@fabrizziop: I made a pull request about a month ago, fixing the issue, but got totally ignored. Not ignored at all, that was just too late in the release cycle for making that kind of a change. Cipher changes seem innocuous, but when you have to support a wide range of devices, with a variety of other pieces potentially interfering (such as hardware crypto cards), that's not the kind of change you make late in a release cycle. It's something we'll get merged for 2.2.1 and newer releases.

Yes.  ;) There's nothing special about the modem-router connection it's standard ethernet. Steve

Install the Cron package and remove the nonsensical cronjob.

On most tests I did, bridge is not the best setup for packages. If you use it only as a firewall, try to create a forward rule to send http traffic to a third gateway/machine with dansguardian and squid. clients –-> pfsense bridge ---> lan --->                                           |---> second pfsense as a server with dansguardian and nat rule to transparent proxy. Remember that a lot of sites today uses https, so this setup will not work for them.

I can max out my 80/20Mb connection on an Atom 510 board using dual Intel NICs. I am very happy with it. My VPN connection is always limited by the rubbish remote wifi I am on. For home use, older atoms (if you can find them) are fantastic.

Yes, and that was exactly what was causing it. Just checked the x-forward box and it's sorted it. Cheers mate.

hmm… maybe it was a bug after all ... one thing i do remember, the first time i tried to update it went very quick, so i was worried and did another update after that, to make sure it didn't corrupt anything. Besides squid not working, what are the other disadvantages of running nanobsd ? Like i said I had SLC SD cards so i'm not worried about limited write cycles.

Setting the local network to 0.0.0.0/0 to reach the Internet is the right move. Technically that should have also been required in racoon as well, though at times with mobile it was all too happy to take whatever P2 network the client said it wanted, which is a tad insecure.

Your probably getting a cert error with lync. You may have bypass https filter for lync's external server.. What are you seeing in your lync client logs? There is alot of into in there. use Snooper to read them

@heper: squid developers should remove the https functionality. It's evil. Some people absolutely need it because of law, like schools. The road to hell is paved with good intentions.

Jan/23/2015 10:52:32: send request to ff02::1:2%pppoe1 Jan/23/2015 10:52:32: reset a timer on pppoe1, state=REQUEST, timeo=0, retrans=977 Jan/23/2015 10:52:32: receive reply from fe80::223:4ff:feea:2318%pppoe1 on pppoe1 Jan/23/2015 10:52:32: get DHCP option server ID, len 10 Jan/23/2015 10:52:32:  DUID: 00:03:00:01:00:23:04:ea:23:18 Jan/23/2015 10:52:32: get DHCP option client ID, len 14 Jan/23/2015 10:52:32:  DUID: 00:01:00:01:1c:4a:d9:23:00:1c:c0:d8:96:75 Jan/23/2015 10:52:32: get DHCP option IA_PD, len 41 Jan/23/2015 10:52:32:  IA_PD: ID=0, T1=900, T2=1440 Jan/23/2015 10:52:32: get DHCP option IA_PD prefix, len 25 Jan/23/2015 10:52:32:  IA_PD prefix: 2001:8e0:14b1::/48 pltime=1800 vltime=21600 Jan/23/2015 10:52:32: get DHCP option DNS, len 32 Jan/23/2015 10:52:32: nameserver[0] 2001:8e0:80::dead:beef Jan/23/2015 10:52:32: nameserver[1] 2001:8e0:40:304::dead:beef Jan/23/2015 10:52:32: make an IA: PD-0 Jan/23/2015 10:52:32: create a prefix 2001:8e0:14b1::/48 pltime=1800, vltime=21600 Jan/23/2015 10:52:32: executes /var/etc/dhcp6c_wan_script.sh Jan/23/2015 10:52:42: script "/var/etc/dhcp6c_wan_script.sh" terminated Jan/23/2015 10:52:42: removing an event on pppoe1, state=REQUEST Jan/23/2015 10:52:42: removing server (ID: 00:03:00:01:00:23:04:ea:23:18) Jan/23/2015 10:52:42: got an expected reply, sleeping. Just to show, that I get a prefix via DHCP-PD

What is the 504 coming from? It's not from the firewall itself. If you're doing it on a cell network or other network where there is a proxy, that's the proxy timeout message you'd get when nothing is answering. WAN net == WAN's IP subnet. WAN IP == WAN's IP.

@JasonJoel: Anything I can do/try at this point? Use the  "Reset webConfigurator password" feature from console/SSH.

The fun thing about networking is there are often several ways to configure something.  The trick is to know which is best.

Please don't post the same problem in more than one forum.  Check the Traffic Shaping forum for my response.

Assuming this is windows due to the "workgroup", is the printer wireless network printer or does it need to be plugged into a windows pc before it can be shared through the pc? Really need more info, like printer model to get an idea how best to proceed.

@dennypage: Of note is that the problem hasn't occurred in the last several updates… was anything done specifically to address this? I'm pretty sure the problem with the nut package was fixed, which seemed to be the root cause of the delay.

And to answer your prior question… With OpenVPN you can assign interfaces to OpenVPN server instances then, on that interface, perform 1:1 NAT. So you would be connecting to distinct IP addresses and they would be NAT translated.  You'd still have your work cut out for you.  They would all have unique IP addresses as far as pfSense is concerned.  On the ones that are the same scheme as the local pfSense networks, you'd have to translate both source and destination IPs.