who says its a problem?

Is it OpenVPN or IPSec? There are special topics here for each. Post the log from client and server.

Well after looking more in-depth on how VLAN's work and what I need to buy I made up my mind :) I got the D-Link DGS-1100-08 (https://www.amazon.com/gp/product/B008ABLU2I/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1) The reason I did not go with the T-Link is because people were complaining of a high pitch noise. For the access point I got the UniFi UAP-LR (https://www.amazon.com/gp/product/B00HXT8S9G/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1). I got this since it had good reviews and supported what I need. I also see it does have a guest option for logins which will work great for my needs. I have plans to make a guest VLAN with pfSense and then setup the VLAN on the UniFi AP and use that for the guest network. This is what I have a idea on from how I understand on how this all works. If I am wrong please do explain since I am new to this. Also another thing I would like to ask is for my modem I got the Q1000. I am guessing I will put the WAN into Transparent Bridging and put the PPPoE info on my pfSense router? (If Im right or wrong please let me know  :)) My new chart on the plan is this: Home: Modem -> Router(LAN) -> Switch -> AP (Home Network) Guest: Modem -> Router(VLAN) -> Switch - AP (Guest Network) Thanks

Anyone?

Sorry, just found arpwatch. Please disregard question. I haven't deleted it because when I initially searched the forum nothing came up. Cheers. Joe

Hi Guys i Managed to make it work and wrote a guide for this : https://forum.pfsense.org/index.php?topic=113228.msg629777#msg629777

@Harvy66: If the issue remains once you switch to another DNS server, have you tried bypassing PFSense to see if it's even PFSense that is doing it? Thanks for the reply.  The next step is to bypass pfsense and see what happens.  However, I won't be able to test that until later tonight, so I figured I'd touch base here and see if anybody had the same/similar issue. ~Spritz

Nothing broken with vi. If backspace doesn't work, your terminal type is screwed up. ctrl-h will likely backspace in that case. nano and vim-lite are available for those who want another option. Those are available via pkg install, but not in the GUI's package manager. They'll be kept up to date by the upgrade process just like any other package, only diff is if you reinstall the system and restore the config, or restore the config to a diff system, that package won't be reinstalled by restoring the config. But those will be equally broken if your terminal type is wrong.

Is the automatic rule cleaning part of the Miniupnp process, or is it something that PFSense must perform? In either case, is this tuneable at all?

Thanks for the reply, sorry been on holiday hence the delay. The bridge is used to join the WiFi adaptor to the LAN, so I guess it should be possible to remove.  I was considering even simpler solution though, such as plugging something into the LAN port, maybe just a cable from one of the spare ports on the box! I assume this is an issue introduced by 2.3 and thus quite high on your list of things to fix ?  ;)

@cmb: What specifically do you mean, what happens? I usually get this warning: WARNING: / was not properly dismounted and the boot process gets stuck at this point. I have waited more than 4 hours, but it holds there (the disk only has 12 GB). The other day I also got init error 8 after this warning. To detail a bit more my setup. I run a Linux hypervisor and have the VM disks as qcow2 files on a ext4 LVM logical volume on a SSD disk. The vm has this configuration for its disk:     <disk type="file" device="disk"><driver name="qemu" type="qcow2" discard="unmap"><source file="/var/lib/libvirt/images/pfSense.qcow2">       <target dev="sda" bus="scsi"><boot order="1"><address type="drive" controller="0" bus="0" target="0" unit="0"> </address></boot></target></driver></disk>

You can create certificates and chose between two types. These options can be changed under "Certificate Type" in pfsense Cert-manager when creating a certificate. User certificate - e.g. for OpenVPN clients, Radius Clients using EAP-TLS Server certificate - e.g. for pfsense WebUI, RADIUS Server, OpenVPN Server so it has nothing to do if pfsense "should be a server because it is creating certificates". Pfsense can be use a a CA (Certificate Authority) or like a certificate manager tool which can create certificates for many purposes. You can use pfsense as a certificate manager, create CA, certificates and so on and thennjust export them and use the certificates on complete different systems which do not have anything to do with pfsense.

Your question was already correctly answered on your post at serverfault.

Hi kulpreet, Its kinda 'by design'.. As these drain settings made on haproxy's stats page are not persisted by haproxy package. And every config change needs a restart of haproxy thus loosing its old state.. Though it maybe possible to save server state and load it back. Haproxy did add some support for that feature. http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#load-server-state-from-file I'm looking into that now. Regards, PiBa-NL

When you restore a backup, there's a drop-down list that lets you select which area of the backup you want to restore. By default it's set to ALL, so you will need to change it to just the area you want to restore.

First: I know it's not good to use USB NICs and yes, currently I'm still using it. Just want to share some more experiences. So I searched on Google and found this post https://forum.pfsense.org/index.php?topic=13014.msg70145#msg70145 https://forum.pfsense.org/index.php?topic=13014.msg70145#msg70145 As GruensFroeschli said: 1: Well it depends on your setup. If your client can handle oversized frames you should not have to change the MTU. If the driver of your em-NIC's cannot handle oversized frames, you would have to change the MTU on the other side of the link, so no oversized frames arrive at your end. 2: The problem is, that VLAN-tags add 4bytes to every frame. –> frames can become bigger than the allowed maximum. Most drivers can handle this, but some have problems. And some more about vlan and MTU: http://www.microhowto.info/tutorials/802.1q.html http://www.microhowto.info/tutorials/802.1q.html http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN So following this logic, I thought I will need to increase MTU size then. I tried these steps, now VLANs with 1500 MTU works. 1. Enable Jumbo Packet for that LAN USB NIC on physical host not in virtual machine Windows in my case, and set maximum size to 4KB (I guess 2KB or 9KB etc. will work as well, see above links for WHY) (Most Intel NIC supports 9KB, but 4KB is enough for solving this problem though, will be a problem if you need to transfer big files between VLANs where all Intel NICs on PCs support 9KB but the LAN NIC on pfSense only support 4KB maximum, but that is not in this scope though.) 2. Set the actual LAN MTU to 4000 (Or anything greater than 1518) in pfSense. (All VLANs are virtual interfaces created on LAN interface in pfSense) So only 1 physical cable for LAN and all VLANs 3. Then set MTU for all VLAN interfaces in pfsense to 1500. Now all VLANs working with 1500 MTU, For Internet, captive portal web page and web page hosted inside the LAN or VLANs. (Previously, Internet works, but can't get on captive portal page which hosted on pfSense, and can't get on web page which hosted in in LAN hosts.) ;)