Still got packet loss despite all software tweaking so this morning I replaced the LAN card. So far so good - 0 packets lost during a few hours so hardware problem was the diagnosis for this one. Thanks for all your input!

Yup +1. If there's line-of-sight Ubiquiti can probably do this for US$500 including ready spares for each end on the shelf. Likely won't be gigabit, or 10G as if the right fiber and optics were employed, but probably good enough.

NetFlowd was the only thing what I was finding its way into pfSense as today. ADI Engineering is assembling and building the hardware for the Netgate and pfSense store and they are now selling one Switch that will be called Pica8 P-3297 TCAM 48 x 1G OpenFlow Switch and is for sale. That must be meaning anything in any direction or could be a hidden statement to the point your are right for. But, and this should also be said, it could be a try out, a start and/or a point where pfSense will be jumping in at one day.

+2 on leave everything at default. I run more than one Asterisk box behind pfSense and normally let the SIP protocol deal with the behind NAT issues. Haven't needed sipproxd yet. Things have definitely progressed from the "bad-ol" days of needing to open ports willy nilly and still having flakey conx. More important to see what your Voip provider is expecting/can handle.

is it possible to look at the logs in pfsense that show me which connections were made at an earlier time? From the WLAN & LAN to the WAN I would imagine you could install Squid with user authentication and SARG for reporting then. It all depends on the traffic it selfs and the amount of log files that will be produced. But if all is going through the Squid proxy w/ user authentication you will exactly knowing who was doing what and at which time. for example, i am looking at the rrd graphs and see that my connection was heavily used between 4-5am, but i don't know how i can see who was using the connection at that time. That is more then a real time monitoring but you was asking for a longer time ago usage first. What you want exactly now? Or both? i am not looking for it to tell me someone was streaming youtube (although, that would be nice), i would want to see the LAN IP and what IP it was connected to, or something along those lines. It would be able to realize but then the WLAN should be secured by a radius server and for guests over a Captive Portal otherwise or if this be an open WLAN as a HotSpot you will never be ale to see who was it, if the whole street is surfing over your AP or pfSense. do i need to implement a syslog server and log everything to that? A small RaspBerry PI 2.0 with the new WD 314 GB HDD one will be sufficient to realize many more things  together with; syslog-ng, MRTG & CACTI ELK (ElasticSearch, Logstash, Kibana) on pfSense directly w/ Squid & SquidGuard & SARG is there a place to set how much storage can be used by ntop? will it recycle storage when it needs more space? i want to make sure i don't crash my box by letting the hard drive pfsense runs on fill up. Then add a bigger HDD/SSD or set up a small Intel NUC connected to a monitor where you can install or run the following things. PRTG Network Monitor Scrutinizer WireShark F.l.a.v.i.o. Splunk I would more have a look for the following two thinks Squid & SquidGuard + SARG plus PRTG on an Intel NUC or ELK syslog-ng & MRTG & CACTI on a RAPI

I've been thinking about open VPN but Isn't this going to low down my speed. After all the hotspot's speed is low enough. Yes BlueKobold I am using Kali linux but It came the time that I am sorry that I never get deep into Linux this stupid windows each year become more more privacy nightmare specially now windows 10. I will probably keep using Kali for a time been I just waned to see if it is a good idea to setup virtual box with PFSENSE Thanks to all

That something can be technically done might be not even the best to realize it really. So if I had to be true fully to you I would aware of such a set up like yours. In service networks from TIER1,2,3 or smaller or locally homed ISPs this could be done and is often offered as a service but based on totally other hardware devices and on top of this surely based on faster and more stable connections or uplinks. You as a company are using a customer network but this named above carriers or ISPs are driving this through their service network and then it is more stable and on this stage it makes sense. I want when the QinQ connection is established,computer2  get the ip from the DHCP Pool on PF1.How can i do this? QinQ VLANs are Layer2 based and the entire WAN through the Internet will be a routet way so it could really be, that you will be having success with a L2TP/IPSec VPN connection or a BGP connection betwenn this two points, but I personally would recommend the following. Let the QinQ VLANs end at there WAN end point that might be the border firewall, border router or a gateway at a network edge or node and than connect the both networks over one or more VPN or BGP connections and thats it.

Why could you not just fire up a 2nd instance of vsftp have it listen on the IP your sending your want/internet users to with the passive setup to use your public ip.  And a second instance listen on different rfc1918 address where your local clients go. Or as hinted upon just use a secure method of file transfer like sftp that only uses 1 port and there you go no issues, and now your secure!!  And all you have to do is forward 1 port on pfsense. ftp has been antiquated for YEARS, anyone still using it just nuts or lazy… There are FREE sftp clients for any user of any OS to use, there is FREE servers, shit any linux distro out there comes with it.  You can do it on windows now for free as well. So what could be the excuse of still trying to use a unsecure antiquated protocol like ftp?

I had the same problem before, but I solve it here's how i solve it. make sure you're on the same network with all of your unifi AP then run the unifi controller try to adopt all of the AP it it not work, hard reset all your AP and try to adopt them again if still not work, try unifi discover (you can download it from ubnt.com) to adopt it if some of your AP is isolated, use the wireless uplink from the nearest/strongest signal

As promised: https://www.infotechwerx.com/blog/Creating-a-Simple-pfSense-Bridge

Mine currently works 1    <1 ms    <1 ms    <1 ms  pfsense.localdomain [192.168.1.1]   2    2 ms    2 ms    3 ms  xxx   3    14 ms    13 ms    14 ms  xe-10-0-0.bar2.Minneapolis2.Level3.net [4.59.66.5]   4    38 ms    38 ms    39 ms  ae-21-52.car1.Denver1.Level3.net [4.69.147.99]   5  103 ms  105 ms  127 ms  ae-21-52.car1.Denver1.Level3.net [4.69.147.99]   6    66 ms    70 ms    73 ms  CENIC.car1.Denver1.Level3.net [4.30.24.58]   7    74 ms    73 ms    73 ms  198.83.83.5   8    67 ms    67 ms    67 ms  208.77.78.190   9    69 ms    69 ms    68 ms  bldg116-0020.unm.edu [129.24.192.30] 10    *        *        *    Request timed out. 11    68 ms    68 ms    69 ms  unm.edu [129.24.168.32]

Routed subnet as I said before.

I already bought the Intel, I didn't want to risk it. I can't find any topics on it over other NICS, is it just the support?

For safety reasons (IPMIs have awful security track records), I'd disable the NIC sharing where you have a dedicated IPMI port on the hardware. We do that on the systems we sell where that's applicable. If it's hardware that only has a shared port IPMI, use that port for your LAN rather than WAN as OP did.