Hi folks
again: is there a more expanded or sampled php_shell explanation?
Important is the
-VLAN creation
-assigning VLAN+Naming it
-enable DHCP+setting the right suffixes
-enable NTP
-enable DNS
-copy or create FW rule set

Cheers
Michael

Thank you.  I guess in addition to pfSense being updated, the iMac & Safari were updated in last few weeks also and maybe that has caused this to start happening.

I'd rather not add another browser to my system so I'll just make do with a dashboard refresh instead.

@johnpoz:

"don't let your ISP know buy a VPN "

Yeah lots of people say this - especially the guys selling vpns ;) heheeheh

Its got to be one of the most hyped up buzz words currently.. Next to dns leak - both of which I am just sick of hearing to be honest.. Idiots don't have a clue how dns works at all - but now they are freaking out they might have a dns leak… Oh my gawd, my isp might know I did a query for pfsense.org.... And wtf they know I go to amazon.com and facebook --- F'ing Bastards spying on me ;)

Yeah there is more to it than that though. There are methods I do not fully understand that content providers are using DNS to geolocate.

Watched one guy try to get a baseball game and couldn't due to regional blackout then switched to some DNS spoofer (no VPN or anything, just new DNS servers.) I said "it's not going to work" then it god damn worked like a charm. All season. I can't remember the name of the service but it's what they do.

So there is more to it than rampant, unjustified paranoia.

Boot a vanilla FreeBSD 11.1, if it shows the same problems report it to the FreeBSD developers. If not create a ticket on https://redmine.pfsense.org.

Sammy to user:  Plug in the RJ45 cable, it MUST go in with a SOLID POSITIVE CLICK and no mushiness.

@aagaag:

which rules do I need to set up in order to make sure that asset with IP 10.10.0.1 routes through the WAN whereas 10.10.0.1 routes through OpenVPN?

???

That tutorial seems to be very old above all (pfSense 1.2.x?)

Don't set an allow any rule on the OpenVPN interface as described in the tutorial if you have no special reason to allow incoming traffic from VPN!

Remove the redirect gateway option and check "Don't pull routes" in the client settings.
Add an alias to pfSense in Firewall > Aliases > IP and add all IPs to it you want to direct over the VPN.
Add a firewall rule to the LAN interface or which one the vpn devices are attached to, allowing outgoing access, open the advanced options, go down to gateway and select the OpenVPN gateway.

Yeah there are going to be a HUGE amount of false positive on the free and or even the paid threats.  This is the very nature of IPS… It takes a lot of time to tweak it for a specific network to not show lots of noise..

It just blows my mind how users think oh clickity clickity full blown IPS for free and zero noise or false..  Like saying hey you know which end cuts on that scalpel, sure your ready that open heart surgery then ;)

Do you really think IT is that easy that any billy bob can push a few buttons on a gui and be all set with something like a IPS???

How come users don't think they can tear apart their transmission and rebuild it - but any tom off the street thinks he can fire up a IPS system to block down stream natting with a click of a button? ;)

Cheers. I knew it would be something simple I missed. Had to put the outbound rule for the VLAN for OPT1.

Now it's all working. As soon as I type the last reply I realised my error. Sometimes it just needs a fresh pair of eyes.

Thanks

https on squid is a mega pain.

Checkout pfblocker for a cleaner internet. (ad free)

That post on the site was from 4 years ago alot has changed

There is no need to create an alias.  All your networks you create n pfsense will automatic have a listing and will be in the destination dropdown when you create the rule…

@johnpoz:

"The Unifi AP is on port 39, 41 & 43"

Then vlan 1 if that is your 192.168.0/24 network needs to be untagged on these ports if you want to be able to talk to them, same with your controller it needs to be on a port that is untagged.

if your going to want to use vlans between switches then the ports connecting them should carry all your vlans tagged..

thanks johnpoz it worked  :)

pfSense 2.4.3 works great with PC Engines APU2.
I run addisional darkstat, unbound and openvpn.
And having traffic shapening setup - "my internet connection" has never been better!
Also I done some dns adjustments to get it even abit faster :)  google namebench

Can this be some kind of issue with my bios?

Can you help me with the procedure?

No.  It has nothing to do with pfSense.  While I have compiled squid from source before on Ubuntu, that was a few years ago.  Perhaps I was unclear.  When I said you would need to spin up your own server, I was talking about a Linux box for instance, not another pfSense.  Compile squid form source on a Linux box and then use that squid.

Is that could be a security issue?

Nothing to do with security.

A better solution might be to allow this specific user to go around the proxy.

As the squid page notes, this has only been tested up to 32K and your URL is 36K, so it may not even work.

By default, you cannot connect to WebGUI via WAN, only LAN.  If you want to enable WebGUI from WAN, see this:

https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN

Also note you should edit your WAN interface (Interfaces - WAN) and uncheck the Block private networks and loopback addresses option.

Overkill.

Just as an update, if you check the ticket we just merged a fix from PiBa. Thanks!