Control internet as per user (student)

Are you talking about an URL filter here?  Squid + squidguard can do AD auth.

You should try it out in your lab or test environment, and ask questions as you go if you get stuck.

Of course I figured out the answer myself once I started digging around a bit more.  I'll leave this here in case anyone else comes looking for something similar.

The solution…

In OpenVPN custom options, add...```
--route-up "/sbin/ifconfig bridge0 span ovpnc1"

Bear in mind, I'm using this to carry the output of a span switchport over to another network in another location, hence 'span' in the command above.  If you just need to join the bridge, use 'addm' instead of 'span'.

It's that simple.

I will try this at work tomorrow. Note: I am using vSphere Client to connect to VMware ESXI machines.

The firewall can't do that on its own. Something had to trigger it, most likely the hypervisor sent a shutdown to the VM. Check your hypervisor logs.

My eyes! All that's missing is a scrolling marquee.

Unless you have a sight issue, then I apologize, could you try to use a normal sized font? Speaking of fonts, it's like a variation of comic.

So we got everything working fine. When we use vpn we can connect to our server on opt1 and everything.

But now we want to get external access to our server using the opt1 interface.

But when we forward the port it doesn't work.

we want to forward a port to our server that is n opt1 interface.

example: external ip:poort x ->to our server that is connected to the opt1 interface

Veeam 9.5
vmtools installed
Not sure if quiescence was enabled, I've already scrapped that pfsense instance and deployed a new one, had to reconfigure everything from scratch

I don;t think it was a write issue, I had 30 days worth of backups and every single one of them had the same issue. I restored alreayd a few other pfsense firewalls and none had this issue restoring from Veeam.

Bear in mind this was one of the first pfsense devices I deployed like 4+ years ago so it could be that some update screwed it up.

I tried file level restore but I could not get the appliance working, as it was a urgent matter we just ended up reconfiguring it from scratch

You probably want to ask godaddy what they require for nsupdate on whatever service you have with them, then make the acme package do that.

https://github.com/gozoinks/unifi-pfsense.git

Yes, this is probably some setting on your TP-Link device breaking stuff. If you switch to using it purely as a wireless access point it will probably all start working again.
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

But what happens when you ping one of the failing sites? Does it resolve to an IP? Does it try to connect and fail?

Steve

I don't know.  Are you getting errors or are you just curious about this specific directive?

@MPPurcell:

…it seems like you are implying that on a cheaper consumer router, the ports might actually be just switches…

Exactly that. Most SOHO style devices have a 5 port switch IC on board. Even if you kill the firmware so it's not running an OS at all it will still be a switch.

Many of them have some VLAN capability which allows some configuration of the ports separately but that is usually hidden from the user. You can often get additional functionality with alternative firmwares such as OpenWRT.
https://openwrt.org/docs/guide-user/network/vlan/switch

Steve

Thanks, maybe next time I'll try for an easier and less amusing alternative!

I was looking for the GUI built-in editor, I figured there must be something.  Like anything new there are too many choices and roads to go down, and for a Newbie at anything, even the most obvious things seem to be hidden.

Thanks to all of you for your help!

Michael

Got it!!!

Thanks for all the help and patience.