hello vegastech thank you for the reply
i can ping to 192.168.1.1 from my pfsense at 192.168.55.2 in internal network
when i try to go to internet from a Virtual machine at 192.168.55.x in bridge mode it doen't work

You prob get better support on centos forums or radius forums - not sure what this has to do with pfsense? Your in the general section and all.. But good luck..

@Johev Did you ever pick one?

@petreza
If I wouldn't be that Cisco centric now (was very different 10 years ago) I'd probably have a look at the
D-Link DGS1510 series.

@rcmpayne said in [SOLVED] Internet through pfsense keeps dropping:

@rcmpayne said in Internet through pfsense keeps dropping:

@bmeeks said in Internet through pfsense keeps dropping:

If Snort works, then just use it instead of Suricata. There is no meaningful security difference between the two packages.

Were you running Suricata with Inline IPS Mode? If so, then netmap is probably the issue as it will restart an interface when netmap mode is activated. So each time Suricata stopped and started it would activate netmap which in turn will cycle the interface. The Inline IPS Mode of blocking in Suricata uses Netmap. The Legacy Blocking Mode in Suricata works the same as Snort and uses libpcap instead of netmap.

Yes i was

Is there a way to restart or cycle the interface to see if that alone will also cause issues? i no-longer have Suricata installed at this point.

Sure, you can disable and then re-enable the interface on the INTERFACES menu in pfSense. That will not use netmap, though. That will simply cycle the interface down and back up.

@esrisa said in Pfsense - Outlook the linked image cannot be displayed:

Errors in emails - The linked image cannot be displayed
How do I resolve this problem?

How should pfSense know that the GET for an image in a mail is coming from an email client like Outlook, so it blocks these requests ?
Are you blocking something on your LAN firewall ?
Some other proxy issue ?

@Bismarck : I don't think @EsriSA instructs (or has been instructed) his mail client to stop showing image in a mail and then looking for the phenomena in pfSense. That's doesn't make sense.

Got it working. Come to find out the Public LAN on the modem was not enabled or setup. Once i did that, everything it worked.

As a follow-up on this post, I ended up purchasing a used 2-port intel server NIC. This solved the problem, which seems to be related to the Realtek NIC's on the motherboard

Just an update - managed to get this done without any additional hardware. Just had to configure the 2 vNics with the right settings. i can now send any device through the vpn. works a treat.

@grimson said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps:

@jegr said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps:

I want some of that money-printing-thingy, too :D

No problem: Rent a few cheap VPS and install OpenVPN on them, create a decent looking website with lot's of FUD and offer your service as the salvation there. Et voila you are your own VPN provider.

OK should clearly have inserted that "sarcasm" or "irony" holding smiley there ;)

@johnpoz said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps:

To your fingerprinting - up your IP is kind of minor thing these days.. New firefox is going to implement some sizing stuff that the tor browser been doing to try and remove one of the things used to fingerprint.

Aye, of course there are more countermeasures today. But even back in the '09s it was already shady to "trust" those services implicitly with all information. As everyone can research, there were quite a few companies selling "secure private VPNs" giving away user information afterwards or tracking things like website and app usage etc.

So when someone sees one of those "unbelievable offers" of a lifetime/10years/whatever long time VPN membership for only 99.99$ (or whatever) one should ask: is that really viable? Or are you simply buying snakeoil.

Ah, ok, now we are getting somewhere ...
Still, what does this CA cert has to do with it ?
Anyway.

When you use solutions that block 'some users' to visit 'some sites' you need to read awful lot of information. Because you have to understand the why / what / when.
Added to that : when you have a working situation, you have to survey it constantly as your are using rather complicated solution that can change any moment.
This is a topicality : you want something, so you implement something (like driving that car you bought - you do it, because no one will be there for you for your car).

So, read the forums I mentioned.
Try something like Google pfsense block Facebook - just read and you will get the picture.
Have a look at the Netgate's Videos about this subject (Youtube => Netgate).

Btw : I never ever I block 'some sites' for some of the visitors or my colleagues or who eve on my networks. I'm using pfSense in a company - not some family or related environment. I also tend to keep things simple.

For posterity...

I enabled SSH and logged in as root. I grep’d around for a bit (searching for my street name!) and found /cf/config/config.xml. There was an erroneous entry for a failover peer under the DHCP section. I deleted that entry and rebooted and all was well.

Ok - I'll have to look into it.

Thanks for the info

The Resolver should be activated, or the Forwarder.
One or the other.
Both : impossible.

Up to you to choose one.
However : The Resolver (or Forwarder) has to be set up correctly.
When you installed pfSense, the Resolver is activated and will work right out of the box. No changes from you are needed.

Running pfSense with no Resolver neither Forwarder is no advised at all.

And what about answering questions ?
Like the one @JeGr asked ?