Worked like a charm. Thanks johnpoz, and pardon the late appreciation.

i do that, but dont work. i want to do this with a vpn (openvpn), the controller (WLC) is in on point and the AP in another. Can you help me please??

I forgot to mention, while I haven't setup a NAT rule to point to TinyDNS, I do have the server enabled.  However, when I look at the logs tab I see the following error: CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies. Debug: Could this be related to the Perl mismatch issue I'm also having with LightSquid (500 - Internal Server Error)?

@phil.davis: Note: If you directly edit /etc/crontab, then that will be overwritten next time you reboot. The crontab is generated from entries the pfSense config.xml To make it permanent, install the Cron package and edit the job from there - then both config.xml and /etc/crontab get updated. Did not know that and guess I would not have found out till months later (since I rarely reboot the box). Thanks alot man for the help. :)

i found out that it was the FR2 log daily log files that were filling up the space. I changed the logging form the radius.log files to system logs and this should resolve the issue. Also i increased the size of the /var filesystem in the rc.embedded to 700MB since i'm running 2 GB of RAM on the system. I am going to replace the embedded image i have with a full pfsense image. i'm just waiting on the new industrial CF cards to arrive so i don't have to worry about my R/W limits. :)

Interesting.. Didnt know Afraid.org did that… PErsonally this is what i do Create a domain within Afraid.org.... Remote.mydomain.com Make it a Cname to whatever@homeip.net (Dyndns.com) And then use pfsense to point and update Whatever@homeip.net. using dyndns.com ITs free and easy to do! No hash tagging etc. In my pfense it just put in my username and password for Dyndns.com and BOOM!!! Updates

Wow, thanks for the heads up, I knew none of that, all I know of the guy before was his site, the utilities there, like ShieldsUp and DNSBench, which I'd seen recommended by somewhere reputable, seemed genuinely useful, and I don't have the technical chops to seriously evaluate much of any of it.  That 'What the world…' page, pretty harsh.  Well, great, now I feel even stupider, especially because empty hype disgusts me no end, and false hype is way worse.  Have a good one.

Totally agree, this is a workaround and everything needs double-triple checking, but this is the only way I found that suits my scenario. I needed DHCP server and DHCP relay on the same box. Moreover, I needed relay to work over OpenVPN tunnel. As far as I have tried (with 2.0 BETA, if I'm not mistaken), the pfSense DHCP relay did not work over OpenVPN tunnel. Maybe things changed over time, I haven't tried that with the 2.0.1-2.0.2 releases. The above mentioned FreeBSD dhcprelay package relayed through OpenVPN tun all the time with no problems, for about 5 years I think (previously used on FreeBSD before moving all routers to pfSense).

That's perfectly normal for any cable ISP.

bows Right you are :)

Many thank all, I have completed the configuration pfsense :)

Then it may not be installed or running. Just get to the shell and run the rm command.

This was a fun one, pf wasn't at fault at all. My DSL modem wouldn't pass packets bigger than a certain size. This only happened once a day for ~20 min. Youtube DNS query is about 10x the average query due to the 10 or so mirrors they include, which is why it didn't work.

i understand your point and i don't think that is a public ip.  i switched from no-ip to dyndns and it's working now.

"Interesting. My ISP's DNS returns 120.0.9.200 and 120.0.29.201 for www.abc.net.au and that is not the same as any of the results from the OpenDNS servers." Last time I checked AU was quite LARGE ;)  And I don't see any opendns in AU anywhere.  Closest prob Singapore…  So yeah your going to point somewhere else -- I am quite sure that akamai has servers in AU that your ISP prob resolves because its in the AU.  But when opendns looks to see where it should go, akamai has their dns setup using geoip to say oh your from Singapore -- you should use these servers. This is one of the flaws in opendns - they don't have full coverage of the planet, so not ever user is going to be using a dns server in their region.  So anything that uses geoip to determine where it should send you is going to be in error. Websense uses the same sort of thing for which proxy you should use in their cloud service, based upon source of where your dns query came from you get sent to different clusters.  For example if I ask my ISP dns I get ;; QUESTION SECTION: ;webdefence.global.blackspider.com. IN  TXT ;; ANSWER SECTION: webdefence.global.blackspider.com. 60 IN TXT    "Hello 68.87.72.137 (2C),  - you go to cluster-n" -- ;; ANSWER SECTION: 137.72.87.68.in-addr.arpa. 1294 IN      PTR     chic-dnssec02.area4.il.chicago.comcast.net. See that query came from my ISP dns 68.87.72.137, if I do a query from my own IP using my own BIND server I get same thing - because I am also in the Chicago area ;; ANSWER SECTION: webdefence.global.blackspider.com. 60 IN TXT    "Hello 24.13.xx.xx (2C),  - you go to cluster-n" If I use my VPS out in CA I get told to use a different cluster ;; ANSWER SECTION: webdefence.global.blackspider.com. 120 IN TXT   "Hello 173.245.xx.xx (2W),  - you go to cluster-g" You might want to look for different service other than opendns that has dns located in AU, or your going to have all kinds of issues with any sort of cloud service that uses geoip to send you to the closest server for where your request came from. It would be a never ending battle trying to over ride all the domains that use geoip based results. edit:  question for you, what is the response time when using opendns.  I am here in chicago, which they are suppose to have one in the area.  And I get 30ms response ubuntu:~$ ping 208.67.222.220 PING 208.67.222.220 (208.67.222.220) 56(84) bytes of data. 64 bytes from 208.67.222.220: icmp_req=1 ttl=52 time=36.6 ms 64 bytes from 208.67.222.220: icmp_req=2 ttl=52 time=32.2 ms 64 bytes from 208.67.222.220: icmp_req=3 ttl=52 time=33.3 ms I am curious what your response time is - if in fact the closest one to you is in Singapore. Look even here in chicago its like 40ms to get a response from them ; <<>> DiG 9.8.1-P1 <<>> @208.67.222.222 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60922 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com.                        IN      A ;; ANSWER SECTION: www.google.com.        189    IN      A      74.125.225.176 www.google.com.        189    IN      A      74.125.225.179 www.google.com.        189    IN      A      74.125.225.180 www.google.com.        189    IN      A      74.125.225.178 www.google.com.        189    IN      A      74.125.225.177 ;; Query time: 39 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jan  4 10:03:47 2013 ;; MSG SIZE  rcvd: 112 If I query my isp (comcast) its much lower ; <<>> DiG 9.8.1-P1 <<>> @75.75.75.75 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49553 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com.                        IN      A ;; ANSWER SECTION: www.google.com.        39      IN      A      74.125.225.211 www.google.com.        39      IN      A      74.125.225.210 www.google.com.        39      IN      A      74.125.225.212 www.google.com.        39      IN      A      74.125.225.208 www.google.com.        39      IN      A      74.125.225.209 ;; Query time: 18 msec ;; SERVER: 75.75.75.75#53(75.75.75.75) ;; WHEN: Fri Jan  4 10:05:32 2013 ;; MSG SIZE  rcvd: 112 Like to see the same sort of tests for you..  I did a quick search and did not come up with any alternatives for opendns that have locations in the AU/NZ region of the world.  If what your wanting to do is filter via dns for your specific machines in your network.  Maybe you want to setup your own filtering so that its local.

Tx Jimp! I think I'll manage to do what I wanted now. /Peter @jimp: You can use the cron package to manage cron entries. And for that kind of task you can use the "fetch" command or perhaps links (we include links, not lynx, they are similar but not identical)