Ok I figured it out. Indeed the problem was a routing issue. I I first added a route in my VPN Client software(Draytek Smart VPN client) andnoted that it worked . I could have connected to resources behind the Pfsense box. Since that worked I furgured that I'd try to reconfigure the  VPN Server. I put the IP address of the VPN server withe the same network as the LAN( 192.168.12.2). That did the trick. Thanks for your support.

It only happens to Google Docs when the Sophos Web Agent is running.  This happens on the Chromebook itself, or when the kids log into the Chrome Browser with their school accounts. As far as using wireshark to capture packets, should I run ChromeOS in a VM? How do I get Wireshark to just capture the packets from the Chrome Browser or ChromeOS?

help please :-[

@slimypizza: I removed the TP Link smart switch and replaced it with the Cisco SG200-08.  I get the same results as before. That's as expected. Rules apply where traffic enters into an interface/"the pfSense box". On your VLAN90 rules tab you control where traffic from VLAN90 host may go to - NOT how they can be accessed. Ruling traffic from LAN to VLAN90 is controlled on the LAN rules tab. Only (except for floating rules). Any yes, this particular TP-Link switch is a bad choice. Others perform as expected (I have multiple TL-SG3210 but prefer Cisco SG300 or SG350 now.) Some users seem quite happy with D-Link DGS-1100-08 "$30 for an 8-port D-Link DGS-1100-08 would have been better money spent."

Use PfBlockerNG to blackhole the DNS for sites do is protocol agnostic.  You just need to find the right block list to feed it.

Do not use visudo. Use the GUI, System > sudo

Can someone help me ? Regards, Dimostin

Oh you are the first one ever to ask this question … NOT. Seriously, that's a question that comes up quite regular, so go and search for it.

Thanks for the confirmation Steve!

Thanks for your response. I had removed Squid, Squidguard and PF BlockerNG, trying to get back to a generic configuration without any major packages installed but couldn't get the Apple TV to work.  I reinstalled Squid thinking I could get back to where it worked but it wouldn't work. I have since removed Squid and power cycled the Apple TV and now it works on my pfSense with no major packages installed.  If you google the issue, everyone says you need a VPN for it to work but I didn't want to do that.

Not opposed to using pfSense and just having Cisco basically act as a switch, but if possible I'd like to utilize it as a router since I bought it and also use the content filtering. Extra layer with the redundant firewalls and filtering.

oh yes , i got it many thanks

@chrispeden: I am not exactly sure how though. I don't understand.  2.3.5 is available for download. 1. Save current config. 2. Download and re-install 2.3.5 from scratch. 3. Restore config, this will also re-install all packages.

I realize this is total necro, but this post shows up on the first page of DuckDuckGo results. I was getting Ds and mostly Fs on DSL Reports bandwidth test. In 2.4.2, setting CODELQ without bandwidth was not permitted by the interface. Setting bandwidth to a number higher than my ISP advertised rate resulted in no change in bufferbloat. Setting bandwidth to my ISP's advertised rate resulted in all As. What I found interesting is that even though I can get ~10% higher than advertised actual speed, setting bandwidth to even 50 kbps higher than advertised resulted in increased bufferbloat.

Found the way. in radcheck table: Auth-Type = googleauth in radreply table: MOTP-Init-Secret = (Secret code) MOTP-PIN = (PIN Code) MOTP-Offset = 0 Thanks!

As far as I remember, the speedtest's results are the peak results, not an average  :) But you're probably right… The VM could be taking overhead, but I was very surprised that it was taking over two times the peak of the speed test!  :P