For the future. Rule of thumb, never get anything with RealTek hardware, even if officially supported. Same for Broadcom. I do purchase devices with my blacklisted NICs only if I have an acceptable path to install a NIC of my choosing. Got a motherboard for my desktop with a RealTek, installed an Intel i210. My firewall came with a RealTek, installed an Intel i350.

There are routing complications, as that system isn't going to be the default gateway in such a config. Need a static route on whatever is the default gateway to send the IPsec network over to that system's WAN IP.

@weust: I will give these a go later today or tonight. Thanks for the links. I will report back here on the results for both SMTP servers. Did you get this working?

Thank you jimp for the info.

I have the opposite issue with my ISP. If I get my IP to change by changing my MAC, I will still receive traffic for my old IP including the old MAC until the DHCP lease ends, which is like a week.

Tried that. Changed the MTU on the wan interface (as well, didn't take immediately in the gui either, had to force it from the shell). Frustrated that the (older) sonicwall works fine in similar setup but pfsense fails. This leads me to believe (hope?) that a setting needs changed. Still looking for suggestions! Thanks all.

short and crisp … and it works. - Thanks!

I think TPTB would also like to know your expected load in terms of users and traffic and additional packages you intend to use. Also, there is a sort of consensus to try to use Intel NICs for best driver support and performance/stability.

https://forum.pfsense.org/index.php?topic=95003.0 Well if the modems are similar try this. Ignore UE0 interface and go to PPP and see if you have interfaces like this. cuaU0.1, cuaU0.2 ext…. If you do -then find the correct port(guessing game) and then at bottom of PPP setup page hit advanced and go to modem initialization string and put something like the above post for the string. I used "AT+CFUN=1" as mine. All this does is interrupt the default modem script and use a barebone config, which works with many modern modems...My Ericsson H5321HW had this type issue. Are you sure U3G is not picking it up? PPP Is the only way this will work in pfSense.

Looks like I'm back up!! Also completed a firmware update (was about 2 releases behind). Would still like to know what happened though so I can avoid it in the future.

Some files are expected to change from the baseline, like the password files/databases, config files, and so on. It could be fine-tuned some more to ignore some of those. Long-term it would be nice to have some integrity verification but there is more work to do there yet.

I don't, no… all the info I have is what's indicated in that bug I linked to before.

Not currently, no. That sort of reporting is usually handled by a log or authentication server. If you have the system logs copied to an external syslog server, that may have a way to alert on login since it will cause a predictable entry in the OpenVPN log. If you have an external authentication system (RADIUS, LDAP) then it may have its own reporting.

Not currently, no. It is something we reevaluate from time to time, however. It may show up eventually, but it's not there now.