I use the Swiss company www.joker.com who provide a free dynamic dns service when you buy domain names through them. Services: Dynamic DNS client Service type: Custom Interface to Monitor: WAN (unless you have a different setup with multiple connections to the net) Interface to Send update from: WAN (unless as above) Verbose Logging: Up to you CURL options: Up to you Username: Leave Blank Password: Leave Blank Update URL: https://svc.joker.com/nic/update?username=[Enter your Joker Dynamic DNS Username here]&password=[Enter your Joker Dynamic DNS password here]&hostname=[Enter your Joker Domainname or subdomain here]&myip=%IP% Result Match: Leave blank. You can also use additional settings in the update URL like Update URL: https://svc.joker.com/nic/update?username=[Enter your Joker Dynamic DNS Username here]&password=[Enter your Joker Dynamic DNS password here]&hostname=[Enter your Joker Domainname or subdomain here]&myip=%IP%&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG You can do MX with Joker.com for email hosting as some other dynamic DNS services dont allow it, but if you plan to host your own personal email server, some ISP's add their residential IP addresses to various black lists & spam lists to discourage you from hosting your own email, but most mail servers will send email direct so will accept the email others wont either for spam list reasons and/or the reverse DNS for you ISP doesnt match your DNS settings, or for things like DKIM is not set up. You can get around this by using your ISP email server or another commercial email server but again YMMV. Exclude the square brackets for the tokens used in the Update URL example: [Enter your Joker Dynamic DNS Username here] [Enter your Joker Dynamic DNS password here] And note your Dynamic DNS username and password is different to your account username and password if its not obvious, incidentally the dynamic dns username and password would typically by a 16 character alphanumeric string like gv66gyubgg876fn1 or hhbd7d45bned890f or jhbs623vyid987fb Customer service has been very prompt when emailing them and helpful with a god FAQ database. FWIW.

@divsys: Just a thought, but what's wrong with setting up the remote site's pfSense with an OpenVPN client back to "home". Thanks for the input both Almabes and divsys OpenVPN is great but it's the last option I will consider for few reasons: Service can go down and not re-spawn (I have seen this happening in different versions of pfSense) I am assuming the setup would be very complicated given you have to script for different types of hardware due to naming convention in WAN interface names and simply keys etc… OpenVPN needs directives like local lan IPs and etc...that can not be dynamic and must be pushed through tunnel to otherside to allow other side to reach it so when a factory default is done it can be rendered useless. So, many reasons above that I can see this get very complicated. I was hoping for something really really simple that would open a tunnel to SSH or WebUI for quick access even if it's something I have to script or get my programmers to program.

Yes. Another NIC, another LAN. You could manage with pfSense how LAN's communicate or not.

https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD Dude that version came out in 2009..  Update to current and people more than willing to help you setup a dual wan that is a very common, click click setup. [image: version.png_thumb] [image: version.png]

So… your ISP DNS on WAN is the gateway on OPT? I don't think this is particularly sane... How many levels of NAT are you behind? Also, WTH is the pfSense version used here? Most of this configuration stuff does not exist on 2.1.x, nor on 2.2.x; plus copyright 2004 - 2009.  :o ::)

I'm now back on 2.1.5. (same config) and get no more crashes on "ping -l 2000" across IPSEC-VPN. Also interesting: This specific branch office can successfully ping the gateway of my main office ISP with ICMP length 2000 but I don't get a reply on the next hop, which is the pfsense external IP!? With 2.1.5 I get replies by pinging the pfsense external Interface with fragmented packets which wasn't successfull with v2.2.2.

I'd agree with much of what you say if I was editing a rule, but I'm not 100% sure I had two FF tabs open on the same interface at the same time last night and like you I certainly would not expect to be able to undo anything by hitting the back button, its purely for navigation only. However having written my own webservers attached to various databases along with the stateless "headache" of browsers compared to apps and the javascript employed to force reloads when a user hits the back button which then prompts a reload, maybe like I've said above, could the user experience be improved a bit? Until I recode these windows apps I've got to record everything I do in the browser I cant be 100% its a random bug or user error. If its user error I'll hold my hands up to that but if its not perhaps a bit of extra vigilance is useful considering this https://forum.pfsense.org/index.php?topic=94162.0 is something I've hit upon as well which might be sorted in 2.2.3. All I can say is theres some odd things happening in my systems even when they have been taken down, bioses updated, spin diskswiped before OS's installed and yet these odd things going wrong like my ssd HD pwd which is set using the bios gets changed and its not been forgotten as I've had the pwd written down. Saying that Persistant Back Doors (PBD) are a reality in this world along with other tricks so ultimately what is going on in my system is anyone's guess atm.  :)

Now that you mention security onion I might have an iso I've downloaded … yep I've got 12.04.5 which looks like I downloaded it Sept last year. I'll fire it up and have a look. BTW re the PM I think I got to the bottom of the weird stuff as seen here. https://forum.pfsense.org/index.php?topic=94554.0 so I over the weekend I can look at your blocker again and give that a whirl.

For a while I was having more luck with free proxy servers from around the world but then they stopped working as well often once I logged in so other thoughts as to what was going on did cross my mind knowing what I know.  ;D

@dbennett: PHP Errors: [28-May-2015 17:09:43 CST6CDT] PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 260833280 bytes) in /usr/local/www/exec.php on line 240 This is the Diagnostics: Command Promp GUI Page /usr/local/www/exec.php on line 240 Did you run any commands from that GUI page?

@doktornotor: None. Traffic on the same subnet does not go through the firewall. Yes, I know. But 192.168.70.10 (the load balancer virtual server on SRV network) is a virtual IP address on the firewall, so its traffic goes to the firewall and enter in the load balancer. Anyway, I solved. The outbound NAT rule was wrong. The correct one is: Interface: SRV Protocol: any Source: network 192.168.70.0/24 (the SRV network) Source port: empty Destination: network 192.168.70.21/32 (the IP address of the server in the load balancer - I have to create one rule per server) Translation: network 192.168.70.254 (The CARP virtual IP address for the SRV network) Thank you very much! Bye

Good question, great answer. Are there current NICs that do not support VLAN tagging themselves? If so, which?

bump?

Dear fellows, Finally the problem is solved! That was quite a tricky problem, due to the fact that I was trouble shooting it from distance. One of the computers behind the pfsense firewall was running uTorrent with enabled DHT. When the computer was ON and uTorrent was in IDLE mode (no active seeding/leeching, just the app running) the WAN interface was constantly dropping my PPPoE connection. However, when uTorrent was running (actively seeding/leeching), there is no problem, but as soon as it goes to IDLE - pfsense restarts all services. As soon as I disabled DHT on uTorrent the problem disappeared. Unfortunately I couldn't identify why with DHT enabled and uTorrent in idle, pfsense was restarting the services, but at least the problem is gone. More on the uTorrent issue: https://forum.pfsense.org/index.php?topic=93812.0 Thank for all the help. Regards, Nick