Interfaces –> WAN --> "General configuration" --> "Type" [image: DHCP.png] [image: DHCP.png_thumb]

I've done this with dedicated lines and 3Com equipment, all you need to do is establish a second dhcp subnet on the windows box and everything works fine.  I can't get it to work with pfSense and an IPSEC VPN though. The DHCP registers that a lease on 192.168.2.x has been given out but that data never makes back to the client and the lease is never confirmed.

yes, that is correct, both nic to same switch … is it possible to rise priority of LAN, and if there is no mac address in list of hosts, than (client, printer ...) computer gets ip from opt ?

Read this thread. Same problem with reversed interfaces. http://forum.pfsense.org/index.php/topic,13901.0.html

hmmm … I'm not really familar with bsd and php and so on, so i understand the half from this tread, but i'm impossible to integrate it by myself. May be there is a configuration file or something, where the DynDNS providers showed on the WebGUI are listed in, which i can edit? That would be a much mor easier way for me to change the things and would be much more charming ...

True my friend I've se it like that and is working THANK YOU VERY MUCH for oyur help

ok, solved this problem, what I did was disabled DNS forwarder, then set the DHCP to serve 192.168.1.1 as the DHCP server (which is the enthernet DSL modem on WAN), and works fine. CARP is working fine, but in reserve. The WAN interface is correct, 10.0.0.11 master 10.0.0.12, but LAN and PUBLIC is the reverse. It works fine, I shut down 10.0.0.12 internet works, its just wrong way round. All 10.0.0.11 advertisers set as 0, 10.0.0.12 set as 100

Probably easiest to disable and run manually, check dhcrelay man page for specifics.

You could start a bounty. If you want to do it yourself, it looks like you'd have to add -B=ip address option added to the args passes from services.inc.

For me it's sound like you somehow have messed up your configuration or are having a hardware problem. upgrade to 1.2.3 http://blog.pfsense.org/?p=377 http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/ But in the end I would bet that reinstall will be a better approach. Might help http://pfsense.site88.net/multiwan.html

@cmb: Yeah it should only run on the master. It does work running on both, though it really shouldn't.  bug ticket open on it. http://cvstrac.pfsense.org/tktview?tn=1883 Thanks ! :)

Yeah that looks good. Next I'd get a capture from the DHCP server to ensure the relayed requests are getting there, and if they are then enable audit logging on the Windows server and see what it's showing.

Two things… #1: Another way to make a change like this is without a reload is: Make a backup (just to be safe!) Load up a WebGUI page with a save button Switch to a console window Edit /cf/conf/config.xml rm /tmp/config.cache Click "Save" on the WebGUI page you loaded earlier. #2: Having said that, I was able to get a third DNS server to take this way -- but -- as soon as I went back to "System > General Setup" and clicked "Save" there, it wiped out the additional DNS servers. So it might work, but YMMV...

You don't have to change anything, DNS will resolve from any interface IP and CARP VIP. Your firewall rules have to allow that query traffic.

Heres some links to pfsense features http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 and captive portal http://doc.pfsense.org/index.php/Special:Search?search=captive+portal&go=Go I personally use it as many others do as well and it works great, on both wired and wireless networks, I think you'll find it easier to manage users than what youre currently doing, no point trying to reinvent the wheel. You can find it under Services/Captive portal on the pfsense gui. Slam

I found the answer….. The problem was not PFSense at all, but an OpenDNS setting and the way Windows handles lookups. Windows lookups go in this order: HOSTS file DNS Server NetBIOS Name Table For NetBIOS names to lookup correctly, the first 2 options have to fail.  With the "typo correction" feature enabled on OpenDNS, #2 never fails and thus Windows never gets to look for a NetBIOS name. Registering a OpenDNS account and turning off typo correction fixes the problem.  Of course a proper AD/Domain setup would as well...