It works.  The issue was indeed http not being redirected to https.  Apache was misconfigured and was serving a blank page.  After fixing the redirect instructions in the apache conf file, and restarting the httpd service, I tried (with the DNS host override in pfsense's DNS config active) and it works! BTW nslookup yields this on LAN machines (similar or identical for all): user@pc ~ $ nslookup mywebsite.ddns.net Server: 127.0.1.1 Address: 127.0.1.1#53 Name: mywebsite.ddns.net Address: 192.168.1.100 "192.168.1.100" is the actual IP of the VM where the site is hosted on the LAN.  SO I take that it works?? Thanks!

I realize mbuf's and mbuf clusters are two different statistics, however if they are completely separate from each other then can anybody explain why when the kern.ipc.nmbufs limit reached error occurs the mbufs in use are always just over the limit set for mbuf clusters? For instance, when I had mbuf clusters set to 1,000,000 the error showed 1,033,130 mbufs in use. When I had it set to 200,000, it showed just over 200,000 mbufs in use when the issue occurred. Are you certain these two are not related? It seems to me that increasing the clusters increases the number of mbufs that can be used (which would make sense to me, but I am not an expert in this field). As of right now I have increased memory from 768 to 1024 and the firewall has gone several days without an issue. Typically the issue would have occurred several times a day. I am hopeful that this is a suitable solution, or at the very least a way to extend the time between occurrences. If it occurs again I will increase to 1280 or 1536.

Pf doesn't support mac filtering. Ipfw does, but there is no GUI to get it to work. You might hack your way around it by using captiveportal

You're adding more variables to the equation and there were already too many unknowns. :) If your phone connects as expected on external wifi, but not on the LTE network then it would seem to point to an issue with your mobile carrier, but you'd have to do a lot of troubleshooting to confirm that assumption.  I'd start with ping tests while connected to LTE and if you can't ping, do a traceroute from the phone to see what's going on.  Is it possible your mobile provider is blocking OpenVPN connections?  Unlikely, but maybe – again too many variables & unknowns, not enough facts. But wifi works and LTE doesn't is at least something to work with.  Do the ping & traceroute tests when connected to LTE and work from there.  Seems like a phone config problem.  Does your LTE provider do CGNAT?  I don't think that should cause an issue, but maybe?  Have you tried connecting with another device? Having connected successfully to both the webgui and your rdp host behind pfsense using wifi, I think it's safe to say the openvpn server is properly configured and operational.  The rest, I'm afraid, is going to be up to you to troubleshoot.

@silvershark78: I'm using 2.1.4 if that matters https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD

Another problem solved by multiple SSIDs on one radio is they are all on the same frequency. Multiple APs each need a clear channel. Most people can't find one clean one on 2.4, much less three.

actually i did not invest at all.. I tried pfsense on VM but it was giving all weird behaviors also when server shutdown the whole routing failed and when my wifi router finally failed , i just used a very old system(pentium4 with 1G ram) and got it working. I was looking for a switch but was never sure if the one i was looking for were managed switches.. For example is this TL-SG108E a managed switch or not and if not is it fine to use because they do mention vlan is supported..  Another reason i did not go for  a switch was i had very few systems to support so i assumed i could handle with existing PCIe port connection.. Like i said using Intel pentium 4 LGA 775 based montherboard with 1G ram and  Intel PCIe I340T(not original got it from ebay).. Yes right now all but wifi devices are static IPs. Thanks a lot for your help Johnpoz.. Let me play around a bit for couple more days and see what i can do and understand and your steps might help ..

@telmocalhaco: It´s a firewall problem on the pfsense , just add a floating rule on the WAN to allow all trafic and it start to working . hi i have the same scenario how did you make the floating rule I can’t seem to get it to work I have 2 wan a dsl and now I use d-link as a backup 4g wan I get an external ip address on the port but can’t route traffic and it show the gateway as offline please help I have a bad internet I have the latest pfsense

So I'm getting a repeat of this issue again. Nightmare. I've read up on some topics of people seeing similar issues regarding the states. Could anybody point me to the light regarding this issue? When I disconnect and reconnect via interfaces I get use of both gateways but not before long I get the same issue after a gateway maybe going down for a few minutes? :-[ Thanks

Had a colleague in China last year using my OpenVPN.  As a tourist on "public", hotels mostly, hot spots I'm sure it's not the same as for a "subscribed" service.  But even so it seemed connections were restarting quite a bit.  For a mobile device not being heavily/continuously used it was okay.  Can't imagine the poor user experience for heavy computer use though.  We weren't doing any thing to obfuscate though.

What might be the most concerning about this is whether or not there is a secure firewall rule set in place when this happens.

Ok I figured out why your image wasn't loaded - I was connected to one of my vps via vpn on my workstation, and that was having issues.  I notice when I couldn't get to my local stuff ;) Anyway.. So why and the hell would you have a dual wan router connect to pfsense lan with 2 different connections???  That is ZERO reason to do that… And why would you be using it as a router anyway??  That should just be used as an accesspoint.. You have a 50/20 internet connection there would be ZERO reason for such a setup.. Turn that router into just an AP connect it with 1 wire to pfsense lan and that should fix whatever issue your having..

delay.. without more info it is impossible to even guess what your talking about.  There is nothing in "nat" that would cause a hours delay..  Once this delay happens do they then work fine?  Its possible they had a different IP and you had to wait for their lease to expire then get a new IP on the new network since you removed their other nat.. As always a drawing of your network would be helpful in understanding your environment so we are all clear on how your setup.  You say you removed a nat, so I would assume your clients are now on a different network ip scheme..  Which is via dhcp?  So if you had an old lease, you would have to release and then get a new lease from the dhcp server on the new network your on. Or did you remove the nat and now your just routing to a downstream network vs natting to it?  These are details that need to be understood to try and help you.

Yep just tried emptying the cache directory and I was able to create the rule