So the system has an onboard ethernet, 802.11a PCI and 802.11g PCI (plus usb ethernet for uplink); when I bridged g+ethernet and then set up a as a different range with different dynamics, the dhcp server wanted to serve a single range of dynamics on both interfaces (the g/eth bridge, and the a), which of course resulted in nonroutable addresses on one of the nets.

While reconfiguring I inadvertantly bridged the a net to the g/eth net. It works, including over a reboot. Beats the heck out of me. But it's been working for over a month.

What do you define as loadbalancing?
pfSense can do Roundrobin balancing so not a "add the bandwiths of both WAN's together" but more a "spread the connections to both WAN's"

What do you mean with: "My firewalls are behind a hardware loadbalancer that supports loadbalancing firewalls."
Could you elaborate on that?

It was more Seth's posts that suggested a desire to bypass corporate security/policy.

My 0.02 <currency>- if you want the VPN to really be secure then you need to manage the clients too.  Convenience is nice, but having your corporate network compromised because your end users can install anything they want isn't a good goal ;)  Oh, and I've seen that happen, so it's not just theory.</currency>

You need to enable the static port option in the advanced outbound nat options.

http://doc.pfsense.org/index.php/Static_Port

Which version of pfSense 1.2 were you using (exact version, "the latest" is meaningless)?

Which version of m0n0wall are you using (ditto)?

I've been successful in adding VIP's using these commands for each VIP in the pfsense config (xl0 is my WAN interface):

<system>... <shellcmd>ifconfig xl0 10.1.1.254 alias</shellcmd> <shellcmd>route add 10.1.1.0/24 -iface xl0</shellcmd> ...</system>

Note I then had to add manual outbound NAT for each VIP created (192.168.10.0 is my LAN subnet):

WAN | 192.168.10.0 | * | 10.1.1.0/24 | * | 10.1.1.254 | * | NO
…
WAN | 192.168.10.0 | * | * | * | 192.168.0.2 | * | NO

(The second entry is the actual WAN interface IP)

I set this up a while ago, and foolishly didn't document any of it! So I hope this makes sense to you.

@jahonix:

10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
What the heck is your ISP doing there?

Thats not my ISP, thats me. For some reason, DNS dosen't get passed through to pfSense, so I set it as 10.0.1.3 (Primary server on the wan side) and 10.0.0.2 (old router that this modem setup replaced). Reverted it to just 10.0.1.3, with the option to have it overidden enabled.

Edit: Updated to latest snapshot (1.2-RC3 built on Mon Nov 26 14:47:57 EST 2007) and it now gets my ISP DNS servers on vr0, or it could have been the reboot I don't know, I was pressing disconnect/connect last time and not getting the ISP dns.

http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F

If you're using m0n0wall, why are you posting questions in the pfSense forum?

http://forum.m0n0.ch/index.php?board=4.0

http://forum.pfsense.org/index.php?action=search

This really has be discussed numerous times.
Take your time and read.

results you get with the keyword: VIP
http://forum.pfsense.org/index.php/topic,5253.0.html
http://forum.pfsense.org/index.php/topic,6793.0.html

If it's a full install in the default configuration, the console menu will let you reset the password

Hi cmb.

I stand corrected.  To summarize:

By default, on full installs the password cannot be recovered through the serial port.  The option to reset the password is available through local (vga+keyboard) console however.

On embeded installs console option to reset the password can be accessed via serial port.

thanks.

Yah, but what I am saying is that there may be some type of wierd comaptibility quirk with the versio you are using and the pfsense software.

Also… What kind of connection do you have (DSL/Cable) and how is it setup?  Sometimes having your router handle PPPoE Authentication can mess w/ a VPN Client due to it's change in MTU size.

Peace...

and if you're looking for a mailing list just read hte official pfSense page
http://pfsense.com/

http://forum.pfsense.org/index.php/topic,5216.0.html

thanks, i might put it back on the P3 machine that i ment for it, im just having dissconection problems that now i know are not computer related

Really. Read the forum.
There are lot's of posts about this one. (no it's not possible)