Some more interesting info: This is the log from the other router that connects successfully 16:16:34 pppd pppd 2.4.4 started by root, uid 0 16:16:34 pppd Using interface ppp0 16:16:34 pppd Connect: ppp0 <--> /dev/ttyp0 16:16:35 pppoe PPP session is 13507 (0x34c3) 16:16:36 pppd PAP authentication succeeded 16:16:36 pppd kernel does not support PPP filtering I can see that it's using PAP authentication. At pfsense /var/etc/mpd.conf  the following statements are enabled: pppoe: new -i ng0 pppoe pppoe set iface route default set iface disable on-demand set iface idle 0 set iface up-script /usr/local/sbin/ppp-linkup set bundle disable multilink set bundle authname "xxxxx@xxxxxx.com"         set bundle password "xxx@xxxxx" set bundle no noretry set link keep-alive 10 60 set link max-redial 0 set link no acfcomp protocomp set link disable pap chap set link accept chap set link mtu 1492 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set ipcp enable req-pri-dns set ipcp enable req-sec-dns open iface I can see the "set link accept chap" So is the problem related to the type of the authentication used? Should i change to pap in pfsense?

CLOSED THANKS

This is awsome!  ;D In my opinion (as someone living in a supposedly Christian country!) it should be part of pfsense. If you reboot your box on Christmas day it should play jinglebells.  :D That opens up the possibility of other date related start up themes….... Steve

@dreamslacker: That will fall under:  Maximum number of established connections per host Just create a rule that catches all traffic from LAN then set the limits per host.  Of course, if you need to shape more then there's much more tweaking to be done. What is the recommended setting for this? I set it to 60 on both the WAN and the LAN side and after a few mins my connection just came to a crawl. I had to disable it to get back online.

Update to the question.  Initial issue resolved due to problems with cached mak address being seen by the firewall devices and our switches.

Because many people open the web interface or SSH from specific remote locations for management and want to do so without having to NAT. Changing that now would break thousands of upgraded systems. I agree it wouldn't be a bad idea to have an option to only bind to specific IPs. Patches welcome.

Adding this pointer to the FAQ since this thread comes up high in Google results. http://doc.pfsense.org/index.php/Can_I_sell_pfSense

Or setup a VPN so you have secure access to anything internal. OpenVPN, IPsec, PPTP, etc.

wallabybob, Ill give 1.2.3 a go and tell u how it goes. tnx

You probably should have the Windows Server/primary domain controller, behind the firewall, become the primary DNS server for the entire LAN. Configure the Windows DNS to get its DNS info from a valid server on the Internet. Then have your pfSense box get its DNS from that Windows Server, and no other. That way your pfSense box will have the same DNS info as the primary domain controller.

Thanks for the reply. I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports. I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset. Thanks

In order for that to happen, something has to be passing broadcast traffic between those two interfaces. The most common cause would be that both LAN and OPT1 are plugged into the same switch, or the same VLAN on managed switch(es). If both interfaces are properly segregated into different broadcast domains, DHCP traffic cannot bleed over.

Thanks for all your assistance. Much appreciated!

Hey! kern.timecounter.hardware=TSC in /etc/sysctl.conf resolved my problem. :D Thank You!!! Wikont