If you download the root certificate and put that in your trusted certificate store in in the browser of the computer you are logging in with AND its common name etc etc are properly constructed, you will no longer get errors.  (I actually feel like ALOT of what goes on with certs and browsers is put there to make you feel uneasy unless you or someone else has paid a cert authority for a signed cert. - basically extortion on the stupid)

Here yes.  Without. This is just home. I only have traffic shaping running on the boxes others use for VPN access.
I used to have a 150 plan here, and it was nice but totally a waste here since the only servers running out of here are chat, phone, private VPN and other small things.  Nothing that ever touched my bandwidth.  So, I just moved it back to cheap old reliable FIOS rather than keep paying for bandwidth I never touched.  Mostly here what I need is less latency not more bandwidth.  I'll eliminate MOCA and should be all good.

Yes I get the rule in the firewall it just seems as if it is not working is all, I have no problem posting what ever is needed to help others and myself, just not sure on what you wanted sorry. I am a PFsense noob and moved over from DD-WRT, and have no or little experience with FreeBSD. I know a bit about Linux as that is what all my servers are running on (only saying all this so maybe the lingo gap for me can be bridged)

I speak good English but suck at typing and spelling lol so very sorry if that is making things harder

oh I think I know what you mean hold on, I will edit again in a sec

http://iblocklist.charlieprice.org/f/wujnnzxrgppvpdujdetm/bt_ads.gz

this is where I get the list from and as far as posting the Firewall rule it is auto gen'ed by PFblocker but I could take a screen shot if you need it

i reading your solution and install step by step with Localization-pfSense-2

Packages are not covered by that feature by default. It needs some extra coding by the package maintainer to do that.
I do not know any package which allows that.

@doktornotor:

In my experience, you should use IP and not FQDN for the RADIUS server.

That can definitely help if it's internal, for RADIUS (LDAP depends on the settings in use, FQDN is needed for SSL in most cases).

If you're using an FQDN you can check the DNS result seen by the firewall under Diag > DNS. It could be getting an external IP there rather than internal if you have a split DNS setup.

I did but it did not work at the time. Tried it again with some tweaks and it looks like it may work well enough for us to use.

I'm working with our LDAP administrator and was able to determine that the "Group member attribute" must be an attribute that you add at the user level (an attribute that all the group members would share) and points to the group that they all belong to. A better description might be "User memberof attribute".

Something to test: your setup OOM ?
Using 256 Mb for pfSense seems very small to me. Try setting up a 512Mb box.

no space key sticking

I don't remember how it used to be (I guess you mean 2.0.n?) There is no code for saving defaults for next time. But it would be handy to have, if someone cares enough to add a "save settings" button.
There was  discussion some time ago about making it always remember the last settings automatically. But on nanoBSD CF systems that would mean lots of unnecessary writes when a user is just selecting different settings in real time.

hello,

No need to modify anything.

Read this: http://doc.pfsense.org/index.php/Category:User_Management

Reboot changes nothing in pfSesnse.

Did you manually assign a Ip to access the webgui or using default one i.e 192.168.1.1? if you're using deafult one, try changing or putting these before ip of pfsense: "https:// or http://"

Make sure the system on which you're using to open webgui is dhcp enabled not a static ip one.

Thanks, found it with nmap.. now I can't login! Was I hacked and someone changed my password.. I did just replace my modem which sits 'infront' of my router.. can't see why that would affect it

@Gabri.91:

In 2.1 version, alias are already divided by category (host, port etc..)

Thanks
Great news :)