OK, great! Sounds like it might work! Thanks.

Solved: Well, now I feel silly.  The printer still had 192.168.1.1 for a gateway rather than 192.168.10.1.

All VLANs are working fine as expected. It is all about the firewall rules setting.

the address 192.168.0.196 is the one that gives me when putting virtual machine a bridge adapter

To solve the adding user problem, I just deleted the user and will use admin for now until PFSense fixed

If I'm understanding your question correctly, the way to do this is to connect via the external IP instead of the internal IP that presumably routes thru the tunnel.  But then you'd have to allow ssh connections thru the WAN interface, which seems like a bad idea.  Why don't you want ssh connections to go thru the tunnel?

Then they are broken or improperly-configured if they are passing broadcasts between VLANs. And proper configuration should not require anything such as "port isolation."

I did this with 8 modems each with 250 Mbps down and 10 and 20 Mbps up and I was able to achieve about 960 Mbps download speed and 120 Mbps upload speed. The reason I didn't see a greater speed increase was two issues, first my computer and router only have gigabit ports on them. I also I was using two cable nodes and that was the physical limitation of their downstream and upstream channels. While this works great on bandwidth speed test sites in real-world scenarios like VoIP and TLS connections it is better to using one WAN which I believe there is a setting for. One of the issues that I had was I had to manually increment the MAC address on each interface as I was using a switch as a wan aggregator using VLANs and the ISP (My Job) that I was testing this on assigns IPs to customers by MAC addresses. I later took the modems out of bridge mode and just used the ISP provided modems in gateway mode and just added my PfSense box to the DMZ of each gateway. In the end like others have mentioned it is probably best to use policy based routing and give each over your subnets it's own WAN. On a side note I was seeing near perfect scaling. I believe I posted about this I will try to find that post. If I find it I will add the link below. https://forum.pfsense.org/index.php?topic=126468.msg698424#msg698424

@BlueKobold: Possible to get to that html file and add 3 simple characters? And what will be shown then on the page? How it is looking then I was going to put my firewall hostname. Now that i have turned on the option for hostname and set unique color for each site I'm quite happy.  Just what I wanted to do and both already features of the software. Roveer

@BlueKobold: Your router or firewall should be placed in the same VLAN as the Sonos products as well. If this will be not so you must do some monkeying around and setting up all switches that are involved into your network too! Here is an article that is describing how to set up the switch, that all is well playing together. Sonos and VLANs That sonos support doc shows the configuration for a cisco switch (who has those at home?) that I believe basically understand this igmp packet that I posted above and then re-broadcasts for you in the various ports/vlans. What I am asking is if it is possible to get a igmpproxy in pfsense that understands these igmp packets.