You can recover the automatic backup from right before you made those changes if available.

Take a look at Diagnostics > Backup & Restore, Config History

Doubtful that was actually necessary. But if that's what you have done, that's where you are now.

Hello johnpoz,

thanks for your quick reply.
You re right, i made a few additional adjustments after i followed the guide mentioned above to fit the setup i need.
To do this i indeed set up the two Google DNS servers (under System -> General setup) which i associated with my regular DHCP_WAN as a gateway. Additionally i created two further DNS entries (the DNS servers of NordVPN) and selected the DHCP_VPN (client) Interface as the gateway this time.
After this i switched to the firewall rules and adjusted every ruleset thats related to "non local" traffic so that LAN and WIFI traffic have the VPN interface set as its gateway and my rules for VLAN100 have the WAN interface as the gateway.
Outbound NAT is still going over WAN for my VLAN100 subnet as well of course.

I am aware that big streamers like netflix and amazon are trying to make it difficult for you to use VPNs and such but what leads me to believe that this might not be the problem here is that if i put my traffic VLAN100 traffic through the VPN i can access amazon and netflix without any trouble.
If i use my WAN as the gateway for my VLAN100 rules several "thatsmyip" websites indicate that there everything is working just as if i wouldnt sue any vpn at all, yet i cant figure out why i run into those problems.

i got it sorted it out... the cable i was using was not good even thought it was a cat6, so now it works.
PS: router can be a modem when it has built in modem capabilities, like spectrums
cheers and thanks

@aryvart said in Can't access the firewall using WAN IP address in remote location:

I have installed pfsense 2.3.2 version

Huh?? The current download version is 2.3.5 for 32bit or pretty much anyone else on the planet 2.4.3 how is it your are installing 2.3.2??? which is from July of 2016..

WAN i'm using dedicated IP address

WTF is that? Is it rfc1918 or public?

Also if that is your wan, whre are the block rfc1918 and bogon which are default. What I suggest is reinstall pfsense using current version.. Leave it default settings. If you need to remote into this then setup openvpn since opening up your gui to the public internet is BAD!!

https://www.netgate.com/blog/pfsense-software-translations-with-zanata.html

Thanks for your reply, it's appreciated.

I'm willing to remove the IPsec link then, if there is no other way.

Basically I just want an RJ45 port on pfSense2 that connects to an RJ45 of pfSense1, like it was just a simple switch inbetween them.

So I have to use GIF then. I don't mind that the traffic is not encrypted (it's just an IPTV stream), but would that also mean that my pfSense could be entered more easily by hackers?

Can you point me a bit in the right direction? So on both sides I create a new GIF interface. What would I use as the "GIF tunnel local address" and "GIF tunnel remote address"? Can I use something random (like 10.0.0.1 and 10.0.0.2) or does it needs to be in the IP range that the TV decoder uses?

Thanks!

pfSense only need a few gigs. A better question is how much space do you need? Based on your usage, I assume you're running a proxy(squid) and the proxy's cache is eating up all the HD you can throw at it. Trying to cache the entire internet?

@jknott It has direct WAN access too. But that needs to be manually enabled, since it is established via PPPoE. There is also an internal CARP IP. That is the failover part.
For normal operation though, it uses the other pfSense as its default gateway. That is the part that is not working.

So the cisco is 172.16.0.1? Or is that pfsense itself?

Where is the route?

Seems basic routing is beyond your current skill set - so why you would want to complicate it with a downstream router is beyond me.

Cisco 2800 switch VLAN2 192.168.1.253, every used port is in no shutdown mode

Also you sway every port? The port connected to pfsense, ie your transit network wold not be the same layer 2 network as your 192.168.1 network..

Hello,

The server crashed and got stuck in a loop because of the error. I had to perform a new installation "for yesterday". The only problem after I install, copy the config.xml to the conf folder and restart, was that the error regarding partitions name. I was able to check which was the correct disk and with the command: ufs:/dev/da0s2 pfsense loaded correctly.

Manual root filesystem specification: <fstype>:<device> [options] Mount <device> using filesystem <fstype> and with the specified (optional) option list. eg. ufs:/dev/da0s1a zfs:tank cd9660:/dev/acd0 ro (which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /) ? List valid disk boot devices . Yield 1 second (for background tasks) <empty line> Abort manual input mountroot>

With this step, will it stay permanently or do I need to configure something more?

If you would listen to suggestions it would be a lot easier to assist you.

Thanks. I'll take a look at using the pfBlocker aliases.

@kpa
Thanks.

Dude your rules on dmz have ZERO to do with the problem..

You don't need any rules on dmz for lan to talk to dmz.. The return traffic from dmz back to your client starting the conversation with some on dmz would be allowed by the state.

Do you have any rules in floating?

If not then do a simple sniff on lan - do you see the traffic from your lan host going to your dmz IP your trying to talk to.. Great.. Do same sniff on dmz interface - do you see traffic when you try and talk to dmz? If so then problem on your dmz host.

Post back with your sniff results.. I can duplicate this for you in like 2 minutes if you need to see pictures or something..

That is our current plan for the AM, I appreciate the input!

@johnpoz No I haven't done it yet. I'll post the update as soon as I redeploy my pfsense box.

@mic160 said in PFSense packages offline installation?:

I have deployee PFSense in internal network as bridge where no internet is available is it possible that i can install packages like Openvpn and Snort on that by uploading packages through webconfigurator?? or by any other way???

Hello,

there is no supported way to do this. You may get this done with downloading packages somewhere and install them with pkg on commandline.

only netgate's own ARM devices are compatible.
its unlikely the drivers needed for that routerboard are available for freeBSD