The most straightforward way (well, the only one I can think about), involves using dynamic DNS services. You just set the local interface of the tunnel to a failover gateway group, and destination to a dynamic DNS host which is tied to the failover gateway group on the other side. Repeat on the other side. That's it.

any1, all i need is some info and a suitable value in those fields in settings

@Cino:

I'm sorry to hear that man  :( I hope your luck turns around quick… Not sure what kind of position your looking for but you have helped out a lot on the forums and coded.

Appreciate the kind words. Looking for desktop infrastructure, support or something even junior in a linux environment. Might end up just doing more piece work or moving to find a job!

@zootie:

After months of testing and overwhelming positive feedback, it's clear the drivers I compiled work more than ok for most environments.

Early on, I contacted carlmeek to see if he needed help testing the new drivers, and to see if they met the bounty requirements. Having just gone through considerable upheaval in their environment (which the other versions helped somewhat), he was reticent to introduce these new drivers before they got more mileage from other users and there was more feedback: he had a solution that seemed stable enough. Since then, I've sent other PMs after it became even more  clear that the new drivers work much better than all prior solutions, and that Heartbleed and other security patches were integrated into pfSense (requiring updating all pfSense installations), but I've gotten no replies.

I devoted considerable time and resources chasing this bounty (the "fix" seems simple once you figure it out and look backwards, but it is very time and resource intensive to try different things to figure it out). And I've kept trying to integrate the drivers into the 2.1.x ISO build process, with moderate success, so they can be distributed as part of an official release. However, w/o the hope of ever winning the bounty, I can't afford to devote enough time to integrating the drivers into the 2.1.3+ build process in a timely manner (specially given that at this rate, pfSense 2.2 with native hyperv support might be released by then, rendering all my efforts moot).

I haven't had a chance to test it first hand, but it seems that 2.2 is coming along nicely, and that we might see a release sooner than later. Then again, it might take months, and we don't know yet what features and configuration changes might need tweaking between 2.1.x and 2.2.

So, in the mean time, I'll try and keep working on the ISO integration for 2.1.x, if only to give the community options, but if carlmeek comes back, or if there are other commercial users willing to replenish the bounty, it would enable me to devote more time and resources to the 2.1.x driver integration ISO build.

Sounds like a lot of work. I would wait for FREEBSD 10 based release really. Have you been poking around the 2.2 alpha?

Multicast won't work over IPSec unless you also do a L2TP tunnel as far as I know.
And it will work over OpenVPN, but not if you use TUN, only over a TAP interface.

You would need to make a VPN bridge, but I haven't been really successfull yet :)

@gequiros
If you are still looking for one, pop me a mail michaelgustavo@rocketmail.com

I'm clicking the envelope icon under your profile and sending messages.  It must not be working.

check group ACL in the squidguard package. It can do exactly what you want todo and doesn't cost you anything ;)

Hereby I cancel this bounty - thank you anyways to Stefan H. who replied by PM/email and offered his help.
I'm cancelling, because I got the solution up and running under shorewall. Sorry pfSense - it's been nice with you.

download the latest 2.2 snapshots and select theme "pfsense_ng_fs". The menus are not responsive, but the main frame is to some extent.

Couldn't you just put the captive portal on a separate interface.  Create an alias for all the URL's and create a rule on the interface only allowing traffic to the alias?

"& LAN interface IP's and gateway's to. "

Why do people not get this??  Why would you set a GATEWAY on a LAN firewall interface??  I just don't get it – but every single day there are like multiple posts where this is the problem!!

A gateway is an address a device uses to get OFF the network its on..  pfsense has this on its WAN -- this is how it gets to the internet.  Is there some address on its lan segments that it can use to get off that segment?  Then why would you set a gateway?

Devices on your lan segment would use the IP address of pfsense lan interface - this is how they GET off the lan segment.  They say hey I need to to talk to something 192.0.2.42 that is not on 192.168.x.0/24 -- where should I send this traffic.  Oh my gateway (pfsense) it will know where to send it!!  Pfsense gets this traffic and says oh -- I don't have any interfaces in that network, so I will send it out my gateway (internet).  I knows this because of its routing table.

What I don't understand is people wanting to setup a complicated VM setup with multiple network segments, multiple internet connections and don't understand even the basic concepts of what a gateway is.. Just blows my mind!!

As to figured out -- no your not even close.. Why do you have 192.168.100.1 em3 interface (dmz)??  Thought you said already that was your modems address..  Why would you set a gateway of 192.168.1.99 for DMZ?

Why do you have 2 physical interfaces connect to your esxi vswitches? lan and dmz??  Do you really have that much bandwidth - are you teaming?  To what switch?  I would break out your vmkern to its own interface if not its own segment for security.

If you want to setup some time for a Team Viewer session I would be happy to get it working for you - as to your bounty.. That can be donated to pfsense.

@bryan.paradis:

@CardinS2U:

Adding to that . Pretty much when I enable  the traffic shaper everything is slow. Browsing sites is slow. When I remove the shaper everything is fast but when torrents run nothing can be browsed. My connection is 50/10 comcast biz

Cardin

what hardware ?

Core 2 dual
4 gigs ram
160 gigs sata

maybe you can save your $50  ;)

under "Additional BOOTP/DHCP Options" put
number :3
type: IP address or host
value: 0.0.0.0

see here DHCP options here: http://www.iana.org/assignments/bootp-dhcp-parameters/

I enable it and started to get :

Date: Thu, 06 Mar 2014 21:30:01 +0000

X-Cron-Env: <shell= bin="" sh="">X-Cron-Env: <path= etc:="" bin:="" sbin:="" usr="" sbin="">X-Cron-Env: <home= var="" log="">X-Cron-Env: <logname=root>X-Cron-Env: <user=root>Warning: filesize(): stat failed for /var/squid/cache/swap.state in /usr/local/pkg/swapstate_check.php on line 47</user=root></logname=root></home=></path=></shell=>

So you are looking for something like:

General Tab

Thanks