Hey John! With a little bit of research and determination most problems seem to be solvable  ;) Anyways, just wanted to keep you updated since in the meantime I managed to better understand what the the issue was (besides my lack of communicating it properly) and to solve it. I tried to understand the DNS forwarder/resolver a little better and while I'm not fully there yet, I have a bit of an idea (which helped me refine my research) Now, I saw that I'm not the first one that asked this question and in fact you already tried to help another user with the issue (https://forum.pfsense.org/index.php?topic=105194.msg591337#msg591337) Should this question be asked in the future, another kind user created a tutorial to solve it (for reference: https://forum.pfsense.org/index.php?topic=106305.0) As for as checking a DNS leak website is concerned to see whether everything is configured properly, the following happened to me before finding the above linked solution: Enable VPN: clients set up to use the VPN: no leaks, the results on the site are the VPN providers DNS servers clients NOT using the VPN: their IP (from the ISP) doesn't match the results on the leak site, since the site also shows the VPN providers DNS servers as the result If I'm not mistaken this is normal if the "Don't pull routes" option is NOT selected (selecting this would only result in DNS leaks for clients using the VPN). If I understand correctly, the solution provided in the above link simply prevents the VPN to access the DNS resolver? While the solution works as far as the results on the DNS leak page are concerned, it now takes quite a bit longer (2-3 seconds) to resolve addresses when using the VPN. I guess that might be normal behavior as well? (Edit: just needed to restart networkmanager - everything working as it should) I'll try to optimize the setup further and I hope with the links mentioned above we can prevent future headaches should others run into the same issue.

not that i can tell. I think this is some kind of malfunction with my WAN's DHCP client system.  the last log I have is from a number of days ago. [2.3.2-RELEASE][root@pfSense]/etc: tail -f /var/log/dhcpd.log Dec 19 09:46:11 pfSense dhcpleases: Sending HUP signal to dns daemon(72984) Dec 19 09:46:11 pfSense dhcpd: DHCPREQUEST for 192.168.69.162 from 58:82:a8:a1:27:5d (XboxOne) via re1 Dec 19 09:46:11 pfSense dhcpd: DHCPACK on 192.168.69.162 to 58:82:a8:a1:27:5d (XboxOne) via re1 Dec 19 09:46:11 pfSense dhcpleases: Sending HUP signal to dns daemon(72984) Dec 19 09:50:57 pfSense dhcpd: DHCPREQUEST for 192.168.69.100 from cc:4e:ec:13:91:46 via re1 Dec 19 09:50:57 pfSense dhcpd: DHCPACK on 192.168.69.100 to cc:4e:ec:13:91:46 via re1 Dec 19 09:50:57 pfSense dhcpleases: Sending HUP signal to dns daemon(72984) Dec 19 09:54:53 pfSense dhcpd: Wrote 0 deleted host decls to leases file. Dec 19 09:54:53 pfSense dhcpd: Wrote 0 new dynamic host decls to leases file. Dec 19 09:54:53 pfSense dhcpd: Wrote 24 leases to leases file. and on bootup, syslogd reports: syslogd: /var/log/dhcpd.log: operation not supported by device im not sure what device it refers to, possibly my pfsense is just not renewing my lease?  I dont believe im out of space: [2.3.2-RELEASE][root@pfSense]/etc: df -h Filesystem                    Size    Used  Avail Capacity  Mounted on /dev/ufsid/581cf7092c4a4990    186G    1.4G    169G    1%    / devfs                          1.0K    1.0K      0B  100%    /dev /dev/md0                      3.4M    112K    3.0M    3%    /var/run devfs                          1.0K    1.0K      0B  100%    /var/dhcpd/dev [2.3.2-RELEASE][root@pfSense]/etc: well, the /var/db/ has dhclient.leases.re0 and its got todays date on it and it appears to have a good lease in it hmm… ???

Never mind. I fixed the issue by removing the spoofed MAC address form the psSense settings and then cycling power on my cable modem. Why didn't I think of trying that before posting?

The server is a HP Proliant ML310e Gen8, was purchased less than 1 year, I had already switched the hard drive last month, the last time the problem had happened. Since the problem has happened again, it must be something else. I think the way is to upgrade to the newer version of pfsense.

[PC] ------------------- [ Switch ] ------ [APU] 192.168.1.18                                    192.168.1.254 It should be more like this, through the APU and not in another way. WAN throughput: PC (iPerf server) –-------- Switch ---------- WAN Port--[APU]–LAN Port--PC (iPerf client) LAN throughput: APU –-------- PC1 (iPerf client) und PC2 (iPerf server) direct on APU

You don't, why'd you do such thing in the first place? The only thing it's used for is Squid proxy and that has a GUI configuration for ClamAV.

that's sad though

https://forum.pfsense.org/index.php?topic=105184.0 https://forum.pfsense.org/index.php?topic=7668.0

please try out 115200 8/1/N this must be set up in putty on your pc or laptop and it is the default in pfSense.

Here is the tutorial to use windows certificate on pfSense: https://forum.pfsense.org/index.php?topic=112938.msg628407#msg628407

192.66.1.3 That is a public IP.. So are you inetnum:        192.66.1.0 - 192.66.1.255 netname:        DKNET-CNET2 descr:          Danish Network descr:          c/o DIKU descr:          Universitetsparken 1 descr:          DK-2100 Copenhagen O country:        DK So it is asking for that IP?  Or you want to give it that IP?  What IP range are you using in your network??  You would assign the switch an IP that is on your network, that does not conflict with any other device on that network.. So for example lets say your network is 192.168.0/24 this common, pfsense lan IP is 192.168.0.1 for example.  And your dhcp pool you hand out is what?? 192.168.0.x-y ??? You would want to set the switch to an IP that is NOT in your dhcp pool, and does not conflict with any of your other devices that have static or reservations for IPs. How are you involved in setting up this switch if you do not understand basic IP addresses?  Confused…

Thanks for the reply. I will try the 64Bit Version.

Until the pfSense is ready for use the current router is using that public IP, yes.

:-\

Should I create a ticket to pfsense support to push it or I should wait amazon finish populate the new regions? thank you