I spin up Ubuntu servers all the time, both static and dynamic, and they never have any problems talking. If it's working for you then great. I suspected it might be something totally weird, but you had it with three different boxes.

@sgtpepperaut said in NAT through OpenVPN? How to set up outbound NAT?: Anyways unfortunately pfsense is only running on site A ...site B runs OpenWrt in the router/modem. The point here is that pfSense has the the reply-to function, which directs response packets back to the gateway where the requests came from. This function would be helpful at site B. Another way to get it work is by adding an outbound NAT rule on site A: interface: <that one you have assigned to the site-to-site VPN or even OpenVPN> Protocol: TCP (or what you need) source: any destination: 192.168.20.89, port: 80 Translation address: Interface address However, with that rule in place there is no possibility to determine at the destination host the origin source IP of concerned connections. If you don't want that masquerading rule to be applied to connections from site A, copy that rule, and enter the site A LAN at source and check "Do not NAT". Then put the new rule above the other one.

@netizen-uk said in Can Pfsense do this???: Is this totally wrong? As I'm not that deep into (private) BGP, it could be possible. But at the end AFAIK at least the upstream provider on your DC side has to allow you to speak BGP to him and almost no mainstream provider (or low-cost) do that, as you only have access to their IP space. If it would be your own IP space you get from RIPE etc. I'd guess it possible. But nevertheless your initial idea is to have one of the IPs on the DC node routed to your SOHO node / network and that's an easy setup using OpenVPN for example, so I'd go down that route to try it out.

Yes, root takes you to the menu but doesn't lock you into the menu like admin.

Yeah have heard it over the years as well - from the same sort of "consultants" that got paid way to much money for nothing of value ;)

The "xpinstall.signatures.required=false" didn't work for me and I didn't really like the idea of the Studies workaround. I eventually found this post and tried the debug fix described. At least as long as I keep FF open, my add-ons are all working for me. Thanks for the advanced warning on this.

@nextsrl-com said in CONNECTION REFUSED: Can someone help me? With the first part, yes : @nextsrl-com said in CONNECTION REFUSED: I just installed pfsense 2.4.4-p1. 2.4.4.p2 came out for a reason. Upgrade ^^ The rest : you should tell more about your setup.

the situation is changing in the field... IOS images grows, config file grows - TFTP's getting too slow to catch up...Besides, security is getting into the picture, so SFTP is on the next run... thanks

But is so freaking hard to do that ;) [image: 1556562989919-hard.png] heheheh Work has been blocking imgur forever... I always have to circumvent the proxy to view images while at work when they are not just attached to the post.

@JeGr thanks for your reply. In fact there was unexpected issue. No updates, no upgrades.

to any server, it is odd yes. Even if classified in the same rule as http traffic, the http traffic is queued properly on it's ack's whilst ssh is not. I will do more experiments on it later in the week.