I have tried it with both DHCP reply on and off.  I get the same issues.

The WAN is a static IP Address.  Inside the subnet but outside the DHCP Scope.

DHCP is obtained from the DHCP server on the WAN, not the pfsense box.

My friends.

cmb u are right, the results are the same, i was doing the wrong test.

The results are the same using dig.

Thanks cmb for clarifying this, I appreciated  :)

The VPN randomly started working.  I'm not gong to ask any questions and just go along with it  ;D

Thanks again for all your help.

This problem was solved, thanks to a bounty I paid (well worth the money).  See:  http://forum.pfsense.org/index.php/topic,18378.msg94747.html#msg94747

If you can email me a backup of your config (cmb at pfsense dot org) and reference this forum thread, I'll see if I can replicate that using your config.

Thats it. That solved the issue.
Thank you very much.

Regards,
Marc

@Bern:

Have you set up a static route on your pfSense machine to your office's LAN?

IIRC you have to do this with IPSec tunnels. Route it through the LAN interface of pfSense.

@joel.baxter:

Deny unknown clients:
If this is checked, only the clients defined below will get DHCP leases from this server.

This only affects the DHCP server.
The pfSense will communicate with devices not on the list below.
–> You can configure a device with a static IP and it still can use the pfSense to access the internet.

@joel.baxter:

Enable Static ARP entries:
Note: Only the machines listed below will be able to communicate with the firewall on this NIC.

Here you essentially write the ARP table by hand.
Only devices on the list can communicate with the pfSense.
If the device is not on the list it cannot access the internet even if the IP gateway configuration is correct.

@joel.baxter:

Can we just the Range to zero addresses or it should be the full Available Range?

What do you want? Set the range of availlable DHCP-addresses to 0?
I'm not sure if this works, but you can just set the range to the netID
(example: subnet:192.168.0.0/24 pfSense 192.168.0.1/24
DHCP-range start: 192.168.0.0, end 192.168.0.0)
I dont know how this will behave, but you can enter it like this in the webGUI.

@joel.baxter:

If we do want to reserve a small range of addresses to be assigned without having to input a MAC, how would we do that? Is there a way to set these so that they have access to the internet but no access to internal resources?

Just let the DHCP run.
If you do this you cannot have the above two options.
Why dont you add another interface for "guests"?
You cannot control with the pfSense what within your network can access what.
Traffic flowing only over the switch never reaches the firewall rules of the pfSense.

Create a static route for one of the DNS servers pointing to the second WAN gateway.

Are you using the packet capture mechanism to verify that it is indeed not sending any more discover messages?

I have re-created the entry in dyndns, and disconnected/reconnected from ADSL, and now it works fine.

I deleted all lease files, and it works again. I do not know what went wrong, but cleaning did the trick.

Hello, sorry for the delay.
I'm using static Ip's only because i have to. I'm trying to have a normal Lan, on which the servers are defined with a static IP (the IP is given by pfsense) and every other computers receive and address from the DHCP. The server is configured correctly. The problem is when a user with a dynamic address try to ping, or try to connect to a SQL database using the hostname of the server, he is redirected on an opendns server, whereas a user configured with a static IP (with the exact same configuration than the one forwarded by the dhcp server) can reach the server.

I don't understand this process.

My not having Internet depends on the DNS configured in the dhcp server. It is said that if dns forwarder is enabled one must use the interface's Ip. However if i do this i can not reach the internet, whereas if i configure a real DNS, i access the internet.