I have found a better solution for this problem, using squid instead of firewall rule. I did get success using firewall rules but I have to include every google and youtube ips I found in arin, not an ideal solution for me. Now I have set squid to use gateway of the vpn and firefox add on foxyproxy only to use the proxy for youtube and it works without a hitch :)

Here is how i do it if anyone needs to know
add this rule to floating rules
interface : vpn interface
direction : out
protocol : tcp/udp
source : any
destination : any
destination port : squid port
gateway : vpn gateway

in proxy server general setting
interface : lan and loopback
custom option : tcp_outgoing_address 127.0.0.1;

and you are good to go, set your browser to use the proxy and every traffic to the proxy will go through vpn gateway
I didnt make this soution but found it here in this forum, it is the same setting with proxy for multi wan.

I don't have a single box that won't soft shutdown by pressing the power button.
So I can verify it does work though I don't run nano anything.

That's not possible yet. I'm hoping in 2.2 to extend the notifications system to include capabilities like that, but that feature doesn't currently exist.

Will open a new thread in Virtualization section on pfsense freezing frequently.

they're directly translated into pf with those names and pf doesn't allow characters we don't allow.

;D Excellent

The combination of both of your answers solved my issue, thank you both for your time and effort, i was close with the static routes but i was looking at it the wrong way, and i had no idea about that default LAN rule.

Once again Thank you

For any one else in the future that stumbles on this issue here is my configuration

Image Hosted by ImageShack.us

Image Hosted by ImageShack.us

Ah, it was the BandwidthD plugin. I had that on the old box though. Strange…

Ahh right sorry.

Yea makes sense to be honest, just going into auto mode myself when I do things like this with my server.

Thanks for the tip!

I have never used any Ubiquity hardware but a quick look through the manual shows that it seems pretty well thought out and almost specifically designed for your situation.  :)
It looks as though your can run multiple SSIDs on each AP (virtual APs) and each SSID can be set to use different VLAN IDs and authentication.
So you need to set your APs to run a parallel wifi network with a different SSID and VLAN tag. Set the authentication on the new network to just the WPA2 so your cameras don't have to deal with login. Setup a new interface in pfSense, as you've already done, with the VLAN tag. Now apply firewall rules as appropriate.

If you run into the tagged/non-tagged traffic problem you can always set your guest wifi network to use VLAN tagging as well and have two VLAN interfaces on LAN1 such that all traffic becomes tagged.

Steve

Thank you all, I meanwhile ended up trying to follow the hint to better get a new transfer network / WAN configuration.

Thanks Chris for working through my post and helping me to make a decission towards the right solution.

The only thing where I´m stuck is the VPN IPsec restrictions for the mobile users.
Could anybody give me any hints how to restrict diffenet users to different local subnets.
For example:
LAN has 3 subnets 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24
IPsec User 1 should only be able to access 192.168.1.0/24
IPsec User 2 should only be able to access 192.168.2.0/24
IPsec User 3 should only be able to access 192.168.2.0/24 and 192.168.3.0/24
Where can I set those restictions in pfSense?

Thanks again!
Harry

thanks :-)

You go to the 'Certificates' tab in Cert Manager and click the '+' sign. Now change to 'Create an internal Certificate'.
This will create a certificate from your CA (that you just created), you can then assign the webGUI to use it.

However this will not help with your problem installing the CA key in IE. You should be ab;e to do this whether or not you've created any certificates from it.  :-\

I agree with Johnpoz: open the .crt file in a text editor check it's a real and complete file.

Steve

I've never seen nor heard of that happening so I'm not sure how you got into that situation. Maybe an upstream proxy or something returning invalid data when it did an update, though newer versions validate that data. That's never part of the normal restore process.

Thanks Wally!

I presume you are issuing the rsync command on a Linux system and expecting pfSense to respond.

pfSense standard installs do not include the rsync and rsyncd utilities.

The man page for rsync on my Ubuntu 12.04 netbook says of the "-e" option:

If this option is used with [user@]host::module/path, then the remote  shell  COMMAND  will  be
              used  to  run an rsync daemon on the remote host,

Since there is no rsyncd on the remote host (pfSense) this won't work!