If it was working fine previously behind some other SOHO router then the most common things to check are: It requires UPnP. pfSense includes UPnP but it's disabled by default as it's a security risk. pfSense randonmises the source port of outgoing traffic when it's NAT'd and some older applications (notably VoIP or VPN) cannot handle that correctly. See: https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-phones.html#disable-source-port-rewriting Steve

@zipping8761 haha - I warned you, but it a good learning experience ;)

The config description fields are not part of the IPSec connection, they are not listed there. You can see them as comments in /var/etc/ipsec/swanctl.conf. Steve

So I did some more digging around. In short it doesn't look like there is a Trim command for ZFS that I can see UFS does have Trim capability as found here... https://forum.pfsense.org/index.php?topic=113803.msg633795#msg633795 On this thread... https://forum.netgate.com/topic/102088/trim-for-ssd/17 At the bottom you'll find... @kpa said in Trim for SSD: All SSDs have automatic wear leveling. What TRIM does is to mark disk blocks that are no longer in use as empty so that the wear leveling has more free space to play with. If your disks are mostly empty the wear leveling will never come to a situation where the unused blocks become scarce and there's no reason to enable TRIM. Apparently thought Trim is enabled by default on zfs and can be confirmed with... sysctl -a | grep _trim

Yep i think i misunderstood. I read TOR as TNSR. In some cases you will be off the need to use routers also inside of your LAN network and pending on your network topology and network Layer(s) it might be good to know where exactly you should connect your TSNR router. Although im still curious as to what switching infrastructure is used. It is pending on your network topology and/or network Layer design. as an example; 2 core switches (redundant) - Core Layer2 TOR Switch in each of the Racks - Distribution Layer Access switches (stacked in ring) - Access Layer This can be differing from design to design and also where all these racks and/or switches will be installed. example: IT Room (Server room) with Core Switches on each stage of the building one rack with stacks and ToR the stacks are connected to the ToR and the ToRs are connected to the Core switch(es)

Hmm, well that doesn't sound good. Maybe consider a different hypervisor if that's your main firewall.

@dobby_ I am a Mikrotik fan and use the new RB450x2 to manage my LAN with pfSense as edge (WAN). I'll research what you presented (Tailscale) as it sounds interesting, thank you for sharing. Discovered this about new package coming: https://www.youtube.com/watch?v=Fg_jIPVcioY

Well my profile page changed and has a lot more options. i assume that because i am now the 5 reputation that @johnpoz mentioned. thanks for the rep points who ever gave them.

@ddbnj I have been assured it's not a pfsense issue, it's a me issue.

@rcoleman-netgate it has now posted thanks

@zeroflow Thank you for the link. Has anyone successfully done this? I don't want to go down this tunnel first.

@stephenw10 Thanks for the reply back, I was going to grab the “site not found message” and post it but I upgraded over the weekend to version 102.0.5005.115-1 from 102.0.5005.61 and seems to be working for both AP and pfsense. After I upgraded I clearly I didn’t try it again but now it seems to be working . I guess we could mark this resolved, thanks for your interest in helping

@picia1990 You can also run the stand-alone controller app on a Linux, Windows or Mac computer, as needed. It doesn't have to run all the time, like a physical controller does, or on a dedicated machine. Looks like they are calling it "Network Application" now, under the software section, not network controller anymore... https://www.ui.com/download/unifi/

Great thread you started. Im still new to the pfsense product line having come from other vendors. In the beginning, i was frustrated that there was feature incompleteness when compared to other products but I have since changed my mentality a bit The obvious fact that it's free and there is paid support behind it makes me feel comfortable deploying Just understanding the use case for the product. I see pfsense as a router and firewall (L4) first and foremost. The VPN functionality when used in an "as-is" deployment is very good. The problems start to come in when you now have a business requirement that a 10+ year old firewall OS doesnt even have a feature set for. Need traffic visibility? Nope. Simple things like, which IP is the top talker between 8am - 4pm. No historical data is found. Sure you can use darkstat but cmon....its more of a hack and it provides no meaningful data. There is no application awareness despite what the marketing on the netgate site will tell you. OpenAppID rules have not been maintained on pfsense since 2017. The metadata conf is updated yes but not the text rules. I could go on but why bother. My hope is that the pfsense+ train is where the added functionality will appear. I know it's something that people dont want to hear but if they charge for it down the line but has feature completeness in key areas identified in this thread then ill pay. pfsense CE will continue to be free. As others have said on other forums and even here, it's a great product but one should only deploy in SMB scenarios. If your company has any I.T. budget then more than likely they are going with a named vendor.