mask??  Seems odd to be using /23 for a small couple of vms.. You put that in the dhcp options, which would be option 3 in this case Here http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Well for starters pfsense dns servers dnsmasq or unbound are not really meant as authoritative servers, and do not do zone transfers..  Not really something I would use in a production/enterprise dns setup to be honest.  But if you want you really should have different fqdn for each site..  So for host in site A, host.sitea.domain.tld and in site B it would be host.siteb.domain.tld  They could be same parent domain that way, or could just be host.siteadomain.tld and sitebdomain.tld etc.. You would then create domain overrides pointing to pfsense at the other site for the domain in question. In scenario 2, to be honest you really should have a DC at that branch site..  If your not going to use a DC at that site, I would have your clients use both dhcp and dns from the main site DC, and would not use dhcp or dns on pfsense at all in this remote site.

I would make sure the remote locations are setup correctly in sites and services as well for the DCs there.. You can leverage the DataCenter DC if the DC in the site fails, etc. This might help http://blogs.technet.com/b/canitpro/archive/2015/03/04/step-by-step-setting-up-active-directory-sites-subnets-amp-site-links.aspx Step-By-Step: Setting Up Active Directory Sites, Subnets & Site-Links

dnsmasq is strictly for DNS, we don't use its DHCP capabilities. Configure that under Services>DHCP server.

What leases??  Dude a lease is not handed out unless there is a discover.. If there was a discover, then it will hand out a lease.. You understand P@55word! as your psk doesn't make it secure ;)

Hi! A hint that might help: If you have something in your advanced section and it's not quite right it can cause that behavior. It works, until you start to use the domain overrides. This is because how the final config file built by pfsense. For example if you have just one line, like: outgoing-port-avoid: 0-32767 it works, but if you put anything to the domain overrides it will cause a syntax error, because the outgoing-port-avoid will fall into the wrong section. To avoid that you must state the correct section for all of your advanced parameters: server: outgoing-port-avoid: 0-32767 then the domain override will work again.

Today I upgraded to pfsense version 2.2.6 and noticed something very odd. With "unbound-control -c /var/unbound/unbound.conf lookup" I am not able to lookup (forward and reverse) any local hostnames / IP address anymore: no delegation from cache; goes to configured roots Lookups for local hostnames via the webui still not work and seem to ignore the domain overrides I have set.  :P

Do you mind explaining your find in detail and how you fixed it? I may see some broadcasting traffic as well, and I though I've set the DHCP to run on the internal interface. Plus, in ESXi I've set the WAN and LAN interfaces in their own separate switches with their own dedicated nics. Thank you.