To answer the questions myself: http://superuser.com/questions/113393/why-cant-my-freebsd-6-1-vmware-player-client-under-win7-do-dns-in-bridged-mode Upgrade Shrewsoft VPN to the newest version resolved the problem. Hope this helps someone else.

Add another interface to pfSense and connect the ISDN router to it. Use pfSense to resolve your routing problems by static routes and the use of Squid for web browsing.

Ok, Guys is time for practicals now, my definitive guide just arribved. so i have to kick off as soon as possble.

Awesome. Thanks for posting the solution.

Usually mpd is very verbose in the system logs about PPPoE connects and disconnects.

Thanks for the response.  Can't wait till the new one comes out!

pfSense supports VLANs natively, you have to create them under Interfaces->(assign)->VLANs and then you create a new interface using Interfaces->(assign)->Interface assignment and select the VLAN you created as "NIC" for the Interface. Then you save and configure that new interface from the Interfaces menu with an IP address as needed. At that point, you go to the firewall rules, click the tab for that interface, and add rules to allow traffic. pfSense handles the routing automatically. Keep in mind that pfSense always filters traffic by applying rules to traffic coming "in" the interface the rule is for. So interface VLAN10 for example would have rules that applied (allowed or blocked) traffic whose source was the VLAN10 interface. By default, interfaces on pfSense allow NO traffic so you will need to add allow rules as necessary to allow inter-VLAN routing and access to the Internet. Floating rules and Interface Groups (which hold a set of interfaces that you can create rules for all at once) may help reduce the number of rules you need for a large number of VLANs. You'll need to set up the VLANs on the switches of course to be tagged correctly so they all reach pfSense and are tagged on the port that plugs into the pfSense interface where you create the VLANs. Alternately you could do your routing in a Layer 3 switch, or with an open-source routing platform like Vyatta, or using a Microtik Routerboard device, and have pfSense just firewall the route from the router to the Internet connection(s).

Well, it doesn't have to be SSH…I haven't used the commercial support (I wish!) so I'm not sure how that plugin does the backups but something similar for third party/self-hosted servers would be nice. But I know that's one of the benefits of commercial support. Technically you could limit ssh permissions so the user could only write and not read, so it could be secure without a password...anyway :-) I'd write the widget if I knew what I was doing, but it would probably take me a few hours to figure it out, as I'm not really familiar with the pfSense codebase or interface, though I have a lot of Perl and some PHP (picked up easily enough due to Perl) experience in the past (not recently though).

pictures need to be externally hosted, the only default is a blank image, hence no picture

Ok, I think I found part of the problem, but not sure how to fix it? for nntp I use SSL, port 563; in using that port pfSense limits my speed to 7Mbit max. This is with Traffic Shaper on or off. The latency issue seems to be gone since updating to 2.0-b5

Problem is P2P uses a LOT of connections, and pfSense only sees IPs, unless you do some Layer7 inspection. So you wouldn't know if they were downloading linux distro's, WoW patches or movies or whatever uses BT these days. But yeah, you can log all the connections. Just enable logging on the outgoing pass rules, and send it to a syslog server. You can do whatever you want with the logs from there. It is going to be a LOT of information though…

The best varies from one environment to another, as requirements vary. L2TP is a tunneling solution only in 2.0 currently, not the L2TP+IPsec VPN option. PPTP is generally undesirable because GRE has trouble getting through many NAT devices, and can't work at all with some ISPs, where we usually see that is with 3G providers who assign private IPs to customers and NAT their traffic, they frequently do not NAT GRE at all and hence PPTP can't function. That's very common in Canada and Australia, and probably elsewhere in the world though I haven't personally seen or heard of it in the US and Europe. PPTP is also the least secure option. In general, I prefer OpenVPN because it causes the least grief on the client side (it's userland based so it won't blue screen your PCs), it causes the least grief with firewalls and/or NAT the clients are behind, it offers the most flexibility for routing, NAT and any other advanced tricks you may need to accomplish, and it works flawlessly (not that the other options don't, they do aside from issues inherent in the protocols being used). There is a more comprehensive discussion of this topic in the pfSense book, in the VPN chapter, section "Choosing a VPN solution for your environment", that covers things in much more depth.

Yes, it had the pfSense router address as source…  :o Well, I'll keep an eye on it and post here if I have some new info...

@jimp: So yes, it can work, but it's likely going to be slow (even far, FAR more so with Untangle) there, I fixed it.  ;) You can hack the sysctls to disable filtering entirely for if_bridge which will make it pretty quick, not nearly as quick as a switch though, you're going to be limited by the PCI bus using a standard PC. If you don't care about getting a lot of throughput between the hosts it won't matter.

Scratch that its just come back to life lol. Probably just a huge amount of lag on it to be honest, no wonder its on the Live CD at the moment, but the main core will have loaded into memory so not to worry. Will try that tip you suggested if the same error occurs when I try to write the configs to the hard drive, so happy its working again lol. Thanks for your help, Jeremy.