You can add a policy route to make sure traffic for your email server always goes via one WAN. Add a new firewall rule on your LAN. Put the rule above your existing rule that allows traffic out so that it catches your mail traffic. Protocol: TCP Source: LANnet Destination: Your mail server IP (or an alias containing a range of IPs) Gateway: WAN1 gateway (this is a an advanced setting). Like you have said most email servers don't have a problem with mulitwan these days. Gmail hotmail etc, no problems. Steve Edit: You have already asked this question twice. Both times I advised you to use a policy route.  ???

I assume it was a cert error with OpenDNS.  Although they say that's how it should work, I've had to drop their service for anything vert-related because it just doesn't work.

I did  and rebooted  things sort of started to work. I had to disable Cp for now. I'm trying to use freeradius2 with mac auth on a lan with 20 clients. It's a small wisp. All the clients have a wireless radio , some have the router in the radio enabled some radios are bridged and they use their own router. Seems I'm having issues with witch device's mac address is actually sent in the packets to the Pfsense box.

I do the same thing, never worried about it too much - its only a few seconds.  But I keep meaning to try this out since this is a few seconds delay as well http://doc.pfsense.org/index.php/Remove_F1_Boot_Prompt Maybe your interested in that as well?

Damn! I looked at your screen shot earlier and failed to spot that.  :-[ Yes, that's certainly your problem. The sandboxed VM cannot possibly respond to any requests from the pfSense machine because it will just send any traffic to the proxy internal interface instead. I see why it is done like that, you can bring up a test VM with the production config. The answer here is to change the proxy internal interface IP. That will mean you have to manually configure the VM gateway as you say but it will resolve the problem. Steve

You can leave one router in bridge mode so that one of your pfSense WAN interfaces will have a public IP. Makes it easier for port forwarding, UPNP etc later on. Steve

Steve - I cleared state and no change :( After I cleared state and tried again, I looked in state to see what it says for that port.  I am attaching that. Do we have any other recommendations??? :( Thanks [image: Example_State.png] [image: Example_State.png_thumb]

Turns out to be a flaky nic. All is good with pfsense 2.0.3 connected. Sorry for any confusion I may have caused.

Now that April is over in the web server's timezone (which is the calendar month we use), the count for April is 167,697 known live installs. Over the past few months it's grown by between 3000-5000 installs per month. April up about 4900 from March. March up 4990 from February. That's unique public IPs that have pulled the bogons file using 'fetch' (so it doesn't count bots crawling it, people downloading it in a browser, etc.). At current rates, we'll exceed 200,000 known live installs before the end of 2013.

The actual interface is the VPN so the rule applies there. Even though its a WAN connection the VPN passes through it and is therefore encrypted.

Most of your questions are answered here: http://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_%28clog%29 As for the clear button, it clears the entire log file, not just what you see.

If you don't have snort installed and your box has previously been working fine on that port then I would suggest your ISP is blocking it for whatever reason. Try asking them.  ;) Steve

I have never had to do this but I know other people have. In order to spoof the MAC on a PPPoE connection you have to do the spoofing on the underlying ethernet interface, em0, in your case. However normally em0 is not assigned in a setup such as yours which presents a problem. To work around this create a new interface and assign em0 to it. Set it up as type 'none' and spoof the MAC there. Steve

Not a secure one, not easily. The OpenVPNManager option in the client export installs an alternate GUI that runs OpenVPN as a service, and does not require admin-level rights for the client to run. Also you might look into the Windows Viscosity client for OpenVPN.

Use a <service>tag in the config, as packages do. Look in the package repo code for packages such as squid that add services and see what ends up in your config after installing one of them. then follow the same format for your own services.</service>

FYI- it was moved to /var/run because that is always a RAM disk, on NanoBSD or a full install. Saves one disk write per second that way…

Run /etc/rc.php_ini_setup And then for good measure /etc/rc.restart_webgui