Activating the RAM disk options for /var and /tmp under System > Advanced on the Miscellaneous tab will reduce the amount of writes.  This is extremely effective on standby members of a two-node cluster on heavily-utilize internet connections!  Disk writes went from up to 100MB/s to nearly zero on the standby firewall in the HA carp cluster.  Since the firewalls are servers with plenty of ram, I set the ram disk sizes to 1 GB for /var and 500MB  for /tmp .

That iTel looks like a pretty good service if the use case is right.

Why do you want to specifically use pfSense here when all you seem to need is a proxy server?  Any *BSD or *nix box could do that for you. I've never heard of a single-NIC config where the NIC is WAN.  I also haven't had the need to actually configure like this, so I don't have direct experience.

Once the VLANS have been configured on the physical interface they should be listed in the drop down menu at the bottom of the interface selection with "ADD" to the right (I've attached pic from my home unit) Once added you can then configure the IP addresses / etc of them and should be able to bridge them from there.  

@hypernative: Dial on demand.. that's new information for me. The line is fiber.. Why i want it to be restarted compeltely: The router is running is a VPN-client, all traffic is routed via the external vpn source. If the VPN provider has problems, and later when the VPN service is UP again there can be scenarios when the router has to be restarted.. Well I was referring to reauthorizing PPOE (if you were using it), and again, can't you build an IPSEC tunnel on the pfsense directly to the remote end, that would bring the tunnel up when it sees interesting traffic instead of involving another random bit of hardware running it's own VPN client?

There is a recent hangout explaining how to use OpenVPN as a WAN (PIA, etc). It goes into detail regarding policy routing. Yes, Gold Membership gets you access there. October 2016 pfSense Hangout on OpenVPN as a WAN with pfSense March 2016 was Multi-WAN: https://portal.pfsense.org/webcasts/index.php?video=160624666

So… it seems to be the LRO that is decreasing the throughput. I'll keep you informed. *edit: i think that and some performancetuning helped.

Ok. Found my miracle. One firewall rules block this.

i would stop trying to measure from/to the firewall. This is pointless & incorrect. try this & report back: iperf-server<->routerWAN | routerLAN <–> iperf-client

Thank you very much hda!

@johnpoz: You do not need to put anything in there if you just want to have the dhcp clients point to IP the dhcp server is running on for dns..  Its right there in the text below the dns boxes.. Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page. Thanks, apparently I've read way too much in the past few days and my brain is melted. Thank you for your patience, I got it :D

The wan is a 10.0.x.x /16 and the LAN side is the default 192.168.1.x /24.

Try the WAN NIC.  They might be swapped.

@vitoreiter: …and for security purposes I can't really give exact IP's. For example lets say that WSUS is on x.x.x.45 and other systems are on the same subnet ... Do you use public IPs internally? Then use RFC5737 Test-Net addresses for documentation, that's what they are there for. But usually RFC1918 are misunderstood. I'm currently dealing with a university that does just that, use public IPv4 addresses internally. And only internally…

So, driver issue, who`s responsible for that ;)