Thanks again Steve. I'm asking in relation to that other thread of mine you replied to, in case I need to build another box.

I raised a bug report: https://redmine.pfsense.org/issues/3951 That way it does not get forgotten.

You don't have $60 ? http://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ Bridging the pfSense interfaces will be: 1. More complicated 2. Exhibit inferior performance Yes, it can be done, but to be frank, I'm not sure I have the patience to spend a bunch of time talking you through doing it wrong so you can avoid spending $60. https://doc.pfsense.org/index.php/Interface_Bridges Here it is in a nutshell, though: Create VLANs 100 and 200 on eth1 (or whatever your available interface is) Create a bridge containing LAN and  eth1_vlan100. Assign interface LAN to BRIDGE0. Assign interface GUEST to eth1_vlan200 Set your guest IP info and firewall rules on the GUEST interface. Your AP should be set to send your internal SSID tagged on VLAN 100 and your guest SSID tagged on VLAN 200.

FYI- There is not currently any script to perform that function on the command line or to otherwise bulk create certificates.

This seems to be perfect! Thank you so much!

Thank you for the clarification. I guess I was expecting /32 addresses expanded through the whole range. I like this truncated method better anyway.

Hi, Thanks for the good suggestions from you guys i really appreciate it.

I have no idea how this happened, but I finally found the problem.  The more suggestions I tried and the longer I worked on it, I realized that it acted like I did not have a default gateway.  I did have an active gateway I could ping the outside world, I just could not get there. Then I found this check box in my gateway setting page. The little check box that says that this gateway is the default was not checked. :o, (see attachment) I'm at a loss I'm just happy it's working at this point. Thanks for everyone's suggestions [image: pfSensesolved.JPG_thumb] [image: pfSensesolved.JPG]

Yes, that's the full list of known issues. As always, it'll be out when it's ready. That'll definitely be well before the second half of 2015. Currently aiming for release in 2014, as we're not far.

It's common in the commercial software and hardware industry to charge a yearly support fee that's roughly 20-25% of the cost of the software license in the first place. If you end up falling behind on maintenance, you are often offered the option to either re-license the software at full price with a year's support or to pay for the missed renewals to get caught up. More often than not, for anything of about two and a half years or less time, it's much less expensive to pay the retroactive support. The other option would have been to go out and buy a brand new device at full price. Since you just "took over the account", I would expect you to be fully aware of this.

WOW i missed that lol thx i feel dumb xD ill try that out btw sorry for wasting time I am learning how to network while I am doing this

Thank you! That is easy. I was expecting a 100 step process to do this. I will try this later today. Again, thank you!

From https://github.com/pfsense/pfsense/blob/master/conf.default/config.xml <minute>30</minute> <hour>12</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command></command>/usr/bin/nice -n20 /etc/rc.update_urltables and what it looks like from the Cron package GUI display is attached. Seems to be 12:30 local time every day. [image: update-url-tables.png] [image: update-url-tables.png_thumb]

pfsense should by have a lot of agents  to integrate logs with third party solutions like OSSIM , ELSA etc etc, I love OSSIM and I'm waiting for a serious agent to full integrate pfsense with OSSIM, i'm dream with that … lol, i'm not fan of syslog.

@firewalluser: Could this issue with the states also affect the wan connection? No, it's the other way around: dropped WAN causes stale states when it comes back up. One thing I have noticed which I have not seen in previous versions of pfsense ie 1.2  . . . . . . . . this is new hardware and a new isp, I'm still tracking down what exactly is occurring, hence the question about if the states might affect the wan connection? Sounds like you have issues with your new ISP.  What kind of connection is it?

Whats your setup like and what exactly are you trying to achieve? For example do you have a setup like this? 1 Wan to ISP A 1 OPT1 to ISP B 1 Lan to a number of devices like games consoles, computers, tablets, phones via wifi and ethernet? Is one of the ISP's a mobile data provider? If so these networks work differently compared to normal net access due to the way the mobile phone system traffic management works, its more burst like, unlike normal net access which is more continuous and consistent in the transmission of data. This would make sending games console data out over mobile not so good and something to avoid. Some of the fancy things you can do with pfsense is have your games console traffic come in over wan, but send the games console data out over Opt1 (ISP B). Any fixed ip's in use and need to be used? Likewise you could route some traffic to use Wan and other traffic to use OPT1. You can load balance, traffic shape, plus lots lots more. If you know the games consoles mac id's then you can assign it a fixed ip address (Services, DHCP Server assuming you are using a pfsense dhcp server). Then you can add some rules (Firewall, Rules, Lan tab), that sends the games consoles SOURCE ip address traffic to the WAN net Destination or OPT1 destination. If you have many games consoles, consider creating an alias (Firewall, Alias) and add a new alias called Games Console, and add the HOSTS fixed IP addresses. Then back in the lan firewall rule from above, change t he SOURCE ip address to the alias, then the same rule will apply to all the ip addresses listed in the alias. Do you need to restrict access to between certain hours for these games consoles? If so in the lan firewall rule from above edit the rule and choose a schedule from the drop down list. To create a schedule like no internet access after 10pm mon to fri, go into Firewall, Schedule, add a new schedule, name it, select the weekday headers Mon through to Fri and then set the time 6am to 22pm. This will make the rule work only mon to friday 6am to 22pm. If you want to allow different access on a Sat & Sun, edit the schedule and add Sat & Sun plus the couple hours missing Friday night and restricting access from 22pm Sunday night. To have all other devices use the other net access, create a lan rule which NOT allows the alias group access to the wan or opt1 net Destination connection. Dont know if the above is useful or not, it depends on your network setup and what exactly you want to achieve.

If you manage the certificates on another system you could get away with only needing the OpenVPN server certificate private key (not the CA private key or the user certs/keys). You couldn't use the export package, but it would work. In that scenario the only certs on the system (aside from the GUI's cert/key) would be the CA cert, Server cert, and Server key.