@keyser: You can’t do that with RDP directly. But if you install “Remote Desktop Gateway Services” on a Windows Server, that will provide RDP access tunneled through HTTPS. When going through HTTPS you can do exacly what you are looking for with fx. HAproxy as a reverse proxy on pfsense. There you can do an ACL that only allows connections over HTtPS with the proper URL entered by the client. This works - I have it running on my home fw.

A port forward needs the frames to be TCP or UDP (ethertype 0x0800 for IPv4, 0x86DD for IPv6). No other protocol has ports. EAPOL frames are a L2 protocol with ethertype 0x888E which is NOT based on IP.

Thanks. I was having the same issue and the alias works very well. Thank you!

I can see how that would be annoying for people supporting pfsense as, depending on how fast the browers might autofill stuff. You don't know what autofilled it, and might not even consider the browser as the culprit. Btw, can i connect to the vpn if i'm connected to the local network that pfsense is hosting, just on the 192.168.1 subnet. Or would i have to find a separate network to test the connection from? Not sure how pfsense feels about that.

Remove GW_LAN. Also on the DHCP on pfSense make sure the default gateway is set to 10.0.0.1

no same picture as  the old pfsense computer strange I deleted the picture And I loaded it again And now it's all right

anyone?

https://forum.pfsense.org/index.php?topic=111043.0

I ended up with something like this: if [ `pgrep script.sh | wc -l` -gt 1 ]; then   exit fi

@Peter847: I run a small small office LAN through PfSense and am looking for advice on how I manage my UPS. The UPS supplies PfSense and a couple of Windows machines.  Its main purpose is to ride through the relatively frequent power drop outs that last a few seconds, real outages (greater than a minute) are rare.  It does not look easy to get one UPS management suite that will gracefully shutdown all the machines so I am thinking about letting PfSense just run out of power. PfSense runs on a passively cooled Atom system with an SSD, will I damage anything if I just let the power on the UPS run out and restart PfSense when the power returns? I have commonly dropped the power on a Pfsense router I have (Basically whenever I had a need to turn it off/restart it).  Only once in a few years of doing this have I had a problem.  I somehow managed to line up one of my power drops with a process you can't drop the power on and I had to run some program to fix it so that the router would operate again.  Consdering how many times I have dropped the power and yet I had this happen only once, it is quite rare.

It's possible that older APs didn't have the bandwidth to load the firewall to trigger the issue.

So, solution update. Editing the files via the webconfigurator was my problem. It seems as though the editor was saving blank files instead of my changes, and as such nothing was working. I edited the files with VI and the cert was accepted into the system. I do still have a issue with a different upstream cert, but I can fix that based on my fix with this one. Thanks for everyone's help, I'll try to add a guide on my site for this because I couldn't find anywhere online that referenced both files.

There isn't one if you ask me - ask Derelict he is the fan all tagged, no native or untagged on interface ;) I am not aware of any security issue with running tagged or untagged on same interface.  As long as you don't try and run multiple untagged vlans on the same interface there is no problem. moikerz point about the stats would be the only reason I could see of putting all vlans vs native and vlans… Because he is right the native interface will show total stats for the untagged and all tagged traffic... While your stats for your vlan interfaces will only show you stats for that specific vlan.. So if that is your concern, then that would be the reason you skin the cat that way vs the other way ;)

Pfsense will not block it.  Firewalls work by blocking connections you do not initiate.  When you connect to PIA, you are initiating the connection.

One way radius can be used to increase security is the ability to use say eap-tls to auth clients to a wireless network.  So now clients would have to have a different method of auth vs just a PSK.. This could be a username and password to auth to the network, or if something as secure as eap-tls.. Where now your clients have to have a cert issued by your CA, etc.. Use of of eap allows for the functionality of different logins for different users, so if say a user creds have been compromised or believe to be compromised you could just change those specific creds or disable them without having to change all your devices to use a new PSK, etc. You could 802.1x with your radius server so that devices are not allowed on the network be it wired or wireless unless they pass the auth you setup with 802.1x As example - you state you have your personal wireless.. Which I assume has access to more of your network then any of your other wireless networks.  So in this case you could require eap-tls to get on this network.  So only devices you actual trust and have given the correct certs could get on this network.

Maybe post a screen shot of the rules for your WAN and LAN? Not sure I can help but others might…

@johnpoz: So you want to put your ATT internet router behind pfsense??  It doesn't work that way.. You would put the ISP device in front of pfsense between pfsense and the internet/wan connection.  You could then bridge this so pfsense gets a public IP On it… Or you can double nat.. What specific device do you have from the ISP, or what device/service are you looking to get.. Needed any other information?

This is possible via switch that does vlans and support dynamic vlans, or wifi again that supports via radius or 802.1x etc.. This has always been possible - but really has zero to do with pfsense.. This is your switching/networking infrastructure to put your devices/users on different vlans… Once your devices are on different vlans then pfsense comes into play and can firewall that vlan from different vlan or allow network/vlan X to use wan 1  while vlan Y users wan 2. You don't need to be on different vlans to control which wan a connection goes out of - you can do this with policy routing based upon the IP all in the same vlan.. So IP 192.168.1.100 could go out wan 1, while 192.168.1.101 goes out wan 2, etc. Whatever method you want to use to make sure user X gets a specific IP works too - say radius auth handing user specific IP vs vlan ID, etc.  But all of that is your network and not pfsense.