And, yes, it was the network card. As soon as I replaced it with an Intel (and fixed an "Interfaces not found" error) it was up and running in no time. Thank you.

fixed it

OK, many thanks.

First test ran for a couple of minutes, result approx. 500 MB I will check out FreeBSD too

The source of the high fragmentation was iperf testing, artificial traffic. Our IPsec connections normally don't generate that much fragmented traffic, the testing was not done through IPsec. I think this value should be adjustable, as the firewall should be able to handle the amount of fragmentation that is within norms for the connection without cutting connections off.

@torontob: Hi everyone, I have a Windows 2008 R2 in a datacenter which is serving as my VPN server for all users that is remote to our office. My office pfSense allows one of my users to connect to that Windows VPN server flawlessly - but the moment the second user tries to connect it fails. What could be the issue? and where can I look for the issue? It is clearly stated in the documentation and on the pfsense website that you are limited to one connection per remote IP for PPTP.

Yes I will and thanks. It works now. cheers

Ok…so I saw another thread you have out there about moving an old router to the OPT1 interface on the pfSense box and setting it up to be just an AP.  Get that done first, then come back to this thread/task.

NAT was not an original feature in SIP. In fact it had to be shoe-horned in later as carriers started going after your run of the mill residential service customer. Its still not perfect and devices and carriers still deal with it in different ways. Most carriers will let you sign in with multiple SIP devices into one account. I know of non that can reliably do so when the customer is trying to use the same "public" IP address for more than one device. I use VOIPo and have multiple SIP devices on my primary business numbers at different locations.

Post a network diagram, including what subnets are where. If you have a layer 3 switch inside your network then you are going to need static route(s) to tell pfSense how to route back to the network(s) behind the layer 3 switch.

@Wolf666: With pfSense, you can setup rules in order to route specific IP to use VPN only. So, map as static IP any client you need to be routed through VPN. Set outbound and firewall rules accordingly. If you want, like me, build a separate subnet, dedicated to VPN. You can also use VLAN approach. As VPN provider I suggest AirVPN. Wolf666, thank you for the ideas and VPN suggestion

@BlueKobold: I am facing a weird issue with pfsense. Perhaps you are only in a so called thinking false! Dual wan links have been configured with failover and loadbalancing rules. One of the links randomly shows  'latency' and later 'offline'. In normal you have to decide betewen load balancing (both WAN lines are active) and fail over (only online and is active)! Can this be the problem at all? Please try setting up the following: Dual WAN load balancing by using policy based routing So you will be getting the most out of it, because both WAN lines are active and if one fails the other WAN line will be used alone. Thank you for your response. The failover and load balancing rules have been configured seperately to seperate usage. Ill attach snapshots of the config. [image: gateway_groups.png_thumb] [image: gateway_groups.png] [image: 3.png_thumb] [image: 3.png] [image: 2.png_thumb] [image: 2.png] [image: 1.png_thumb] [image: 1.png]

Ntop/NtopNG would do the trick for showign individual host usage, though it probably can't do emailed reports - unless you can script something yourself.

As long as the service is running, that config's fine. That error happens during boot because the DHCP lease registration process wants to HUP dnsmasq upon certain changes, but at that time during boot it may not be running. It's safe to ignore.

We are thinking of moving from Untangle (Free) to Pfsense.  Basically, all I want Pfsense to do initially is filter web traffic content (ie. Facebook, Port etc).  I don't want it to do any routing, firewall-ing, or anything like that. But why not only a CentOS system with a Squid + SquidGuard then? Is this possible? For sure it will, but only with Squid + SquidGuard it will be much easier to administrating. To look out of a window, you don´t need building a skyscraper, a normal house will do it also!

Have a look at Ruckus Wireless Zoneflex 7363 APs on eBay. They regularly sell for something like 120,- to 170,- Eur, are dual-band and offer great coverage due to their beam steering technology. I live in a high density WLAN area as well (approx. 30 APs around) and still manage to get streaming audio to 8 or so Squeezeboxes wirelessly - unfortunately they only support 2.4GHz.

Yes.  Should be fine.