Try to enter the IP address of your web server into your browser. When that works have a look at your DNS resolution, e.g. ping your web server by FQDN and look which IP you get. Which version pfSense are you using? If 2.2, are you using DNS forwarder or DNS resolver?

Thanks jimp!

Not currently, no. It may be possible by probing some info via SNMP or by check scripts using NRPE or similar.

For a VPN router you only need one interface. The "wan" can exist on your current LAN. The edge router would forward in the VPN port(s) to pfSense, and the edge router would also have a static route pointing the VPN subnet(s) at pfSense. That's really all there is to it.

You might be better off buying a preloaded device from the pfsense store.  Price is going to come in pretty close.

Can anybody help?

I think it was full install on mSATA disk i386. I will check into the menu if the console is enabled there, maybe it got disabled somehow (although I didn't do it manually, I only made a update with the webGUI. that's why I wondered).

Ugh, throw it away!  ;D I used to have one of those.  The QuickVPN never worked and the Web-SSL was a hope & prayer depending on which browser you tried to use it with.  Even if its CPU were compatible, which is suspect, I can't see how you would install pfSense on it.  It's an appliance.  It has no video or serial interface.  The very first thing I did after moving to pfSense was to ditch our SA540 and configure pfSense for OpenVPN.

The packages bandwidthd and/or ntopng may do what you need.  Search the forum for more info.  Note that bandwidthd packaged for pfSense only knows about IPv4 traffic, so if you need to see IPv6 traffic then look at ntopng.  ntopng is more capable and modern, but bandwidthd is simple and quite useful.

Have you done any empirical measuring to make sure your users aren't just seeing things?  If you have an 8Mb link and you're seeing 6-7 Mb, that's pretty good.  If you go to Status - RRD Graphs - Quality, what do you have for Packet Loss?

install the 'system patches' package and you can just copy/paste the commit-id's and apply

Dears johnpoz and Harvy66, Thank's your replay is very helpful. Yes, as johnpoz posted the problem is mask issue on server side. Cheers

Yeah one of the problems with using a actual resolver vs forwarder that if some bad dns returns glue for some domain it doesn't really own, you can now try and go to the wrong place when looking for a domain. So bad people on the internet ;)  Not everyone likes to play by the rules. If you just use a forwarder and ask say 8.8.8.8 for domainyouwantolookup.com they are the ones that have to worry about if someone gave them bad info when they asked for something else, etc. Depending on what your doing, there can be advantages to running a full resolver.. Others might find that all they really want/need is a forwarder

@nyit_dk: phil.davis, it will run but if you at the same time use IPSEC, it will drop dead :( Oh - I use OpenVPN, no IPsec. I expect Ipsec troubles are not specific to Alix. And it might just be something related to the calculation of subnet max address, which has a nasty bug on 32-bit systems. That bug easily runs the Alix out of memory. Forum: https://forum.pfsense.org/index.php?topic=87257.msg491635#msg491635

no problem :)

The key will lie in identifying the twitch traffic, or the game traffic, and policy routing it separately. How you do that is up to the services in question. If all the twitch traffic goes to a specific IP, or if the game traffic goes to a specific IP, then you could match that, or match by port numbers perhaps. As long as you can match the traffic with a firewall rule, you can make that happen, but the specifics of that depend entirely on how the services operate.

Set your browser to bypass the proxy for internal addresses.