@stephenw10:

@ieatfish:

If down the road we need to share something between us, I can make a third VLAN and have it viewable by our two.

You could certainly make a third VLAN interface in pfSense and equivalent port on the switch. Then add firewall rules to allow both of you to access that new subnet. You could has a NAS device in that subnet to share files for example.

Depending on how you use your various devices you may want to have additional segregation. I have my wireless access point on a separate interface here at home for example. That way I can happily allow internet access to guests without worrying about what they may be carrying in their laptops. With that switch you could potentially have 7 isolated subnets.

Steve

Awesome, this will definitely open my setup up for lots of options. Thanks.

I have setup OSX Mountain Lion server on Mac mini behind pfSense and have port forwarded L2TP/IPsec to this server. Works great for iOS devices and OSX computers and for me the best setup  ;)

Seriously… I never liked the security suites for Windows. Usually they have a good firewall, but piss-poor antivirus, or the other way round. And then they bundle a bunch of added bloatware that allegedly brings so called "added value" functionality - as usual, for each of those value-added functions a much better, smaller, and cheaper alternative exists. As for the application firewalls - these are so much better done on localhost, I seriously don't get why I'd want the functionality moved to some centralized megabox which does much worse job with much higher demand on resources and is much more difficult to maintain. Huh...

@NOYB:

Is pfSense em1 a vlan?  If not then the connected switch port should be untagged vlan 99.

That worked. I swear I tried it before, though before I had a D-link web-managed switch on the other end and figured I'd wait until I got another HP for the remote end to eliminated any oddities with D-link or any incompatibilities.

I've even rebooted Pfsense and it survived a reboot (the ONE time I got it to work like this before it didn't survive a reboot). I did have to reapply the interface settings (no changes, just a save and apply) before it would pull an address.

I've come to try this one last thing:

I've disabled WAN1. Couldn't go to the Internet (link to ISP2 was UP). Set WAN2 on default. Yep, Internet works now. Try to connect using PPTP from an outside machine. FAIL :(

Connecting to x using 'WAN Miniport (PPTP)'

Rumbles for 30-60 sec.

Error 807: The network connection between your computer and the VPN server was interrupted.

Yet another message.

I'm still with you but PPTP is outside my experience. It has some particular quirks that are not present with OpenVPN, all of which are related to multiple PPTP connections over the same internet connection.
I would still be looking for a routing problem, I agree it seems very unlikely the ADSL modem is causing this.

I don't believe it's the problem related to "multiple PPTP connections over the same internet connection". As I've said… WAN1 works with multiple connections without a hitch. I also susspect a routing problem... the only thing is: I've watched the logs and it seems like there is nothing in them what would help me (strange).

Thanks again :)

Ops! Sorry for the confusion.
I was dealing too much of that KBps/Kbps & MBps/Mbps  :o

I am referring to 2 MBps and I am only getting 200 KBps (2 Mbps / 20 KBps) download speed.
And now, I found out that there's a notification coming from my box saying the NIC MAC Address was altered for some reasons.
Is it a hardware problem?

Have you restarted pfSense AFTER changing the WAN to PPPoE?
In pfSense configuration files for various services (including PPPoE) are generated at startup (and possibly other times as well) from the configuration file maintained by the GUI interface. PERHAPS the PPP configuration file wasn't regenerated before PPP started.

I suggest you take these steps in the following order:
1. Set modem into bridge mode.
2. Set pfSense WAN interface to pppoe0 (in Interfaces -> (assign) page)
3. Check the details are correct on the Interfaces -> WAN page
4. Shutdown modem
5. Shutdown pfSense
6. Start modem
7. Start pfSense

If you then see the same report in the PPP log (check the time stamps on the entries to ensure you are not looking on stale reports) then please post the contents of the PPP configuration file (/var/etc/mpd_wan.conf) after masking out the authentication details.

I have not setup LAGG on pfsense yet so I can't really comment on that, though I believe it is what you will want to do on both the WAN and LAN/DMZ sides. For the WAN links, I would have them on switches like you have it diagramed. This allows either server to have access to both links. Do you have at least 3 distinct IP addresses on EACH circuit? You will need that for carp redundancy (if you have your own IPs and are using BGP or something to announce them over the links then you would just need the one set of 3, otherwise you need two sets of 3, one for each).

ok it's a little weird
i gave up, i installed a tiny smtp relay on a third server in the wan subnet, then i configured my pfsense to use this server which is in its turn relay emails to the loadbalancer address

Thanks for the suggestions - a good start. I had already utilized the how-to document linked, and had evaluated the router and pfSense logs without much suggestion as to why this occurs.
I've reset and re-configured the routers (same config as before, just re-did it) and, so far is working… So hopefully is just a Tomato issue. But will keep posted if errors return.
Thanks,
Ari

No just good timing :-)

Check the history, that section didn't exist yesterday.

Great, thanks.

This may have zero to do with it, but seems like most of the people who had issues were using dual WAN (or more)

@doktornotor:

@cthomas:

You'll need to specify the VIP directly, or create an alias which includes your wan address and vip address, and permit icmp to the alias.

… or just make it floating? :D

I have not worked much with the Floating Rules yet, can you elaborate on this setup?

No, it cannot be used with a bridge.

Chrome and Chromium work here (Windows, FreeBSD, Ubuntu) without issue, and I haven't seen complaints from any customers about it.

Not likely to be a general pfSense issue, but I suppose it could be a config issue or an issue with your ISP somehow. (Proxy perhaps? Something else interfering with its traffic?)

You could install the Backup package and then periodically grab a backup of /root/ and the user home dirs.

Eventually it would be nice to have the GUI create and store such user keys, but the functionality doesn't exist yet so for now they'd need to be backed up manually.