itonmytips, You can save all reports LightSquid simply copying (via SFTP, for example) /var/lightsquid/report ;) []`s Jack

My UML290 works fine without changing anything on 4G, though from the sounds of it you don't have 4G coverage, which is probably why. I know that card has similar requirements on other routers with connectivity where no 4G exists.

Generally doesn't matter either way. OpenVPN is easier to deal with if you have multiple non-contiguous subnets. Aside from that, with always-on static IP connectivity it's a toss up. OpenVPN is better in general at dealing with changing public IPs seamlessly because its negotiation process is much less complex but that wouldn't apply in this scenario (I would expect at least). It's easier to do redundant connectivity with a routing protocol with OpenVPN, so I run all my site to site connections to our datacenters with OpenVPN, as I can have one tunnel up on each WAN on my side and automatically switch between them if one connection goes down.

@ptt: You can do this using Policy Route, just check the Docs: http://doc.pfsense.org/index.php/Multi-WAN_2.0 Do you have some  an example,please ? I am New in pfsense 2.0

It's worth searching the forum - this question has come up a few times before (look for things like second disk and so on).

It isn't really possible, at least not easily. You might be able to come up with an L7 pattern for it. Though it's easy for people to change their browser string so it's not really perfect protection either.

The size of the address pool is only limited by the subnet mask. You could have a /16 on one interface if you wanted giving you 65000 addresses! I would choose to have separate subnets on each interface because it gives you far more control on who sees what. Assuming you have sufficient computing power for your needs that is. Look at the default LAN to any rule. That will allow traffic into the LAN interface as long as it is coming from an IP on the LAN subnet, pretty much all LAN traffic. It has no restriction on the destination. Traffic from the LAN subnet with destination of one of your other internal subnets will be allowed to pass. Once into the pfSense box there is no restriction on what interface it exits from so it will be routed to the correct interface for that subnet. If you have similar rules on each interface then traffic will be routed between subnets in either direction. This is a very permissive rule set though.  ;) Steve

There is no gui from freebsd packages. You will need to configure them the same way you do on freebsd. The available package with gui are listed on system -> packages

Recommendations like that may be hard to come by unless someone else in all those regions can speak up about the local carriers. In general though, OpenVPN should work fine as long as you have enough CPU on your firewall to handle encrypting at the line speed at each location (or at least the fastest possible between two sites). Even if you had a "private" link between cities I'd still be tempted to run a VPN over it. Probably better to have a mesh VPN where each site connects to each other site directly, rather than routing through a single connection back to a central hub. Both setups would work, but a hub-and-spoke setup will use more bandwidth in the long run if the two "remote" sites need to talk back and forth a lot.

@marcelloc: Are you using squid with authentication? can you see on squid logs the user? No i am not using squid with authentication. And i can see their IP addresses in squid logs

There is indeed widespread wire tapping including without warrants, of Internet and anything else, that doesn't equate to crypto back doors though, or any kind of push to make strong crypto illegal. With the amount of review of every cipher believed to be cryptographically sound, including by a whole lot of very strong cryptographers who have no ties to government and would publicly release for notoriety and the sake of crypto itself, I seriously doubt if there are any back doors. It's possible there are significant weaknesses known only to a select few, just exceptionally unlikely.

@nearones: Thanks u very much u r genius. Can u provide me more shell commands as i not that good in linux. Also can i tell me how do i clear cache log from shell? rm -rf /var/squi/cache/* The command to rebuild squid cache after removing old cache files: squid -z Aftert it finishes, restart squid.