JohnPoz, Indeed it was. Case closed

I believe I figured this out by trial and error. Here is the solution I've found: Turn on the OpenVPN client and leave it on (PIA DNS entries are in System==>General Setup); Assign the Apple TV's with DHCP static IP's, and then enter the Unblock-US DNS servers on the same static mapping page; Create an alias that contains all of the Apple TVs; Create a firewall LAN rule at the top of the list: Action=Pass, Source=Apple TVs Alias, Destination=any, Advanced Features–Gateway=WAN-DHCP. Tested on several devices, and seems to work perfectly! Not sure if it's the best solution, but so far seems OK.

Is it most likely looking at options 60 and 61 in the dhcp… I would have to do a sniff I don't think pfsense prob sends that?  Or if they do its not in the known lists of your aruba stuff.  Maybe you can an option there? They added some options in the gui to manipulate some setting for the dhcp.. If you click the advanced you might be able to setup the options you want to send so that pfsense is identified as what you want.. [image: clientoptions.png] [image: clientoptions.png_thumb]

what switch to you have exactly… I would have to guess it prob has ssh or as mentioned a web ui as well..  Make and model number will allow us to check. Console only switch in this day and age seems very unlikely

Hi thanks.. @BlueKobold: Hi everyone, i have a problem, please can you help me. What kind of Internet connections do you have. With dynamic or static public IP addresses? Or do you own two DynDNS Internet accounts? How do you want contact the offices each to the other? My internet connection is in office 1, then i have internet in office 2 by a datalynk with the isp, when a client in office 2 go to the internet it goes by public ip of office 1 I have two offices: office 1: 192.168.10.0/24 office 2: 192.168.11.0/24 This IP addresses are internal or private IP addresses and they wont be routable through the Internet! You need two DynDNS accounts or two static public IP addresses to built a VPN connection between the both offices and then you will be able to connect to the other sides resources and devices. These ip are private internal addreses and it communicates by datalynk, then i can access from one side to other side, but in office 2 i don't have control about internet, then i want to install the pfsense. My pfsense is located in office 2 with ip 192.168.11.253 (WAN), So there must be something in front of the pfSense firewall that is holding or the getting the public IP address. If you want to built a connection between them you will need to set up a VPN tunnel.

Thanks Gomez, I know that vlans will decrease performance of the NIC, of course. That infrastructure is located in a Camping, the wire goes underground, no law violation as everything is in the owners property :) Finnally I changed the pfsense box to the House A. I created two LANS, one for the wifi camping customers, and another one for the Office in House B. Currently there is just one WAN working, but when I'll receive the managed switch, I'll create a VLAN in the Office LAN adapter to include the secondary WAN access to the system. I will place the switch in house B. That one will be used for the Office people, as in peak times the main WAN access is saturated by the Camping wifi customers. Anyway I'd like to thank all the people that helped me on this. Pfsense forum is an example fo what a community forum has to be.

Reading other posts, it sounds like it might be a state timeout issue.  It's been suggested that switching the Firewall Optimization Options (System-> Advanced-> Firewall and NAT tab) to "conservative" may help.  Apparently typing "pfctl -st" in the console shows you the timings. Below are the normal values.  The fact that the "tcp.closing" timing matches up with your 15 min. disconnect issue is probably not a coincidence : [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  120s tcp.opening                  30s tcp.established          86400s tcp.closing                900s tcp.finwait                  45s tcp.closed                  90s tcp.tsdiff                  30s udp.first                    60s udp.single                  30s udp.multiple                60s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s Here are the conservative timings: [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  3600s tcp.opening                900s tcp.established          432000s tcp.closing                3600s tcp.finwait                600s tcp.closed                  180s tcp.tsdiff                  60s udp.first                  300s udp.single                  150s udp.multiple                900s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s

You don't want to use a network or host alias for that many entries. In 2.3, you can go up to 5000 members. Anything beyond that has to be a URL table alias, and likely anything beyond 1000 really should be as well.

First, complete your network…. and then...  test.  Even though it may work as connected it's not ideal and may not be reliable.  Not to mention, both NICs would need to support Auto MDI/MDI-X and Auto-negotiation. Go buy a switch, finish your network and retest. I would also recommend PCIe NICs if you have the slots.

Can pfsense support up to 16 Nic? Yes it will be able and there are appliances out there that will be able  to offer you many LAN ports as you need it. One of them would be the scope7-8771 from Landitec it is a official European distributor from Lanner. But if you think it might be that you change even the hardware if something is not really running likes expected this would be a hard and expensive trail for you as I see it right. Perhaps you might be getting a Layer3 switch that is then proper routing the VLANs for your network and the pfSense firewall is then only routing the WAN-LAN part. It would be perhaps the better option, or perhaps if money is not rare booth will fit and makes you happy.

There was a circumstance we fixed in 2.3 where radvd would try to run where it shouldn't have. It's just harmless log spam in that case.

Per the hardware requirements page (https://www.pfsense.org/hardware/#requirements), even on bare metal, in order to get over 500 Gbit, you need: Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters. So, I would go multiple cores, 4GB RAM and a 64 bit install to start with. Also, I've seen posts that suggest unless you're using the VMXNET3 driver you will see a ~400 Mbit limit. It may also be worth mentioning that since you have an HP server and using ESXi, you might want to re-install with the HP specific ESXi image, so all the drivers are VMware certified.  It may or may not make a difference, but it's just a thought.

Also one thing you do wrong is the router IPs. If the pfsense firewall itself do have 192.168.1.1 and 192.168.2.1, you CANNOT have the routers/AP's have the same IP. Then you will get a randomly unstable connection since roughtly half of the time, the router will reply on something the firewall should reply on. The routers/AP's should preferable use 192.168.1.2 and 192.168.2.2. So if the WRT54G really has the IP 192.168.2.1, you are getting a IP collision in your network, and thats why you get "Unstable connection" inside Android. So what you should do: LAN = 192.168.1.1 OPT1 = 192.168.2.1 Linksys = 192.168.1.2 WRT54G = 192.168.2.2

Sadly, that does not seem to help.  I dug up an older 100Mbps switch from a closet and stuck it between the cable modem and the pfSense router.  The first thing I noticed after resetting things was that when I powered down the cable modem, the router didn't appear to even notice.  Eventually, it did go into a "Pending" mode, but it still thought it had a valid IP address and I never got a failover to the UVerse WAN.  Turning the cable modem back on resulting in no recovery at all.  I still needed to reset the modem and the router. As far as I can tell, the IP address that I'm given by ComCast is a public one.  It is not an RFC1918 address. Dave

Perfect…thanks again  :)

Use the top command on shell to see the process php-fpm and look if closing the graphical interface the process will get lower. sorry my bad english

Yes. Did work. I comment the stty lines who were not allowing the change: // If the user does exist, prompt for password while (empty($password)) {         echo gettext("New Password") . ": ";         //exec('/bin/stty -echo');         $password = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } // Confirm password while (empty($confpassword)) {         echo gettext("Confirm New Password") . ": ";         //exec('/bin/stty -echo');         $confpassword = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } So i got change the password for both ssh and webgui: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: ( echo admin ; echo password ; echo password ; echo exit ) | pfSsh.php playback changepassword Starting the pfSense developer shell…. Enter username: Changing password for 'admin'.  New Password: Confirm New Password: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: Thank you a lot