Is this how you do that?

Hi, had the same problem yesterday. It´s gone now, i have changed the topology a little bit. New topology: VNET: 10.17.0.0/22 (3 subnets) pfsense wan interface: 10.17.0.4/24 pfsense lan interface: 10.17.1.4/24 pfsense default gateway (azure): 10.17.0.1 pfsense lan gateway (azure): 10.17.1.1 client subnet: 10.17.2.0/24 pfsense static route: 10.17.2.0./24 --> 10.17.1.1 azure user defined routing (udr) bound to client subnet 10.17.2.0/24: 0.0.0.0/0 --> 10.17.1.4 10.17.0.0/22 --> 10.17.1.4 Regards, Martin

dude that is borked setup.. sounds like your running 2 layer 3 networks on the same layer 2..

@johnpoz: But there is an old saying "Nobody ever gets fired for buying cisco" ;) … or IBM :)

That sounds like a hardware problem. If when it reboots you see a crash report there may be something you can do. Otherwise check the system log for errors. We would need to see where it stops in the boot process to know any more. Steve

As helper correctly stated traffic between "lan" devices has nothing to do with pfsense.  If your talking from you lan to your wan (internet) what is the pipe you have for internet?  130 user sharing internet can quite often be a problem if the internet is connection is not fat enough for them all to get a speeds.

How is your pfsense configured?  Are you using squid in transparent mode?  If so, you won't be able to block facebook https connections in a safe way.  Maybe you would block pfsense using firewall rules pointing over facebook CIDR ranges using aliases. Would you explain how do you have configured your pfsense, so i can help you better?

Awesome. Thanks a lot!

@aileron: I wonder what files I need to copy to a new installation? cf/conf/config.xml @aileron: How can I find out which version exactly I am using at the loader prompt? etc/version

Hi Jeff Thanks for the feedback, I will try it out and let you know the result :) Thanks again

Normally, you should indicate what type of hardware (NIC) this device is using. Start to check if FreeBSD 10.3  supports de NIC built into your Dell 7050. Wat does the dmesgog says about de detection (don't paste the full log, just the lines concerning the NIC's) : Like : [2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dmesg | grep 'sis0' sis0: <natsemi 10="" dp8381[56]="" 100basetx="">port 0xdc00-0xdcff mem 0xefafe000-0xefafefff irq 19 at device 3.0 on pci3 sis0: Silicon Revision: DP83816A miibus1: <mii bus="">on sis0 sis0: Ethernet address: 00:0f:b5:fe:4e:e7 sis0: link state changed to UP</mii></natsemi> (I know one of my NIC's is 'sis0')

@rsloan: (Forgot to mention that fact) Oh. That changes all. These kind of "devices" need a big knowledge about device recognition and other technical knowledge. I would have advised you right away : "remove it right away and you'll be fine"  ;)

Or if you use a port forward or 1:1 NAT to redirect traffic back to a web server behind pfSense, then pfSense would not have any involvement in the certificates for that web server. You would install certbot or something similar on your web server and that wouldn't have anything to do with pfSense. nextcloud collabora Remove port forwarding Install HA Proxy Configure a backend for the debian host with nextcloud with ssl offload Configure a backend for the second host with collabora Configure collabora in SSL termination mode Configure ACME to create and update cerficates for my virtual hosts

What is your pfSense hardware setup?

I'm using a ASRock J3455-ITX as my main W10 system. And pfsense is on a Celeron N2930 (4x1.83GHz). One core goes to 50% when I download with 250mbit/s (NAT only, no packages installed). Good idea to use Intel nics… the Realtek ones won't make you happy.