Thanks Derelict, I know other posts have basically said the same thing, but the succinctness of that answer is perfect (and perfectly understood). And I already have those two tabs open elsewhere in other windows. That was probably my biggest error (and I'm guessing traps a few newbies) about the destination IP and Port, and now that I've been using it a few days, it's perfectly understood. Cheers

You must have some upload traffic to be able to reach the speedtest site at all so it can't be blocked entirely. Check the parent interface for errors. Steve

Ahh I see, yeah figured I wouldn't be the first to think of that.  I just installed it.  Suppose the only advantage my script would have might be some additional logging of activity

Your isp "modem" should be put into bridge modem if possible.  ie pfsense should get a public IP on its wan.. This way your not double natting. If you can not do this, then its fine to double nat.. But you have to make sure you forward all traffic you might want to forward on pfsense via your isp "modem/gateway" first or put pfsense into dmz host of your isp device.  This can be done via static on pfsense wan or via dhcp reservation on your isp device.. doesn't really matter. If your going to be using pfsense there really should be nothing else connected to your isp device other ports or wifi..  All devices should be behind pfsense..  But if your going to double nat and want stuff on what amounts to pfsense wan, or internet transit network..  Keep in mind that your going to have to port forward forward if you need to access anything behind pfsense from stuff in front of pfsense on your isp device. It is just simpler, cleaner and overall better idea when moving to pfsense to not double nat with your isp device.  And if you must because the device does not allow anything else.  Then put all your stuff behind pfsense.. Get yourself a new AP, or use some other wifi router as just AP for wifi.. Get yourself a switch - hopefully smart/managed for future use of vlans even if not using them to start with. You need to make sure if going to double nat that your not using the same network on pfsense wan as lan side networks.. ie if wan is 192.168.0.x then make your lan 192.168.1.x or some other network other than 192.168.0

If you don't add firewall rules to allow it it will be blocked. Steve

If this is it then it looks okay I believe. / Unbound Configuration ########################## Server configuration server: chroot: /var/unbound username: "unbound" directory: "/var/unbound" pidfile: "/var/run/unbound.pid" use-syslog: yes port: 53 verbosity: 1 hide-identity: yes hide-version: yes harden-glue: yes do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes /code Thanks.

That's a whole lot of low priority stuff dragging you down! From searching around it looks like php-cgi comes from lighttpd which is the webserver for the webconfigurator. So if you don't have a need for multiple simultaneous instances: System / Advanced / Admin Access > Max Processes = 2

Very nice NogBadTheBad! I have several Pi's and a couple Arduino Yun's. I'll have to give it a good look when I'm on a screen bigger than my iPad  ;) Doug

Thanks everyone that helped with this. My setup was a Proxmox box with Pfsense installed as a virtual server and it turns out that the external interface either was misconfigured or faulty. So I set up another box without Proxmox and installed Pfsense and that worked fine. You guys rock! :)

is it a proxy that requiers authentification ?

Question not clear.  pfSense is a multi-function firewall device, so it does not create a connection to the internet.  It only filters an existing connection to the internet. If your laptop does not have a wired ethernet NIC then you can use a USB CAT5 adapter, and then connect a CAT5 ethernet cable from that adapter to the pfSense box.  You could also connect to the pfSense box via wifi if your pfSense box has the proper wifi cards installed and configured.  The pfSense box cannot run on a USB flash drive; it needs to be installed on an actual computer. As far as internet, normally a pfSense box is plugged into the network right behind your cable/DSL modem or fiber ONT. It sounds like this isn't the solution you're looking for, and you may need an IT person to help you with this because it's easy to mess up and end up with no internet access.

I don't know but I can give a hint in the right direction: You have to use the "Services > Dynamic DNS" page in pfSense (https://pfsense/services_dyndns_edit.php) and select "Custom" as the Service Type. This page has lots of examples that may help you figure out exactly what values to put in pfSense: http://dyndns.it/guide/

What do you mean by "full backup"? Just a copy of config.xml? Or did you attempt some sort of full-disk image or archive? From the little output you have shown, it is missing a kernel package somehow. You can reinstall one easily. If it is a normal installation (VGA console), run: pkg install pfSense-kernel-pfSense If that doesn't help, post the output of this command and we can see what else is missing: pkg info

No, that is not possible. You have to use CARP for preemptive failover. You cannot trigger a firewall to fail because a WAN failed in the way you describe without using CARP. And even then, that only covers a physical failure not a gateway failure. You need to setup a proper HA cluster with the same WAN(s) connected to both units. It doesn't matter if the brands of the firewall don't match, you can still use HA on there with CARP, the only limit might be that you can't use pfsync for state synchronization.

@remlei: vlans wont work, since im not using vlan on wan interface. its a untagged traffic. and all wan interface connect to same untagged traffic. Well, that is completely broken idea as noted above, plus frankly, if those 3 PPPoE WANs are using the same gateway, you will just get an unsupported setup broken in various more or less cryptic ways, VLANs or not.

There is currently no API or method for central management. XMLRPC from High Avail. Sync is as close as you'll get with what is built-in currently. We are working on one, however, but it's not yet available.

Create a new LAGG with only em2. Create VLAN tags on that LAGG. Then reassign all interfaces to the new VLANs on the LAGG. Once nothing is assigned that uses em1, delete the VLAN tags from em1 and then add em1 to the LAGG. You'll probably have to adjust the switch at various points along the way if it isn't smart enough to know when the port should/should not be used in the LAGG/LACP group.