I have toyed a bit with this , and here is a working solution wo. to much "no..no"

********* Works wo sudo hack on linux ************** Only first time (ever) - to make ssh work wo. asking for passwd ssh-keygen ssh-copy-id user@pfsense-fw If sudo is installed on pfsense ---------------------------------- remote:~$ mkfifo /tmp/pcap remote:~$ sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap If sudo is not installed on pfsense ------------------------------------ ssh to pfsense as root/admin , enter 8 for shell remote:~# mkfifo /tmp/pcap remote:~# tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap and send the data by a separate connection: local:~$ mkfifo /tmp/pcap local:~$ ssh user@pfsense-fw "cat /tmp/pcap" > /tmp/pcap and finally start Wireshark local:~$ sudo wireshark -k -i /tmp/pcap ********************* end ***************

I do have this one liner working
As local root (due to wireshark needs root)

local:# ssh user@pfsense-fw sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' | wireshark -k -i -

But it requires sudo to be installed on pfsense

https://www.cyberciti.biz/faq/how-to-add-delete-grant-sudo-privileges-to-users-on-freebsd-unix-server/ install pkg install security/sudo

And some "nasty" visudo things, that would get a "security officer/revision" to get "Red Ears" ….

I could prob lock it down to just work with tcpdump , but for now it's allowing my local user to sudo anything wo even asking for a pwd. Provided he's a member of the admin group.

Have fun "Sharking"

Ps:
Most of this nasty stuff would prob not be needed of we could get a way to ssh into pfsense as root , wo. hitting the "menu".
Or if we could ssh into pfsense w. a user that was allowed to run tcpdump on an interface.

/Bingo

Heper,

Thanks for that…..one I had not considered and will probably perform exactly what I need....

In fact as I was typing, on that same system, I just marked the Gateway Offline and put the Gateway Default back to the Primary Link (which has been marked as down)

The results were

Forwarded Ports to the Secondary WAN link  - responsive
Inbound OpenVPN connections working
Outbound OpenVPN Connections working
Everything else working as it should in a failover situation.

Heper,

Thanks that appears to do exactly what I need…..

Regards

Bob

I believe you. Currently working with FreePBX forum to resolve this.

Ha, no need to feel bad, I'm glad you got up and running.  :)

Steve

Thank you for replay.

I will check and inform.

Completely up to your switches. pfSense LACP will not care.

@valnurat:

…..
But is it not possible to use 8.8.8.8 instead of my ISP?

Yep.
If you prefer that Google knows all about your DNS requests (so they know what your are doing every time) instead of your ISP, then it is ok to switch to them.
Normally, you shouldn't do this all together, and just use the Resolver -as it is activated by default.

I'm not sure what you mean here. Sounds like you are asking for something for the captive portal?

It already has a popout logout button feature.

Steve

No. You need to understand VLANs.

Edge devices get untagged, access ports in almost all cases.

Connections to VLAN-aware devices like other switches, pfSense with tagged ports, Access Points, etc get tagged, "trunk" ports.

Chapter 2: https://books.google.com/books?id=dkDsJmnsejEC&pg=PA51&source=gbs_toc_r&cad=4

here

vpnserversettings.png
vpnserversettings.png_thumb

can you describe me your configuration a little bit more? VLANs etc?

I have problem with shared IPMI.
I have LAGG LACP configured with 4 interfaces. One of them is IPMI.
LAN VLANs are 10,11,12,20 etc.
WAN VLAN is 8.
IPMI VLAN is 20.

So I configured in IPMI settings - VLAN 20 with DHCP

Ports in the switch are configured as LAGG. All VLANs are set up as Trunk (10T, 20T).

In theory, IPMI should have port configured as access 20UP, but in my case, port is configured as LAGG and it has VLAN 20 set up as Trunk. Switch (cisco) doesn't allow me to setup VLAN 20 as Access and Trunk.
I'm little bit confused how to configure that properly. Maybe you can help me out. I know that there are some type of ports like general, but I am not familiar with that…

Did you check the Firewall->NAT->outbound
if you setup manual outbound nat you have to enter the mappings in there manually if its setup as Hybrid (my choice) then new interface mappings are automatically added and you can also enter manual ones.

Perhaps a problem with squid and SNI?

https://forum.pfsense.org/index.php?topic=111418.0

https://forum.pfsense.org/index.php?topic=123223.0

As doktornotor likes to say, this thread is starting to stink.

Thank you.

I have this:
http://www.dell.com/support/home/us/en/19/product-support/servicetag/3f47c5j/diagnose

What kind of smart switch is available?

@GhostRunner:

But if I relocate the pfSense box how do I connect to it from an office that is upstairs?

The assumption would be Ethernet but I'm guessing your house isn't wired for it. If you have coaxial television outlets in the office and near your router you can use a pair of MOCA-Ethernet adapters (https://www.actiontec.com/products/home-networking/ecb6200/) to create an Ethernet link over the coaxial cabling.

@stephenw10:

That looks like an issue entirely within VBox if it's between the host and the guest. That traffic never goes through pfSense.

Try an iperf test between pfSense and the host on VLAN30 to confirm that.

Steve

you are right. iperf from and to the router is "fast" (in quotes because it's a gigabit line, but it does only 596 Mbit/s):

[2.4.0-RC][admin@rutter.in.tern.al]/root: iperf -c 192.168.30.10 ------------------------------------------------------------ Client connecting to 192.168.30.10, TCP port 5001 TCP window size: 64.2 KByte (default) ------------------------------------------------------------ [  3] local 192.168.30.1 port 57809 connected with 192.168.30.10 port 5001 [ ID] Interval      Transfer    Bandwidth [  3]  0.0-10.0 sec  711 MBytes  596 Mbits/sec [2.4.0-RC][admin@rutter.in.tern.al]/root:

So it's a VirtualBox problem. Thanks stephenw10!