3 vpn users and 150/150 - yeah your fine ;) heheheh Openvpn is easy peasy lemon squezzy to setup.. Just run through the wizard - check out the openvpn section in the pfsense book. If you have questions - just ask in the openvpn section.

Thank you, this helped tremendously!

@jimp said in Scheduled port forwarding, possible with pfSense?: Add a port forward as usual, and then apply a schedule to the firewall rule that allows traffic through the port forward. Then it will be off when you want it off, on when you want it on. It doesn't matter that the port forward itself is always active if no traffic is passed through it. cheers for the reply!, i have bookmarked this thread and will give it a whirl once i get my box, really glad pfsense allows you to do this as i think restricting port forwarding adds (albeit a small amount) additional security. Thanks again!.

Thank you all for the clarifications.

This thread is 2 years old, and the OP never came back... If you have questions on how to best leverage pfsense in your environment I suggest you start your own thread detailing your network and any questions you have on how to best do some specific sort of thing your wanting to accomplish. To your question of squid, squid is a proxy package that can be used to filter access based upon a url that someone might access.. Like blocking access to www.facebook.com or only allowing access to say www.kidsafedomain.tld But to be honest, some of these sorts of features are more advanced than many users (without networking experience) understand and would come with a steep learning curve if not already up to speed. Asking what squid is - points to not having the basic skilsets that would make deployment of such features an easy solution.. You might be better suited with a more home "user" sort of device - there are many "home" friendly devices with interfaces designed for point and click control of what kids can access.. Maybe something of such a list of devices will be of help https://www.fatherly.com/gear/best-parental-control-devices-routers/

Thanks! I wouldn't mind your feedback on findings of the watchdog/bypass configuration. One simply doesn't know, when he meets the 1% he needs it for :)

pfSense, or actually whatever OS you put on your device, can't stop the BIOS from booting. The BIOS will even work with no disks or drives in your system. The BIOS not running means hardware issues or .... true : no power.

You can block Windows Update with squid

SPAM you think. Ok, I'll delete the post, no problem.

@chrismurph Sep 2 13:03:03 kernel code segment = base 0x0, limit 0xfffff, type 0x1b Sep 2 13:03:03 kernel frame pointer = 0x28:0xfffffe024b676f70 Sep 2 13:03:03 kernel stack pointer = 0x28:0xfffffe024b676ef0 Sep 2 13:03:03 kernel instruction pointer = 0x20:0xffffffff80ea3ea5 Sep 2 13:03:03 kernel fault code = supervisor read data, page not present Sep 2 13:03:03 kernel fault virtual address = 0x0 Sep 2 13:03:03 kernel cpuid = 2; apic id = 02 Sep 2 13:03:03 kernel Fatal trap 12: page fault while in kernel mode Looks like faulty RAM for me ... IMHO Maybe you can run a memtest at boot?

@beremonavabi Well it seems I have overlooked something. Indeed the Font Smoothing was not marked. Thank you for those who took effort to read my post. Thank you

And not sure how dev testing software in real would require domain admin Our software is used exclusively in AD networks, so testing involves having servers that are part of the domain. When you're testing with virtual machines that are part of a domain and you roll back to a previous snapshot, the domain trust is broken and you have to remove and then re-add the server to the domain. Plus, our solution relies on Microsoft DFS Namespace support, and I don't want them playing around with that on our real domain. That's why they need domain admin for some things. I know that I could probably design something else but this is the way it's always been done since before my time, and I'm planning on redoing EVERYTHING this Fall when Server 2019 comes out, so I'd rather not make any changes to what we have that works now. Mainly the split-DNS issue. OK then, I'm not concerned. I literally have two NATs to worry about, so split DNS for those will take 2 seconds to create and will likely never update. I think I will stick with the single forest-single domain model. Thanks again, guys.

Windows did a similar thing for me. Constant reboot+update loop. Turned out one of the Windows Features installed was incompatible with the update and I had to uninstall the feature first. I found this out by looking into the upgrade log and seeing why it failed. Luckily mine was on an NVME Samsung Pro SSD.

You prob not going to get much traction on such a question.. As stated you prob better off asking on dedicated android or openvpn forum for such a question.