pfsense1 is a vpn server for remote access. pfsense2 is a vpn server for site to site.

Update your links.  None of them are working.

The issue with squid does appear to have been the culprit.  I'm not sure how squid got "installed', when PFSense didn't report it as installed. To fix, I installed squid, then removed it.  I've not had any issues since. david

It appears to have been another bug with the system. I've reinstalled most of the system, and everything has come back online. Weird.

WAN: 826MB in WAN2: 821MB in LAN 29GB out Doesn't pass sanity sniff test WAN: In-pass Average 1.46Mb/s Period 826.65MB WAN: Out-pass Average 80.99kb/s Period 1.54GB Since average is "Total/Time", and the Time is the same, it is logically impossible for the Out-pass to have a smaller average and a larger total. I agree, Something is wrong.

I restored from a snapshot I had, completely wiping the system. I have re-built to the stage I was at, and the system works fine. Just putting it down to a gremlin.

It's not normally necessary to set it. It should negotiated during the connection process. For example my WAN here at home is PPPoE, I have not set any MTU or MSS value at the interface setup. Also in the UK. In the PPP log I can see: Jan 6 18:09:01 ppp: [wan_link0] MRU 1492 Also if I interegate the interface at the command line I can see: [2.1.5-RELEASE][root@pfsense.fire.box]/root(2): ifconfig pppoe0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::290:7fff:fe3c:9609%pppoe0 prefixlen 64 scopeid 0xd inet 87.113.*.* --> 195.166.*.* netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast> Steve

Just in addition, a graceful reboot fixes it. On the ALIX installations, a power cycle doesn't do it.  It'll OpenVPN connect back up to me at my office but clients on the LAN and OPT1 side can't get out. Today, it happened on the Alix for the first time after 50 days of uptime.

Ok, figured it out. ifconfig bridge0 addr responds with the vlan tag

bump ~

When you can afford it. Sadly I dont have GCHQ's or the NSA's budgets.  ;)

I have one of these http://williamknowles.co.uk/?p=16 with a 2Tb external usb drive hooked up to my adsl modem and pfsense wan interface. This will save more packet capture data over a longer period of time than the the pfsense packet capture which hangs after a period of inactivity relkated in part to the default auto log off setting seen in System, User Manager, Settings tab, Session Timeout which is a default 4 hours. Might be useful as an alternative packet capture but notethe Rpi only does 10/100 nic speeds so no good on the lan side for most networks but useful for slower broadband connections. fwiw.

I found the issue, it was snort (even if it was disabled). so I removed it and google reachable

I did PM KOM and for what he said, my config should be good. I did a lot of messing around and finally was able to make it partially work. In my cPanel configuration I made tree DNS ZONES for example : a.MyDomain.com b.MyDomain.com c.MyDomain.com All of them are A RECORDS with the IP of my pfSense server. For some reason, only a.MyDomain.com will work. The two others won't. The a.MyDomain.com points to an HTTPS port. The two others to a HTTP port. Of course both protocols have been enabled in the Reverse Proxy general configuration. In the "Real Time" tabs, I do see when I type in from an external network the requests for a.MyDomain.com But i don't see anything when it is for b.MyDomain.com or c.MyDomain.com So my guess is: when someone types it in a browser, it doesn't even get to pfSense. But I don't understand why because all three DNS ZONES are perfectly identical!!! Any idea?

Alright, everyone. Thank you for your help. Got that one up and working perfectly. But now i have an issue on a new machine, here's a link to that thread https://forum.pfsense.org/index.php?topic=86329.0