Also one thing you do wrong is the router IPs. If the pfsense firewall itself do have 192.168.1.1 and 192.168.2.1, you CANNOT have the routers/AP's have the same IP. Then you will get a randomly unstable connection since roughtly half of the time, the router will reply on something the firewall should reply on. The routers/AP's should preferable use 192.168.1.2 and 192.168.2.2. So if the WRT54G really has the IP 192.168.2.1, you are getting a IP collision in your network, and thats why you get "Unstable connection" inside Android. So what you should do: LAN = 192.168.1.1 OPT1 = 192.168.2.1 Linksys = 192.168.1.2 WRT54G = 192.168.2.2

Sadly, that does not seem to help.  I dug up an older 100Mbps switch from a closet and stuck it between the cable modem and the pfSense router.  The first thing I noticed after resetting things was that when I powered down the cable modem, the router didn't appear to even notice.  Eventually, it did go into a "Pending" mode, but it still thought it had a valid IP address and I never got a failover to the UVerse WAN.  Turning the cable modem back on resulting in no recovery at all.  I still needed to reset the modem and the router. As far as I can tell, the IP address that I'm given by ComCast is a public one.  It is not an RFC1918 address. Dave

Perfect…thanks again  :)

Use the top command on shell to see the process php-fpm and look if closing the graphical interface the process will get lower. sorry my bad english

Yes. Did work. I comment the stty lines who were not allowing the change: // If the user does exist, prompt for password while (empty($password)) {         echo gettext("New Password") . ": ";         //exec('/bin/stty -echo');         $password = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } // Confirm password while (empty($confpassword)) {         echo gettext("Confirm New Password") . ": ";         //exec('/bin/stty -echo');         $confpassword = trim(fgets($fp));         //exec('/bin/stty echo');         echo "\n"; } So i got change the password for both ssh and webgui: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: ( echo admin ; echo password ; echo password ; echo exit ) | pfSsh.php playback changepassword Starting the pfSense developer shell…. Enter username: Changing password for 'admin'.  New Password: Confirm New Password: [2.2.6-RELEASE][admin@pfSense.localdomain]/root: Thank you a lot

I've been using Softether for many years and never had any issues. Would be very nice to add this software to pfsense ;)

I have a similar setup. Basically, rules are tied to interfaces. And interfaces are virtual based on VLANs. So, if you won't remove VLANs, rules should be fine too. You just need to: remove igb6, igb7 from the lagg create lagg1 add igb6, igb7 to lagg1 reassign interface on vlan10  from lagg0 to lagg1 Done. All rules should be untouched. No reboots, not even a downtime. But certainly perform a config backup prior to changes.

Well, that would explain it all then Facepalm What a waste of an evening!!! Thanks

I have solved my problem, it was in the member attribute and the credentials for the ldap bind. Thank you Now i can authentify my users with the authentification diagnostic. I have to setup a captive portal and Freeradius package for the connectivity between pfsense and openldap server Freeradius is obligate for ldap loggin on the captive portal ? Sorry for my english

Thanks for the reply jimp. Do you recommend any particular router to be used in conjunction with pfSense? I can try a different device and test the up/down speed.

Your 3Com switch will need to allow you to configure and use VLANs otherwise this won't work. If you connect the modem to the switch without VLANS then everything on the switch will be able to access the modem and the laptop router won't be doing anything. You will also need to make sure that the NIC on your laptop supports VLAN tagging. You will need to setup one separate untagged VLAN port for your modem (the WAN VLAN) and have all your other devices and ports untagged on another internal LAN (which everything else connects to). The port on the switch which the router laptop connects to will need to be tagged to both VLANs. In pfsense you would then create two VLANs corresponding to those on your switch, and assign one to the WAN interface (the same as the modem's VLAN) and one to the LAN interface. If your switch doesn't support VLAN tagging, then you will need to get either a USB or PCMCIA NIC for your laptop which is compatible with FreeBSD 10.1.

Is your wireless a wireless card in pfsense?  An AP on your lan network, a wifi router?  Did you configure this wifi router as AP or is it also natting? So your saying clients wired to pfsense work just fine - its only your wireless that is having issues.  Please describe how your wireless is setup.  If interface on pfsense optX for example then you would have to configure the firewall rules on that interface to allow traffic.. By default any new opt interfaces you create in pfsense have NO rules and all traffic is blocked.

They are still routing to the IP address. But on the local segment traffic to the gateway address is ARPed then traffic is actually sent to the MAC address. All that happens is the backup node starts responding on the MAC address and the CARP VIP. The hosts don't see anything change. The switch moves the MAC address to the new port automatically. It all works pretty well.  Google for CARP, HSRP, and VRRP as has been mentioned. Good writeup in the pfSense book. You'll want to read the 2.2 release notes since the book is 2.1 and CARP VIPs changed in 2.2.

Hi John just thought I'd see if you had any more thoughts or suggestions or if you needed any more info from me.