@jimp: That's just how IPsec works. It has no concept of routing, so you have to nudge the traffic to use the correct source: https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN Bingo. Add the static route with a /32 and now it's working perfectly. Thanks Jim!

^ you can get SSD for very reasonable prices these days.  For you firewall even something a small as 8GB would be more than enough.  I see some small ones 8/16GB for under 20$ on amazon.

i had same problems starting with pfsense there is something with the Firewall Rules and WAN net WAN net is the subnet between pfsense and Router and not "the internet" So the rule "any from LAN net to WAN net" does not give you internet access but "LAN net to any" does. you can setup an alias for internet or do it like i do: On interface LAN block LAN -> OPT allow LAN -> any On interface OPT block OPT -> LAN allow LAN -> any

@irs: still no reply while ping the nas from remote And what states did you see in pfSense whilst doing that? You should see states from the remote client IP if the port forwards are working correctly. Steve

Nothing came up that I understood. So here is what was done. 1. Backup the configuration. 2. Re-install the whole pfsense. 3. Restore the configuration. All working without any error. All running smooth now. P.V.Anthony

I have same exact problem, Please give someone a solution. کاشت مو

GRC also allows you to choose which port to scan as well.

Thanks very much!

This is definitely not the pfSense problem, but snort or any other packages or some settings. Try to whitelist your "blocked" sites in snort.

squid is http proxy, while I am guessing you were using Srelay on openwrt which is socks - completely different. There is a Srelay for freebsd - if you really want support you could install the freebsd package - ask to get it added to the pfsense repo. http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/srelay-0.4.8b6.txz

@phil.davis: The only reason I went with the second method is because the screenshot matched the version of pfSense I'm using so I figured it was the way to do it now? The second method does mean that if someone tries to (or accidentally) sets their client to use some other DNS, that it will be "silently" redirected to use pfSense anyway. So I guess that is convenient for clients. The first method makes clients not work if they do not "obey the rules". I guess it depends if you are a kind-hearted soul or "the network admin from hell". Hehe… yah... I get it now, I think I'll stick with the kinder option for the time being ;)

More user friendly to use screen pkg install -y screen rehash screen /dev/cuaU0.3 9600