@pfBug If the Modem/Router in your small drawing is a real router from the ISP and it is making also DHCP it could be that your pfSense will be getting even a new IP address as WAN IP! This is really not so good and luckily like it perhaps sounds to you. From my point of view you could go now tow different way, that will fitting your needs and solve the problem. If your switches are only plain unmanaged switches the pfSense as a firewall would not really making sense at this place you are setting it up for my understanding, sorry but there fore it should be one VLAN where only the router and the pfSense is in. If there are no other devices are connected to this switches and only behind the pfSense then it would be running smooth. Set up the ISP or border Router in the so called "bridge mode", so that he is acting only as a modem And then connect the pfSense WAN Port to the LAN Port 1 of this device, thats it. If this router is then acting only as a modem, there will be no DHCP and WLAN or other services in normal. Set up a router cascade or double NAT would be running straight without any problems. But we must know this first, that is this a modem or a router or a router acting as a modem! Disable DHCP there on the first router, setting up a static IP at the WAN interface at the pfSense. As an example: ISP Router: Net: 192.168.178.0/24 (255.255.255.0) IP: 192.168.178.1/24 DHCP: off pfSense WAN: WAN IP: 192.168.178.254/24 (255.255.255.0) DNS 1: 192.168.178.1/24 DNS 2: empty pfSense LAN: pfSense net: 172.16.1.0/24 pfSense Gateway IP: 172.16.1.1/24 DHCP range: 172.16.1.2 - 172.16.1.254/24 DHCP on:

Do you want laptops and smartphones connect to your rocket M5?

@doktornotor: Like, fix your timezone? Timezone fixed. Like thanks dude totally rad.

Read the GUI notes. Click the appropriate weekday Header to select all occurrences of that weekday. There is no need to do anything with the months.

@pLu: @TyMac: I cannot telnet to port 123. NTP is only listening on UDP. @TyMac: Do I need to configure a firewall rule? Yes, unless you have a permissive "Default allow LAN to any rule". ok thanks creating a rule worked. was expecting that to happen on auto…

Nevermind…grrrr Somehow a "virtual ip" was set on my laptop on the same subnet as lan1. I saw it when i did a nm-tool command in the terminal. I had to delete my network profile and recreate it on my laptop to get rid of it. All is well. Sorry for the wasted time...i was looking all over pfsense for the problem, and couldnt find it because that isn't where the problem even was! -alan

@KOM: Looking though all the errors, I'm amazed it worked at all. Indeed, I'm more surprised it ever worked at all than that it stopped working, given how broken the network was.

did you setup NAT for your DMZ ? Don't confuse the issue.  He's just trying to get out from DMZ at this point, not in from WAN.

Are that mean i must configure it manually on all phones ?!!! Yes.  Android support for WPAD is strangely absent.

I found the fix to my issue. The issue was being compounded by one of my troubleshooting steps. When I disabled packet filtering to verify that it wasn't the firewall rules causing the issue, outbound nat would also be turned off, which won't allow traffic through the wan. The firewall rules I had were only allowing TCP to flow. I was troubleshooting using PING with is ICMP.

Slowness on save with those units would have to be one of two things: 1. DNS, which you've found already or 2. AutoConfigBackup pushing a backup to the servers on save and taking a few extra moments to do so DNS is the usual culprit, if you have ACB though it can vary a bit depending on how busy your link is, how busy the server is, any issues in between, etc. (If you register those boxes you should have access to ACB if you haven't done so already)

Looks like you tried a few times.  ;D You can safely get rid of pppoe 0-4 if everything is working.  Most likely they are just duplicates from when you were setting things up.

Saw your post over on that other project's forum. PPPoE multi-WAN with the same gateway IP has worked in pfSense for quite some time, that only works in OPNsense because we fixed it years back (the only thing they've actually accomplished functionality-wise is breaking things that worked in the code they forked). I'm guessing you found some really old references that are no longer applicable. Maybe you have an unusual edge case, which if that's the case, please start a new thread describing what you're doing. Multiple PPPoE with the same gateway most definitely works though. With pfSense, when you boot up, your rules are actually loaded correctly, unlike some other projects. And our reply-to actually functions, unlike some others (that bug should really be labeled as "multi-WAN is non-functional for all inbound traffic"). Multi-WAN IPsec works, unlike some others. I could go on. Suffice it to say, you're in for a world of hurt if you continue down that path. They've broken a lot of key multi-WAN things where you won't have those issues here.

ifconfig on the PPPoE interface won't do anything there. You can run this: /usr/local/sbin/pfSctl -c 'interface reload wan' >/dev/null 2>&1 || exit 1

LAN up manual 192.168.1.1 DMZ up manual 192.168.2.1 PIAVPN up I have deleted the 1:1 interface for 192.168.1.1 to 192.168.2.1 but I can still access 192.168.1.1 from the 192.168.2.x subnet.  Why would that be?

I run DHCP, but it's static entries.

@cmb: If something went really crazy requesting BOOTP or DHCP leases, it could create a really large DHCP leases file, which could exhaust the space in /var/. Can't recall hearing of that happening with IPv4 but it's possible. No printers on the network, just a couple Win7 boxes, and an ARM box running a linux variant at the time. I'm in the process of getting more data logging setup so if it occurs again I might be able to provide more info, but one thing I saw in pfsense was alot of references to nics changing from their ip address to 0.0.0.0.

Are you using some proxy (squid?) on pfsense where your trying to do ssl bump so all https sites get a cert from pfsense.. Does this only happen when trying to access your exchange or does it happen on all https connections? I assume when you say windows based vpn you mean the vpn client running on windows OS - the openvpn client?

"Or using a non-persistent disk." Possible that the VM restarted and if using a non-persistent disk type in the VM would go back to initial stuff.  Did the VM show a restart.. I can not fathom how running and all of sudden just loose all config and data on the disk, etc.

It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine: leiter% drill -T twitter.com com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. twitter.com. 172800 IN NS ns1.p34.dynect.net. twitter.com. 172800 IN NS ns2.p34.dynect.net. twitter.com. 172800 IN NS ns3.p34.dynect.net. twitter.com. 172800 IN NS ns4.p34.dynect.net. twitter.com. 30 IN A 185.45.5.32 twitter.com. 30 IN A 185.45.5.43 twitter.com. 86400 IN NS ns1.p34.dynect.net. twitter.com. 86400 IN NS ns3.p34.dynect.net. twitter.com. 86400 IN NS ns2.p34.dynect.net. twitter.com. 86400 IN NS ns4.p34.dynect.net.