I don't know but I can give a hint in the right direction: You have to use the "Services > Dynamic DNS" page in pfSense (https://pfsense/services_dyndns_edit.php) and select "Custom" as the Service Type. This page has lots of examples that may help you figure out exactly what values to put in pfSense: http://dyndns.it/guide/

What do you mean by "full backup"? Just a copy of config.xml? Or did you attempt some sort of full-disk image or archive? From the little output you have shown, it is missing a kernel package somehow. You can reinstall one easily. If it is a normal installation (VGA console), run: pkg install pfSense-kernel-pfSense If that doesn't help, post the output of this command and we can see what else is missing: pkg info

No, that is not possible. You have to use CARP for preemptive failover. You cannot trigger a firewall to fail because a WAN failed in the way you describe without using CARP. And even then, that only covers a physical failure not a gateway failure. You need to setup a proper HA cluster with the same WAN(s) connected to both units. It doesn't matter if the brands of the firewall don't match, you can still use HA on there with CARP, the only limit might be that you can't use pfsync for state synchronization.

@remlei: vlans wont work, since im not using vlan on wan interface. its a untagged traffic. and all wan interface connect to same untagged traffic. Well, that is completely broken idea as noted above, plus frankly, if those 3 PPPoE WANs are using the same gateway, you will just get an unsupported setup broken in various more or less cryptic ways, VLANs or not.

There is currently no API or method for central management. XMLRPC from High Avail. Sync is as close as you'll get with what is built-in currently. We are working on one, however, but it's not yet available.

Create a new LAGG with only em2. Create VLAN tags on that LAGG. Then reassign all interfaces to the new VLANs on the LAGG. Once nothing is assigned that uses em1, delete the VLAN tags from em1 and then add em1 to the LAGG. You'll probably have to adjust the switch at various points along the way if it isn't smart enough to know when the port should/should not be used in the LAGG/LACP group.

Darn it I found the problem! I had entered a VIP on the interface with a netmask of /24! Doh! I've removed that and am now somewhere nearer getting it all working. Thanks for the help. Bails

Somebody know how fix this error?

So does the router have to be on its own port or will it work off my current switch?

@johnpoz: "VLANs are not for isolation or security" "just use the firewall rules to block attempts to communicate within the network" Huh??  Vlans are very much so for isolation and security ;)  When your route the vlans through a firewall like pfsense, or via a L3 switch with ACL's applied.. How exactly is the firewall (pfsense) going to stop devices in the same network/vlan from talking amongst themselves? Hah :) Wow, that'll learn me for drive-by commenting. No idea what I was thinking in regards to those two statements! Disregard..! But the inability to scale well for this scenario still applies.

In my example, I was pulling the cable from WAN2 port which is not the default gateway. When this occurs, I can't log into the GUI so I am actually establishing a new connection to the GUI. My WAN2 connection is a satellite link which has high latency to very high latency. I have attempted to change the monitoring settings to compensate. Nevertheless, the alternate WAN2 gateway can get marked down multiple times a day and sometimes multiple times an hour. But again, this is not the default gateway. Perhaps I should attempt to adjust it more. Currently have WAN2 removed and just running a day or so without it in the mix and see what happens. Thanks for the information, this certainly gives me something else to check. At the end of the day I hope to have the DSL on WAN1 and the Satellite link on WAN2. The only time WAN2 gets used would be if WAN2 goes down. I know it's not ideal setup but we are out in the middle of nowhere and that is all we have for Internet. No Cable anywhere in the area. Mark

https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server Or are you talking about connecting pfsense as a client to some VPN service you have purchased or run somewhere else?

@Chrismallia: Throw out the router and buy a dedicated AP In larger professional environments I would agree but in any application where budget is a concern, routers often offer better bang for the buck. In SOHO applications, where budgets are often very tight, the additional switch ports are also often useful additions. It's very simple: If the router have an AP mode (as the router in this thread have with original firmware) - use that and connect to any port. If the router doesn't have an AP mode - don't connect anything to the WAN port and disable the DHCP server (if another DHCP server is already present in the network).

Nothing definite unfortunately. Typically you would see a watchdog timeout error from one of the msk NICs on the console. You might try leaving a serial console connected to see it anything is shown. Did you see this without the modified drivers? I've no idea what those were compiled against or what changes went into them. I didn't compile those 10.X modules. Steve