I restored from a snapshot I had, completely wiping the system. I have re-built to the stage I was at, and the system works fine. Just putting it down to a gremlin.

It's not normally necessary to set it. It should negotiated during the connection process. For example my WAN here at home is PPPoE, I have not set any MTU or MSS value at the interface setup. Also in the UK. In the PPP log I can see: Jan 6 18:09:01 ppp: [wan_link0] MRU 1492 Also if I interegate the interface at the command line I can see: [2.1.5-RELEASE][root@pfsense.fire.box]/root(2): ifconfig pppoe0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::290:7fff:fe3c:9609%pppoe0 prefixlen 64 scopeid 0xd inet 87.113.*.* --> 195.166.*.* netmask 0xffffffff nd6 options=3 <performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast> Steve

Just in addition, a graceful reboot fixes it. On the ALIX installations, a power cycle doesn't do it.  It'll OpenVPN connect back up to me at my office but clients on the LAN and OPT1 side can't get out. Today, it happened on the Alix for the first time after 50 days of uptime.

Ok, figured it out. ifconfig bridge0 addr responds with the vlan tag

bump ~

When you can afford it. Sadly I dont have GCHQ's or the NSA's budgets.  ;)

I have one of these http://williamknowles.co.uk/?p=16 with a 2Tb external usb drive hooked up to my adsl modem and pfsense wan interface. This will save more packet capture data over a longer period of time than the the pfsense packet capture which hangs after a period of inactivity relkated in part to the default auto log off setting seen in System, User Manager, Settings tab, Session Timeout which is a default 4 hours. Might be useful as an alternative packet capture but notethe Rpi only does 10/100 nic speeds so no good on the lan side for most networks but useful for slower broadband connections. fwiw.

I found the issue, it was snort (even if it was disabled). so I removed it and google reachable

I did PM KOM and for what he said, my config should be good. I did a lot of messing around and finally was able to make it partially work. In my cPanel configuration I made tree DNS ZONES for example : a.MyDomain.com b.MyDomain.com c.MyDomain.com All of them are A RECORDS with the IP of my pfSense server. For some reason, only a.MyDomain.com will work. The two others won't. The a.MyDomain.com points to an HTTPS port. The two others to a HTTP port. Of course both protocols have been enabled in the Reverse Proxy general configuration. In the "Real Time" tabs, I do see when I type in from an external network the requests for a.MyDomain.com But i don't see anything when it is for b.MyDomain.com or c.MyDomain.com So my guess is: when someone types it in a browser, it doesn't even get to pfSense. But I don't understand why because all three DNS ZONES are perfectly identical!!! Any idea?

Alright, everyone. Thank you for your help. Got that one up and working perfectly. But now i have an issue on a new machine, here's a link to that thread https://forum.pfsense.org/index.php?topic=86329.0

Thanks, that seems to be working. Google now locks no ssl, and safesearch.

@doktornotor: Doing this from GUI is troublesome if you are actually using the to-be-bridged interface to connect in the first place. Probably better to just edit and import a config and let the box reboot… I thought about it, but decided to administer pfSense over the WAN interface. @stephenw10: Creating a one interface bridge seems a bit illogical although I see where your coming from. Probably, but in this case it would only be temporary until the configuration is completed.

Hi, there isn't enough information posted, is the uverse device configured for outbound NAT or is the WAN of that device being bridged to the PFsense WAN interface?  this is how you should be doing this given that the handoff will make for easier troubleshooting of issues regarding NAT and routing in general, are the VLANs in question being trunked properly to the Cisco Switch?  can you ping the SVI on the PFSense vlan interface?  if so can you ping your WAN interface? if not verify your firewall rules to allow a rule out to the internet from that particular SVI on the pfsense firewall… can the firewall itself ping your TV ip addresses?  do your TV's receive an IP address? There are just a lot of details about this problem that are unknowns. switch port to trunk pfsense should be something like: switchport port trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlans (#) spanning-tree portfast trunk verify speed and duplex settings etc.. these are some steps your can try, but by no means all of them.

@P3R: Rules in pfSense affect traffic coming IN on it's interfaces only. To log what I think you want, both the local source address and the destination (website or other) address in your logs, you should apply logging on the LAN interface rule allowing the traffic. The response to those requests will not, as far as I know be possible to log (and since the request is the interesting part, I see no reason). Excellent.  Thanks!  You're right- I needed to enable logging in LAN rules. @P3R: I'm sorry I have no idea. I almost always use Chrome (later more specifically Iron browser) and can't recall ever having experienced what you report. I wouldn't expect that to be the cause for your issues but I don't use 2.2 yet, only 2.1.5. After a bit of playing around I (mostly) figured out how to solve this problem. First of all, I was having problems with the constant reminders because I had too many different machines/browsers connected to the webGUI at once (more than 3). Second, I figured out how to get the browsers to trust the TLS certificate.  I created a new CA certificate and added it to my Trusted Root CA store.  Then I created a new server certificate off that root with pfsense. <domain.xxx>as the CN, being sure to also set that as a subject alt name.  It took a couple reloads of the page after that (who knows why), but then my browsers now accept and trust the pfsense TLS certificate.</domain.xxx>

Problem solved. Misconfigurated PFsense interfaces was the culprit. OP donated 20£ as a thankyou for solving the issue and they are much appreciated.

Thanks for the advice everyone.  I looked into, and managed to get the OpenVPN stuff setup and working. You were right, it was super simple to set up and it seems to be working great now! Thank you!