We don't plan on including SoftEther with pfSense however that shouldn't stop you or anyone else from developing SoftEther package for pfSense.

I like upbeat posts  ;D

@johnpoz:

Why would you not just create a firewall rule to stop them from going outbound?  And only allow the stuff you want, and actually limit that as will with a limiter.

They are not going to the outbound directly, they are managed by el proxy server wich have full access to the WAN interface of the pfsense (www). I do not want to block them at all, I just want to know whem an user is using NAT before enter to the infraestructure.

Looked into this more, to be honest, I did not see this coming. Have not done any website work for some time, damn.
Downloaded the CSV file for complete list. WTF! If you were sleeping at the keyboard like I was, link below for more info.
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
Easy Privacy should have all the site domains in the block list.
PfBlocker with Easy listings enabled will stop it and UBlock or NoScript would also.
Did I ever tell you how much I hate javascript. >:(

https://doc.pfsense.org/index.php/Main_Page
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Just updated my APU2C4 without issue. Thanks for another great release!

Thanks, I'll do that.

Either General Questions or Traffic Shaping would be a better place for your question.

Anyone have any suggestions .. TIA

i have learned that what i am looking for is called a utm (unified threat management)

i can not get a copy to play with for experimentation, and it looks like it is a standalone that will not play with sense OS

now, seeing as how this would be a total game changer and everyone would benefit from it, and everyone needs it
the #1)  question is why do we not already have it
and 2)  what do we have to do in order to get it

so this leads me to wonder if there is a plug in, or set of accumulative  plug-ins available that i am not seeing

again after all this i want to keep a diligent focus on my end goal

i NEED to be able to watch  traffic real time GUI, with a line of data classified how and what you chose to show. the ability to right click on it, stop the flow, and chose what type of restrictions to implement into the firewall for that specific address, or general domain as a incredible volume more effective, faster, and efficient that a CLI table modification.

@Harvy66:

Looks like this got pushed back until at least 2.4.4  Makes sense. Lots of bugs fixed in 2.4.3 and no point delaying longer that needed. I would say that this one feature could almost warrant its own release if 2.4.4 starts taking too long. fq_codel is magic for the cares of most who use it. No rules, no priorities, just set your bandwidth and done for most situations.

100% agree with you on this.  There's only a handful of parameters that can be tweaked on the fq_codel algorithm and the performance (from what I've been able to test so far) is excellent given its simplicity.  Including it in the GUI would really drive up adoption and we could then focus just on recommendations for tweaking parameters.

In the meantime, setting it up manually doesn't require all too much effort.  All one needs to do is create a pair of limiters, with queues underneath them.  Apply the queues to the appropriate firewall rules and then enable fq_codel for the queues using the CLI.  The changes can easily be made persistent through reboots by using ShellCmd.

Also doesn't pfsense pull rfc1918 out of the bogon?

if you look in the pfsense table bogon, the rf1918 networks are not there..

https://github.com/pfsense/pfsense/blob/master/src/etc/rc.update_bogons.sh
if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V4:-0}+LINES_V4)) ]; then
egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons
RESULT=/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1

Looks like a failing disk to me.

I've been researching all night long. I think I will install a Intel nic with two ports. In pfsense on virtual box, I'll set wan port to bridged and on lan set to host only. I can then plug my wireless access point into my lan port. Configure it with my lan settings. And I should be good. Well see. Thanks again for the help :)

In my case it is blank

And you are certain that you have squidguard installed AND enabled?  If so, you might be better off removing it all and reinstalling because something is not right.  I have no idea if you could add it manually.

Users are here because they use pfsense - even in the general area.. So while yes there is a huge amount of networking knowledge here.. Most here don't give 2 shits in helping someone with some other devices problems.

If you had a general question of dhcp or networking in general - happy to discuss.. But more than likely your not going to find many people willing to help you solve some other devices dhcp issues.

As to what issues you had with pfsense when you were running it as VM for your dhcp server - more than likely this was related to something else in your network..  I have run pfsense as vm for years and years - zero issues with dhcp on it.  I still have a pfsense vm running as a downstream router in my network, and it has zero issues with dhcp to other vms and or wired/wireless devices in the network.

dhcp is really easy to troubleshoot overall.  Most problem stem from users running multiple dhcp in the same L2, or just in general not even understanding what is meant by L2 or L3 networks.

If you want to post up something we can actually work with, like a sniff of the dhcp traffic be happy to discuss that here in the general section because its just general networking at the basic level talking about dhcp protocol.