When you say "LAN-to-LAN link." you just mean some form of point to point L2 connection?

So you have an interface on pfsense that you put some transit IP range on - see attached simple drawing.

So you are not natting to this transit?  Are you using any transparent proxy on either pfsense on these interfaces?  What are the firewall rules on these interfaces on each pfsense, on the transit network, any sort of floating rules?  What is the static routes you create on each pfsense for the different networks.. I assume your routing is correct since you say all works other than 80..

Maybe issue with using a proxy, or your natting?  Always helps to have the full picture of the setup to try and figure out what is not right..

yournetwork.png
yournetwork.png_thumb

Hmm.. Spectre - perhaps iOS is not so secure?

It is certified open source software. See for yourself on GitHub.

IPSec forum

I have the same A1SRi-2758F motherboard in my pfSense box.

I contacted Supermicro support a couple weeks back, and they confirmed that my board needs the fix based on the serial number.

Yeah. I don’t trust their sales department much either. Especially when they tell me that one of their expert technicians will be here to install my new system and do a complete setup without any problems. ???

Wow those cards look promising… And now those prices are great actually... Well within home/lab budgets..

Those would be a cheap way to get host to host running 10ge over copper... I might have to get a few of those... Thanks for mention of those!

@athurdent:

Thanks, any plans on adding Application Visibility / Filtering and maybe IPS/IDS to this?

Yes, but this isn't really the right forum for detailed information about tnsr and future plans.

https://forum.pfsense.org/index.php?topic=122999.0

Did you enable https in your captive portal - if so then your browser would throw you an error like below..

You would think users understand this problem already ;)  Per the thread many OSes understand captive portals and when you connect via wireless they would direct you to the portal page via http url they try and go to in the background, etc.

edit: ah jimp beat me too it ;)

httpscaptiveportal.png
httpscaptiveportal.png_thumb

For all those unifi controller users.. Same thing for adding the SAN to cert your using for unifi controller..

sudo su -

cd <unifi_base># on Windows, "%USERPROFILE%/Ubiquiti Unifi"

cd /usr/lib/unifi

create new certificate (with csr)

java -jar lib/ace.jar new_cert <hostname><company><city><state><country># your CSR can be found at /var/lib/unifi

- unifi_certificate.csr.der - unifi_certificate.csr.pem have this CSR signed by a CA, you'll get a few certificates back… copy the signed certificate(s) to <unifi_base># import the signed certificate and other intermediate certificates

java -jar lib/ace.jar import_cert <signed_cert>[<other_intermediate_root_certs>…]

Just add SANs you want on your cert.. Before you sign the csr on pfsense.

unifi-trusted-cert.png
unifi-trusted-cert.png_thumb</other_intermediate_root_certs></signed_cert></unifi_base></country></state></city></company></hostname></unifi_base>

Good luck!

Generally they try to design their antennas to do multiband capability..  One could put a jack in place and run to an external directional antenna that is "in band" but that won't stop the other bands from making their presence known..  Just be more inefficient as the device tries to transmit back to them..

Maybe another device is the answer such as a Cradlepoint or Sierra Wireless..

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

pfSense by default trusts the LAN and not the WAN. The deny by default logic only applies for untrusted interfaces. LAN side, UPNP, DHCP, DNS, management, SSH, etc are all allowed.

https://doc.pfsense.org/index.php/Why_was_FreeBSD_chosen_instead_of_another_OS

pfSense uses wol ( https://www.freshports.org/net/wol/ ) to send wol packets. It doesn't have a daemon to listen for them.