@wonslung:

why not use static dhcp?  it's much more simple than using static ip and the results are the same

Agreed.  Static IPs are for servers and network equipment.  Anything the end user touches is DHCP.  Addresses can be reserved so they always get the same one, but no end user equipment is ever static in my environments.

Personally I'd go with IPsec since I'm familiar with it, but it really shouldn't matter.

All you'll want is to make sure that the VPN appears as an addressed interface on both ends, then set up the VPS to do NAT with the VPN interface being the "inside".  Configure pfSense with the proper rules so the box you're using is routed over the VPN and you should be good.

I don't have my pfSense box hooked up right now (running an 1841 so I can learn IOS) otherwise I'd try it with my dedicated server and post specifics, but maybe someone else can fill in the blanks.

This problem may be solved, but we need testers.

Please see http://forum.pfsense.org/index.php/topic,15669.0.html

i think it's more of a function of squid…..it can probably only cache from one wan at a time

Thanks very much for that, this code seems to be very similar to what I need (though it's pretty trivial anyway). I guess I will just write something similar from scratch.

yes, I am aware of this, but if problem is not elsewhere, then every self respecting router or firewall should handle this. In fact, I have also tried many hardware (D-Link, Juniper, Extreme Networks, etc.) and software (OpenWRT, Coyote, Zeroshell) routers, and pfSense was only what did not pass these packets. This was very surprising to me, that such trivial problem exists in any other way - excellent router software, for a long time, and nobody care about that.

you should have no problems

look up "1 to 1 nat" and "advanced outgoing nat"

thanks Cry Havok

I tried switching the DNS address around and adding in a third I found on a bellnet.ca search and all seems to be well now. Something is messed up on the original DNS and Im not sure if they fixed it or if the switch in IP's changed but I am able to send email now, that seemed to be the only issue that we were encounting while doing other tests beside the lookup.

Appreciate the effort.

I apologize,
I do not have a solution to your problem but I do offer a work around. Why don't you connect the two switches together and have just one LAN. I understand that you are trying to save a port on your switch however such a model is a bad practice.
I would recommend connecting the switches.

Well - I have reinstalled and all appears to be well now, or mostly well now I have extreme throughput slowness but that will be a different post.  Thanks for the response!

-Aaron

Thanks, Didn't see that option.

Hi wallabybob,

That's great advise.

After enabling polling and rebooting, my problem has seemed to go away.

I'm not entirly sure if polling did anything to help it - it may have just been the reboot! But if the problem comes back I'll be sure to refer here to quantify the interrupts generated.

Just FYI, I was trying to do a samba (CIFS) transfer at the time over an openvpn connection (The openvpn server being seperate from the pfsense box) to a remote openvpn client in another country connected via a DSL connection (8Mbps down and 832kbps up as pfsense sees it).

Before the reboot, pfsense GUI and shell access would be non-exsistant after about 2Mbps or transfers down from the remote server. After the reboot, I can hit 6Mbps (which is the max that this openvpn connection can reach for some unknown reason) without any problems.

The speed measurements are from pfsense's traffic graph. Before the reboot, I knew that pfsense would become unresponsive at around 2Mbps as that's when the graph would stop working..

Cheers

JT