@Ascrod It looks like I'm almost there. But missing some routing. Here is my setup. Pfsense WG config: I've hidden real keys. But still showing which keys are used where [Interface] # Generated by pfSense Address = 10.100.100.1/24 ListenPort = 51830 DNS = 10.0.0.1 <----- Pfsense local LAN IP PrivateKey = xxxxxxxxxxxxxxxx [Peer] # phone PublicKey = cccccccccccccccccc AllowedIPs = 10.100.100.2/32 [Peer] # IPAD PublicKey = vvvvvvvvvvvvvvvvv AllowedIPs = 10.100.100.3/32 Client config of Android Phone [Interface] Address = 10.100.100.2/32 DNS = 10.100.100.1 PrivateKey = dddddddddddddd [Peer] AllowedIPs = 0.0.0.0/0 Endpoint = my_ddns.com:51830 PersistentKeepalive = 21 PublicKey = cccccccccccccccccc Now im not sure which and where i need to add the rule for the vpn interface. Is it under NAT and port forward from WAN to OPT4 Address? OR is it under NAT> Outbound? Note my above config works fine if i move that to my ubuntu wireguard server and simply forward UDP port 51830 from pfsense to my ubuntu machine IP.. NOTE: For testing purpose im using the same private and public keys on my ubuntu wireguard server and this one im trying to setup on the PF box. I believe that should not be an issue? Thanks for your help [image: AF1QipMiraKjmg6qh6-5tnxSsITICqE4WD0JJ37184bg] I tried the following rule but i dont think thats correct [image: AF1QipOFEj2ZkdNLl1V4yQjQ5WOlQwbFH0EIbQbdr9QH] If i tcpdump on my pfsense internet side(WAN) interface, i see constant incoming connection attempts from phone and then the pfsense reponding back to the phone from the WAN interface. But if I trace on the TUNWG0 interface i only 1 request from 10.100.100.2(Phones vpn ip) to the pf sense WAN inteface. This is the furthest ive been able to get now. From the pfsense and from my LAN devices, i can ping the phone's vpn ip(10.100.100.2) but thats it. I cannot ping LAN IPs, lan DNS, 8.8.8.8 etc from the phone.

What are you replying to there?

@andrealucia said in Chrome password auto-fill breaking IPv6: This prevents the IPv6 gateway from starting. In years of running pfsense, I've never seen this behaviour. When pfSense boots, interfaces are mounted, protocols are started, things like IPv4 and IPv6 are activated, links are build. IP's are set, masks and gateways are defined. All this happens long before processes like a web server (nginx), that hosts the pfSense GUI, are started. Yet the login of a user using some browser disrupts the IPv6 gateway ? How ? @andrealucia said in Chrome password auto-fill breaking IPv6: Is there any other work-around? I thought the issue was solved. It's a browser behaviour.

I work in remote! with a time sheet, I never work like that, but I know im blessing. A lot companys is going down cause this virus.

You will also need a WAN connection, as well as a switch or device to connect to the LAN port.

Xmas in April ;) heheheh

edit the topic please [solved] brNP

Graphène based sensors might pull this one off.

Enter your router's IP address into your favorite web browser. Log in as the administrator. Go to settings and look for an option titled WiFi name or SSID. Enter your new WiFi name.

@Bob-Dig said in VLAN possible with virtual Switches in Hyper-V?: @Mats said in VLAN possible with virtual Switches in Hyper-V?: The first one is to create a trunk adapter and then assign Vlans in PFSense. This had some issues on 2012R2 but is rock solid on 2016. I do use this config myself I had absolute no success with that. [image: 1587059119425-xxcapture.png] Also is it normal that if you add those virtual NICs, that you lose the normal NIC? And then have to use vlan on everything? And also I am using VMware WS on the other side (Client), which probably making things worse. The "normal" nic is vlan 0 so that should be doable. I did not have a VM with that config at the moment so I couldn't test it. You can try method2 and see if that works for you. If it does we know the issue is with the trunking of the adapter

I have no idea, I've never tried them. I know some VPN services can use IPSec, most are OpenVPN only though. Personally I consider all those VPN services of limited use at best. Setting up your own VPN server that you control is better in many ways. Steve

This is going to be the attacker's machine if you want to have an internal pentesting environment.

I mean I realise this is off-topic but I don't think you'll get much love for dropping pfSense. The one area where a device like that might be a better choice is if you need to connect multiple games consoles to the same game/server from behind it. For some reason I've yet to understand the networking code in many consoles/games appears to be straight out of 2002. They often use fixed source and destination ports and cannot cope with that being changed. Hence the need to set outbound NAT rules with fixed ports for games consoles. They often also require inbound connections be allowed directly and that often means UPnP. A terrible idea in a security product. The actual issue appears to be the fact that miniupnpd, the UPnP daemon used in pfSense, does not support 'masquerade' for FreeBSD/pf. It does in Linux which is what almost every other sogo router is using. See: https://redmine.pfsense.org/issues/7727#note-3 If that is something that may apply you could always try OpenWRT on whatever hardware you're running pfSense on. Steve