While pfsense has a wide range of uses..  I would think something like a cradlepoint or the http://www.netgear.com/landings/nighthawk-mr1100-mobile-router/

The netgear going to be more home/user budget friendly..

You could for sure build up a nice setup with pfsense at the core… But there are devices specifically designed for this exact sort of use case.  And sure you could use it as failover internet connected into your pfsense setup at home when your not travel in your RV..

Thanks all! I'll dive into this weekend.

In general you bind the dynamic DNS you want to update to the interface address/vip you want it to update from.

That is definitely not something you want running on the firewall.

Setup another system. Install Kali in a VM and you can use it very easily. But don't try to make that run on the firewall.

stephenw10; Thank you.

johnpoz: If a person goes to the parent domain and sees that I have a blog that makes the article I linked to SPAM? Get real.

You're making assumptions again without facts in evidence. The default VLAN is not the same on all my switches.

I purposely limited where 20 and 30 can go, that is by design and is why they are isolated. 30 is high continuous traffic 24/7, 20 can be at times for hours at a time. The traffic on each is confined on each. I do not want either to adversely affect one another or 10 which has its own purpose besides being the default for the majority of the switches

Look, I came to this forum to ask how to configure pfSense to do exactly what I have done. Instead of getting help all I got was hostility and telling me how stupid this configuration is and how stupid I am and many other personal attacks. And I had to figure it out myself in the end.

In case you haven't realized it Mr. Hero Member, you were of no help in this case. Put aside your I know the best way and it's the only way and help people do what they want whether you like it or not. And if you don't like it and can't do that then for God's sake leave the peole alone!

I've told you more and showed you more then you need to know. Once again I came here for help configuring pfSense to do what I want that's all you needed to know.

IF YOU ARE NOT GOING TO HELP PLEASE JUST LEAVE ME AND THIS TOPIC ALONE!!!

This is what I want to do. This is what I did. This will work for my environment. It will have all the performance and flexibility I will ever need.

That has already been fixed. Upgrade.

https://redmine.pfsense.org/issues/8360

plenty of google terms there.

Hi there. Sorry to say that when I went back to my Tab to perform another packet capture, everything was working fine. I gave it 24 hrs and things are still fine with speedy  internet browsing on the Tab. I've been living with the terrible performance for about three weeks and have not made any changes to pfsense or the network hardware. I hate unsolved mysteries!!

Thank you all for your help and suggestions. Looks like I'm good for now and will report back if things fall back to the previous conditions.

Thank you very much for taking the time to help with this, glad to say the problem is solved  ;D Your last post prompted me to try something.

I powered off the modem and back on, once it came up I checked and had lost internet except for the ability to ping 8.8.8.8.

I was pinging via IP address, and as I said before the only one that worked was 8.8.8.8 which was my gateway monitor IP address. So I changed the monitor IP for the gateway to 8.8.4.4 and could no longer ping 8.8.8.8 but could now ping 8.8.4.4.

Whilst I was in Edit Gateway changing the monitor IP address I noticed a check box to make it the default gateway, ticking that fixed the issue once applied.

Don't know if the behaviour I was seeing is expected behaviour or just some weirdness going on, either way I'm very pleased its sorted.

Thanks to everyone that tried to help.

Let me summarize:

The vast majority of functionality is just fine.  Thus layer 1 appears healthy.

From a statically addressed PC:  Sometimes SOME Internet sites are unreachable, as described below, but most work just fine.  Thus DNS, DHCP, cabling, DNAT rules, etc. are unlikely a problem.

From a  statically addressed linux box:  I've noticed intermittent access to zec.slushpool.com port 4444.  I have 100% access from St. Louis, and "sometimes" access, lasting minutes to days, from a linux box behind the PFSense firewall of concern.  A PC on a different port of that same concerning PFSense firewall also has "sometimes" access to zec.slushpool.com port 4444 - and access outages do not correlate between the PC and the linux box.  I don't think there is anything special about zec.slushpool.com - it just happens to be the site the linux box and PC are configured to use.

From my 160+ DHCP addressed processing machines, all linux based, I've seen a couple of instances of not being able to reach their primary site oh1.kano.is and have confirmed with the operator of that site they were not experiencing any issues.  Their backup site, stratum.kano.is functions fine when needed, so I only loose about 5 minutes of failover time.  I'm stating this just because its likely related.

DNS resolution works fine ALL the time.  Pinging of zec.slushpool.com fails when access stops.

Access to both zec.slushpool.com and oh1.kano.is will randomly and independently toggle, without any administrative changes occurring on the PFSense box.  (Note that oh1.kano.is is AWS based and requires a TCP ping, not ICMP).  Normally access is stable for hours - but under a curve.  e.g.  I've seen access for as little as a few minutes to days.

I have not specifically checked if the linux box can ping the firewall, but SSH sessions continue to work.  Clearly the PC can access the firewall since most web browsing functions.

Rebooting the PFSense box will sometimes resolve the access issues although its become a guessing game as to any individual website working or not.  Most do.

Changing my external static address resolved about 90% of the access issues, at least for now, but that only occurred a few days ago.

ALL of these problems started when I upgraded recently.  Prior to that I had no problems accessing everything.

ps.  I've disabled Snort blocking just to eliminate it from suspicion.  Snort is the only add-on package installed.  Also switched to 8.8.8.8 and 8.8.4.4 to minimize the chances of this being a DNS issue, although the PFSense DNS Resolver is enabled (provides effective caching for most of my machines).

pps.  Basic firewall health stats: 

I would search google for samaccountname and pfsense and see what other have done. All about configuring the authenticator with the requirements for your LDAP server.

Fiber or DSL?  What Modem??  NAT or Bridge?

searched further ..

Looks like i'm having a similar issue "ingenium" had in march 2017 with pfsense 2.3.3
=> https://forum.pfsense.org/index.php?topic=126742.0

Well, that was incredibly stupidly easy in the end … went to my FIOS box outside the house, unplugged and replugged the network cable that leads to the pfSense box, and all is fine now.

And yea, I guess my new project is to replace that cable.

Thanks for the help!

-rob.

Enabling it in pfSense prevents users/processes access the memory regions of other users/processes by exploiting the Meltdown vulnerability.

As I understand it that only affects users/processes running in pfSense not pfSense as a VM. You need to be looking for a fix in the hypervisor for that.

In general Meltdown/Spectre has minimal impact for most pfSense use cases where there are not multiple users with different privilege levels running on the firewall. IMO  ;)

Still better to have it available than not though.

Steve

@mdes

So you're probably aware of the following but it does cover what i understand to be the most relevant aspects of GDPR in relation to a pfSense device.

https://www.firewallhardware.it/en/gdpr-pfsense-opnsense/

You'll know what you are using the device for, so some aspects will affect you more than others.