Thank you! Thank you! Thank you! While I don't know exactly what the problem was, I am able to work around it by moving the PPPoE off of the pfSense unit onto the DSL gateway and still maintain the pfSense as the firewall. Now the Cloudflare sites are visible from inside my network. Thanks to your suggestion CMB, I was able to try another configuration on the WAN side that at least isolated the problem to PPPoE. Do we have a potential bug here in the PPPoE subsystem? I'm going to check with the Internet provider to see if any changes were made on their DSL infrastructure and see if there are any clues there. I would love to see the root cause of this explained and fixed. Bob.

who says its a problem?

Is it OpenVPN or IPSec? There are special topics here for each. Post the log from client and server.

Well after looking more in-depth on how VLAN's work and what I need to buy I made up my mind :) I got the D-Link DGS-1100-08 (https://www.amazon.com/gp/product/B008ABLU2I/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1) The reason I did not go with the T-Link is because people were complaining of a high pitch noise. For the access point I got the UniFi UAP-LR (https://www.amazon.com/gp/product/B00HXT8S9G/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1). I got this since it had good reviews and supported what I need. I also see it does have a guest option for logins which will work great for my needs. I have plans to make a guest VLAN with pfSense and then setup the VLAN on the UniFi AP and use that for the guest network. This is what I have a idea on from how I understand on how this all works. If I am wrong please do explain since I am new to this. Also another thing I would like to ask is for my modem I got the Q1000. I am guessing I will put the WAN into Transparent Bridging and put the PPPoE info on my pfSense router? (If Im right or wrong please let me know  :)) My new chart on the plan is this: Home: Modem -> Router(LAN) -> Switch -> AP (Home Network) Guest: Modem -> Router(VLAN) -> Switch - AP (Guest Network) Thanks

Anyone?

Sorry, just found arpwatch. Please disregard question. I haven't deleted it because when I initially searched the forum nothing came up. Cheers. Joe

Hi Guys i Managed to make it work and wrote a guide for this : https://forum.pfsense.org/index.php?topic=113228.msg629777#msg629777

@Harvy66: If the issue remains once you switch to another DNS server, have you tried bypassing PFSense to see if it's even PFSense that is doing it? Thanks for the reply.  The next step is to bypass pfsense and see what happens.  However, I won't be able to test that until later tonight, so I figured I'd touch base here and see if anybody had the same/similar issue. ~Spritz

Nothing broken with vi. If backspace doesn't work, your terminal type is screwed up. ctrl-h will likely backspace in that case. nano and vim-lite are available for those who want another option. Those are available via pkg install, but not in the GUI's package manager. They'll be kept up to date by the upgrade process just like any other package, only diff is if you reinstall the system and restore the config, or restore the config to a diff system, that package won't be reinstalled by restoring the config. But those will be equally broken if your terminal type is wrong.

Is the automatic rule cleaning part of the Miniupnp process, or is it something that PFSense must perform? In either case, is this tuneable at all?

Thanks for the reply, sorry been on holiday hence the delay. The bridge is used to join the WiFi adaptor to the LAN, so I guess it should be possible to remove.  I was considering even simpler solution though, such as plugging something into the LAN port, maybe just a cable from one of the spare ports on the box! I assume this is an issue introduced by 2.3 and thus quite high on your list of things to fix ?  ;)

@cmb: What specifically do you mean, what happens? I usually get this warning: WARNING: / was not properly dismounted and the boot process gets stuck at this point. I have waited more than 4 hours, but it holds there (the disk only has 12 GB). The other day I also got init error 8 after this warning. To detail a bit more my setup. I run a Linux hypervisor and have the VM disks as qcow2 files on a ext4 LVM logical volume on a SSD disk. The vm has this configuration for its disk:     <disk type="file" device="disk"><driver name="qemu" type="qcow2" discard="unmap"><source file="/var/lib/libvirt/images/pfSense.qcow2">       <target dev="sda" bus="scsi"><boot order="1"><address type="drive" controller="0" bus="0" target="0" unit="0"> </address></boot></target></driver></disk>

You can create certificates and chose between two types. These options can be changed under "Certificate Type" in pfsense Cert-manager when creating a certificate. User certificate - e.g. for OpenVPN clients, Radius Clients using EAP-TLS Server certificate - e.g. for pfsense WebUI, RADIUS Server, OpenVPN Server so it has nothing to do if pfsense "should be a server because it is creating certificates". Pfsense can be use a a CA (Certificate Authority) or like a certificate manager tool which can create certificates for many purposes. You can use pfsense as a certificate manager, create CA, certificates and so on and thennjust export them and use the certificates on complete different systems which do not have anything to do with pfsense.

Your question was already correctly answered on your post at serverfault.

Hi kulpreet, Its kinda 'by design'.. As these drain settings made on haproxy's stats page are not persisted by haproxy package. And every config change needs a restart of haproxy thus loosing its old state.. Though it maybe possible to save server state and load it back. Haproxy did add some support for that feature. http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#load-server-state-from-file I'm looking into that now. Regards, PiBa-NL

When you restore a backup, there's a drop-down list that lets you select which area of the backup you want to restore. By default it's set to ALL, so you will need to change it to just the area you want to restore.