Update: Something like this (as en example): Total (GB) 631.962 Total upload (GB) 75.233 Total download (GB) 556.729

Well Johnpoz, I already said I was abit scary about that Teamviewer stuff. Well I turned out I was right, it is scary. :o I opened the window and the first thing I see some weird userlogin ???, like you would login on facebook, too flashy to my thoughts, especially the ads. It looked like a goddamn free antivirus to me. I don't want that despite its superior performance. Not on my tiny industrial-home network, I'm sorry. You said there wasn't a solution for my problem other than using that junk described above or some other commercial RDP software. I am a stubborn man and I couldn't believe that there was no proper way to connect to that Windows 7 machine even though I was aware that that there might not be any solution than to upgrade to a higher version. Well, I am a genuine windows client-server user, but this hack had to be done for the sake of this matter. At first I thought it was a piece of spy/malware but apparently it turned out to be quite genuine in some way. I installed the concurrent RDP patch, and RDP works now. Its quality is what I expected to be as I have used microsoft RDP on xp it in the past. I feel there is nothing compared to that quality. Today I tried to log on my Win7 Home Premium but I couldn't. The reason was expected because I was updating and it must have changed the particular file. I have restored a backup and turned off updates. The machine has SP1 but lacks other updates. It is better to stick with that. I don't want to loose my future connections because of that. Besides we are using pfsense right? Well actually I don't what I am talking about, I have set up SNORT, I think you have to know some rocketscience to able to get that to work and really interprete what is going on. Frankly that is way above my head. Greetings

okay,so a usb of about what,4 GBs is fine?

OK that worked. Thankyou!

when you reset the xclaim ap to factory default do you see the ssid XCLAIM SETUP? I am running xclaim APs with pfsense with no problems at all I also set them up with vlans and they work great with pfsense

@Derelict: Yes. You might also need a route to get the traffic into OpenVPN then an iroute in the CSO to route from OpenVPN to the correct tunnel. Thanks, I will definitely keep this in mind and maybe give this a shot before trying 2 VPN servers when the time comes.  After reading on iroute, that might be the missing link.

Thanks so much!

I can acces the internet, this is my fault, i forget to fil the proxy config in the clients because we work with a proxy in our corporation. But i have already fil the proxy config in pfsense, i was thinking clients work natively with the proxy yet renseign in pfsense but not, i have to fil the proxy address in each client… There not a solution for have not to renseign proxy with hand in each client ???

There is nothing stopping you from using pfSense to NAT for 500 ports on a layer 3 switching infrastructure. It would do that quite well. private IP /28 address which will be NATted Seems like for 500 ports you really want a layer 3 switching solution. Are all these 500 ports within 100m of each other or are you dealing with multiple wiring closets? IPv6 address I assume you mean IPv6 /64 DHCP on each subnet You will want to use your switching infrastructure or an external DHCP server with helpers for this. pfSense will not be the way to go. But if you want to build all that behind pfSense, it will NAT for you beautifully.

Well, updated BIOS from A05 to A07 and after the reboot for that, CPU usage is back to normal and has remained so for a few days.  So either that BIOS update corrected something or the reboot temporarily masked the problem.  I suspect the BIOS was the fix since my RRD graphs show that there was no dip in CPU usage after previous reboots. As for Realtek, I still think it's best to work with them if possible.  Plenty of home users of pfSense that are not going to spend $60/each on NICs.  The Realtek's may suck if you really need full line rate 24/7, but as long as I can get 100Mb/s in each direction, I'm happy (as I would think would be the case with most home users). One of my FreeBSD buddies does state that they do officially support Realtek, and rather than telling people to go run Linux (where the Realteks are not as flaky) or switch to something else, users should open bug reports if there seems to be a real driver issue.

Could it perhaps be that the Ubuntu internal firewall is blocking something?

@jits: Ok, thanks. You just gave me a brilliant idea! For MLPPP, MPLS, VPLS you could also try out or have a look on the following device or software; Brocade 5600 vRouter (formerly Vyatta 5600 vRouter) (MPLS & VPLS) OpenBSD & Quagga (BGP & VPLS) MikroTik RouterOS (MPLS & VPLS) Vyatta OS (MLPPP, BGP, MPLS, VPLS) ClearOS (MLPPP, BGP, MPLS, VPLS,)

JohnPoz, Indeed it was. Case closed

I believe I figured this out by trial and error. Here is the solution I've found: Turn on the OpenVPN client and leave it on (PIA DNS entries are in System==>General Setup); Assign the Apple TV's with DHCP static IP's, and then enter the Unblock-US DNS servers on the same static mapping page; Create an alias that contains all of the Apple TVs; Create a firewall LAN rule at the top of the list: Action=Pass, Source=Apple TVs Alias, Destination=any, Advanced Features–Gateway=WAN-DHCP. Tested on several devices, and seems to work perfectly! Not sure if it's the best solution, but so far seems OK.

Is it most likely looking at options 60 and 61 in the dhcp… I would have to do a sniff I don't think pfsense prob sends that?  Or if they do its not in the known lists of your aruba stuff.  Maybe you can an option there? They added some options in the gui to manipulate some setting for the dhcp.. If you click the advanced you might be able to setup the options you want to send so that pfsense is identified as what you want.. [image: clientoptions.png] [image: clientoptions.png_thumb]

what switch to you have exactly… I would have to guess it prob has ssh or as mentioned a web ui as well..  Make and model number will allow us to check. Console only switch in this day and age seems very unlikely