okay,so a usb of about what,4 GBs is fine?

OK that worked. Thankyou!

when you reset the xclaim ap to factory default do you see the ssid XCLAIM SETUP? I am running xclaim APs with pfsense with no problems at all I also set them up with vlans and they work great with pfsense

@Derelict: Yes. You might also need a route to get the traffic into OpenVPN then an iroute in the CSO to route from OpenVPN to the correct tunnel. Thanks, I will definitely keep this in mind and maybe give this a shot before trying 2 VPN servers when the time comes.  After reading on iroute, that might be the missing link.

Thanks so much!

I can acces the internet, this is my fault, i forget to fil the proxy config in the clients because we work with a proxy in our corporation. But i have already fil the proxy config in pfsense, i was thinking clients work natively with the proxy yet renseign in pfsense but not, i have to fil the proxy address in each client… There not a solution for have not to renseign proxy with hand in each client ???

There is nothing stopping you from using pfSense to NAT for 500 ports on a layer 3 switching infrastructure. It would do that quite well. private IP /28 address which will be NATted Seems like for 500 ports you really want a layer 3 switching solution. Are all these 500 ports within 100m of each other or are you dealing with multiple wiring closets? IPv6 address I assume you mean IPv6 /64 DHCP on each subnet You will want to use your switching infrastructure or an external DHCP server with helpers for this. pfSense will not be the way to go. But if you want to build all that behind pfSense, it will NAT for you beautifully.

Well, updated BIOS from A05 to A07 and after the reboot for that, CPU usage is back to normal and has remained so for a few days.  So either that BIOS update corrected something or the reboot temporarily masked the problem.  I suspect the BIOS was the fix since my RRD graphs show that there was no dip in CPU usage after previous reboots. As for Realtek, I still think it's best to work with them if possible.  Plenty of home users of pfSense that are not going to spend $60/each on NICs.  The Realtek's may suck if you really need full line rate 24/7, but as long as I can get 100Mb/s in each direction, I'm happy (as I would think would be the case with most home users). One of my FreeBSD buddies does state that they do officially support Realtek, and rather than telling people to go run Linux (where the Realteks are not as flaky) or switch to something else, users should open bug reports if there seems to be a real driver issue.

Could it perhaps be that the Ubuntu internal firewall is blocking something?

@jits: Ok, thanks. You just gave me a brilliant idea! For MLPPP, MPLS, VPLS you could also try out or have a look on the following device or software; Brocade 5600 vRouter (formerly Vyatta 5600 vRouter) (MPLS & VPLS) OpenBSD & Quagga (BGP & VPLS) MikroTik RouterOS (MPLS & VPLS) Vyatta OS (MLPPP, BGP, MPLS, VPLS) ClearOS (MLPPP, BGP, MPLS, VPLS,)

JohnPoz, Indeed it was. Case closed

I believe I figured this out by trial and error. Here is the solution I've found: Turn on the OpenVPN client and leave it on (PIA DNS entries are in System==>General Setup); Assign the Apple TV's with DHCP static IP's, and then enter the Unblock-US DNS servers on the same static mapping page; Create an alias that contains all of the Apple TVs; Create a firewall LAN rule at the top of the list: Action=Pass, Source=Apple TVs Alias, Destination=any, Advanced Features–Gateway=WAN-DHCP. Tested on several devices, and seems to work perfectly! Not sure if it's the best solution, but so far seems OK.

Is it most likely looking at options 60 and 61 in the dhcp… I would have to do a sniff I don't think pfsense prob sends that?  Or if they do its not in the known lists of your aruba stuff.  Maybe you can an option there? They added some options in the gui to manipulate some setting for the dhcp.. If you click the advanced you might be able to setup the options you want to send so that pfsense is identified as what you want.. [image: clientoptions.png] [image: clientoptions.png_thumb]

what switch to you have exactly… I would have to guess it prob has ssh or as mentioned a web ui as well..  Make and model number will allow us to check. Console only switch in this day and age seems very unlikely

Hi thanks.. @BlueKobold: Hi everyone, i have a problem, please can you help me. What kind of Internet connections do you have. With dynamic or static public IP addresses? Or do you own two DynDNS Internet accounts? How do you want contact the offices each to the other? My internet connection is in office 1, then i have internet in office 2 by a datalynk with the isp, when a client in office 2 go to the internet it goes by public ip of office 1 I have two offices: office 1: 192.168.10.0/24 office 2: 192.168.11.0/24 This IP addresses are internal or private IP addresses and they wont be routable through the Internet! You need two DynDNS accounts or two static public IP addresses to built a VPN connection between the both offices and then you will be able to connect to the other sides resources and devices. These ip are private internal addreses and it communicates by datalynk, then i can access from one side to other side, but in office 2 i don't have control about internet, then i want to install the pfsense. My pfsense is located in office 2 with ip 192.168.11.253 (WAN), So there must be something in front of the pfSense firewall that is holding or the getting the public IP address. If you want to built a connection between them you will need to set up a VPN tunnel.

Thanks Gomez, I know that vlans will decrease performance of the NIC, of course. That infrastructure is located in a Camping, the wire goes underground, no law violation as everything is in the owners property :) Finnally I changed the pfsense box to the House A. I created two LANS, one for the wifi camping customers, and another one for the Office in House B. Currently there is just one WAN working, but when I'll receive the managed switch, I'll create a VLAN in the Office LAN adapter to include the secondary WAN access to the system. I will place the switch in house B. That one will be used for the Office people, as in peak times the main WAN access is saturated by the Camping wifi customers. Anyway I'd like to thank all the people that helped me on this. Pfsense forum is an example fo what a community forum has to be.

Reading other posts, it sounds like it might be a state timeout issue.  It's been suggested that switching the Firewall Optimization Options (System-> Advanced-> Firewall and NAT tab) to "conservative" may help.  Apparently typing "pfctl -st" in the console shows you the timings. Below are the normal values.  The fact that the "tcp.closing" timing matches up with your 15 min. disconnect issue is probably not a coincidence : [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  120s tcp.opening                  30s tcp.established          86400s tcp.closing                900s tcp.finwait                  45s tcp.closed                  90s tcp.tsdiff                  30s udp.first                    60s udp.single                  30s udp.multiple                60s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s Here are the conservative timings: [2.2.6-RELEASE][admin@pfsense.hybrid.home]/: pfctl -st tcp.first                  3600s tcp.opening                900s tcp.established          432000s tcp.closing                3600s tcp.finwait                600s tcp.closed                  180s tcp.tsdiff                  60s udp.first                  300s udp.single                  150s udp.multiple                900s icmp.first                  20s icmp.error                  10s other.first                  60s other.single                30s other.multiple              60s frag                        30s interval                    10s adaptive.start          481800 states adaptive.end            963600 states src.track                    0s