Not sure where he is running his controller. But easy enough to place it on the same vlan being used for the unifi management vlan no matter where the controller actually runs be it a VM on something, actually on hardware like a PI or their own little cloudkey pi type computer.. If budget is there sure I would get one of their little cloud key boxes to run the controller software on.

All mangement vlan is another L2 that all the devices your wanting to "manage" have IP on..

huh? How do you think a router is going to send data to more than one IP?

You can not port forward to more than 1 IP behind your router, etc.

Why do you not draw up how all of this is connected together, and what your wanting to do exactly and we can work out best solution to your problem..

But if your wan IP is say 1.2.3.4 (public) and your remote devices send data to 1.2.3.4:X where X is the port.. You can forward port X to say 192.168.1.100 behind pfsense, but you can not send it to both .100 and .101

That is well with-in the allowed temps for the MBT-4220, looking over the CPU spec sheet you have a max temp around 90c: https://www.intel.com/content/www/us/en/embedded/products/bay-trail/atom-e3800-family-datasheet.html

@larryf

I use FreeBSD syslog. Runs light, on a low memory VM. Easy to install and setup.

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-syslog.html

So you want to policy route out a vpn connection on pfsense.. Then set a rule on that vlan interface to send it out the gateway which is your vpn client connection.

But yeah need some details.. If you want any help on what your not doing or doing wrong. IPsec vs OpenVPN would be big part ;)

What version of pfsense your using as well for starters.. Screenshots of your config of your vpnconnection, etc.

@derelict

I thank you for your advice man, if it wasnt for this i wouldnt have found this site.
Pfsense is a great product, ill will stick around on this this forum!

/D

What fixed it? So you connected it how exactly?

While it is for sure not normal pfsense forum topic - you should complete the thread with what exactly you did to correct your "problem" so that the next guy reading this or searching for it for the same sort of problem isn't left hanging.

Thanks for the input johnpoz & Derelict

I just decided to fill out the form for partner. I let them know that I'm the founder of a non-profit to get computers to vets (militaryos.com). I just happen to have a system that's too old to give out. There may be times that I need pfSense for vets also.

I have a one time case for a different non-profit. But there ToS is rather restrictive and I just want to get an OK with them.

Just an update:

after hours going back and forth with my ISP provider, they are unable to help me.

Some success:

However, after researching I was able to reach near 500mbps with the VPN turned on by creating 4 openvpn clients and putting them into a gateway group.

these are the custom settings i have for each openvpn client:

auth-user-pass /etc/openvpn-password.txt;
remote-cert-tls server;
reneg-sec 0;
resolv-retry infinite;
persist-key;
persist-tun;
tls-client;
pull-filter ignore "auth-token";
sndbuf 1500000;
rcvbuf 1500000;

Problem:

But I am getting weird long lag / delays. For example, I open starcraft and lots of the images, etc are blank waiting for load. After maybe 15-20seconds it will all load. Or if I am in a party and a game is started, I won't see the invite pop-up. Or youtube seems to load slow, and the images. Same with popcorn time.

Anyone have any ideas about the weird delays and lags I am experiencing despite getting near 500 mbps download speeds?

Thank you as always.

Perfect, Thank you !. Done, mounted, and saving sweeeet log data !

Very good idea. I "catch" a lot of things into Splunk from pfSense and the most critical things are then "routed" to slack. For sure this helps me get the most important notifications I need immediately and it get's the right attention.

I never dealt with FTP before, so never read up on it. My company used to upload some sensitive docs straight to FTP server about 5 years ago, at that time they didn't even think they need firewalls and VPNs.

Set your update source back to 2.4.5 / development snapshots.

@su30mki said in Custom aliases using domain name:

I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it?

First at all, you have to configure your vlan.
After that, you have to create an ACL in order to provide internet access to one vlan and block it in the other vlans.
Remember set your device as a “Layer 3” device.

They are blocked because they have no business hitting the firewall. They can still communicate locally, but it's link-local/L2 traffic that can never route outside of its segment.

You'd only receive one of those IP addresses if you had no DHCP service running. You can't use those addresses as your local network the same way you would use an RFC1918 network.