Ahh right sorry. Yea makes sense to be honest, just going into auto mode myself when I do things like this with my server. Thanks for the tip!

I have never used any Ubiquity hardware but a quick look through the manual shows that it seems pretty well thought out and almost specifically designed for your situation.  :) It looks as though your can run multiple SSIDs on each AP (virtual APs) and each SSID can be set to use different VLAN IDs and authentication. So you need to set your APs to run a parallel wifi network with a different SSID and VLAN tag. Set the authentication on the new network to just the WPA2 so your cameras don't have to deal with login. Setup a new interface in pfSense, as you've already done, with the VLAN tag. Now apply firewall rules as appropriate. If you run into the tagged/non-tagged traffic problem you can always set your guest wifi network to use VLAN tagging as well and have two VLAN interfaces on LAN1 such that all traffic becomes tagged. Steve

Thank you all, I meanwhile ended up trying to follow the hint to better get a new transfer network / WAN configuration.

Thanks Chris for working through my post and helping me to make a decission towards the right solution. The only thing where I´m stuck is the VPN IPsec restrictions for the mobile users. Could anybody give me any hints how to restrict diffenet users to different local subnets. For example: LAN has 3 subnets 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 IPsec User 1 should only be able to access 192.168.1.0/24 IPsec User 2 should only be able to access 192.168.2.0/24 IPsec User 3 should only be able to access 192.168.2.0/24 and 192.168.3.0/24 Where can I set those restictions in pfSense? Thanks again! Harry

thanks :-)

You go to the 'Certificates' tab in Cert Manager and click the '+' sign. Now change to 'Create an internal Certificate'. This will create a certificate from your CA (that you just created), you can then assign the webGUI to use it. However this will not help with your problem installing the CA key in IE. You should be ab;e to do this whether or not you've created any certificates from it.  :-\ I agree with Johnpoz: open the .crt file in a text editor check it's a real and complete file. Steve

I've never seen nor heard of that happening so I'm not sure how you got into that situation. Maybe an upstream proxy or something returning invalid data when it did an update, though newer versions validate that data. That's never part of the normal restore process.

Thanks Wally!

I presume you are issuing the rsync command on a Linux system and expecting pfSense to respond. pfSense standard installs do not include the rsync and rsyncd utilities. The man page for rsync on my Ubuntu 12.04 netbook says of the "-e" option: If this option is used with [user@]host::module/path, then the remote  shell  COMMAND  will  be               used  to  run an rsync daemon on the remote host, Since there is no rsyncd on the remote host (pfSense) this won't work!

Mine does through certain package(s), Squid and LightSquid you can look at how much bandwidth per IP address and see what sites each IP address went to.

Sorry, I misunderstood.  I’ll try it again maybe I didn’t get it right – the connection was still dropped just before midnight when I tested it. Certainly worth another try – thanks for your help!

I'm at work again and unable to test but this may be of use of on pfSense 2 or above - http://www.unix.com/man-page/FreeBSD/8/ppp/

You have a misconfigured squid. Check squid options, change netmask network ranges to cidrs and try again.

On pfSense 2.0.1 and earlier, the log files were always wiped/reset at bootup. On pfSense 2.0.2 and later, on a full install the logs are kept at bootup. On NanoBSD, the logs are kept in RAM and would be wiped after each reboot no matter what. If you need to keep logs indefinitely, setup a syslog server and have pfSense send its logs there.

@rabbyweb: It's showing it's block our IP. What is showing this? Where? It's unlikely you will have multiple public IPs. You would have to have paid for these from your ISP. Steve

@cmb: Judging by this (I have no 10G equipment at all), the Intel 10G driver in FreeBSD 8.1 must be somehow broken with VLANs. I would try 8.3-based 2.1 from snapshots.pfsense.org. I had severe problems with VLAN with Intel 1 Gb (Intel Pro 1000 network, em0 & em1) NIC's also. Upgrading to FreeBSD snapshot solved the issue. BR, Tommi