@johnpoz: Look at the thread he linked too - sorry but a dns server that does not answer recursive queries has nothing to do with pfsense. Refering to my link? DNS Forwarder is part of the pfSense install.  DNS Forwarder is not answering queries from clients on the LAN.  This is a fresh install with no packages and no changes outside the setup wizard.  And it does seem that a number of people are having connectivity issues after upgrading their boxes. Not sure how thats nothing to do with pfSense. I think what Im seeing so far is that a couple of us have the " Allow DNS server list to be overridden by DHCP/PPP on WAN" box unchecked.  In my case the WAN of this particular machine does not get its address via DHCP and has to be set static.  When I get home I may try and play with this setting on my other 5 installs and see if I can break any of them. https://forum.pfsense.org/index.php?topic=82479.0 https://forum.pfsense.org/index.php?topic=81086.0

Really thank a lot to all

In order to pass and actually direct VLAN traffic through a switch, the switch must understand VLAN tags, in other words support 802.1Q. Most (all?) of the unmanaged switches don't support it. I would recommend getting an extra nic (which isn't very expensive by today's standards, hell you can even get an intel pci one for $10) and run the AP off that. PCI maxes out at about 1Gbps, which is nowhere near what the AP will pull through. Even using, ah what's it called…MIMO?, it might even pull up to 600Mbps under the best case scenario. Scratch that, later saw the actual build. In that case you either have to go with a managed switch (even the cheapest will do, as long as it supports 802.1Q) or consider a different build for pfsense that will give you a bit of leg room to grow in the future.

Hello, So, after upgrading to 2.1.5, recreate the whole vpn pptp configuration, make again the radius (NPS) Policy rule, the VPN is working. But I still not understand what happend because the packet (radius request and accept) are still the same  :P Maybe a small error configuration ? certainly. Thanks again to jimp for his help. See you.

From what proxy are you downloading the file from – your pac file give 10.122 address, while your wpad points to 10.1.2.1 (pfsense) When a browser is setup to auto detect and it finds a wpad dns record - it well then download the pac file from there.. [image: RtntJRb.png] Dude other than you just giving me control and letting me fix it for you in 2 minutes I don't really now how else to go over this with you…  This is basic 101 sort of stuff here ;) Why do you have so many different threads on this same topic??  Do you forget where your old threads are?? How do your clients connect to the wan proxy your using - are they all manually setup with explicit settings?  Why can you not just pull the pac from there, setup wpad or dhcp option 252 to hand out the info for that proxy.. You mention this in your other thread "I cannot configure the LAN interfaces with the same domain as it cannot be found." What???  You can configure a machine with whatever domain you want -- you showed it your ipconfig /all that the machines are in this wifi domain. Host Name . . . . . . . . . . . . : Aroosh1         Primary Dns Suffix  . . . . . . . : wifi-systems.com So its doing to do a wpad.wifi-systems.com  and try and pull the pac file from there!!!  Not your other proxy.. If you want it to pull the pac wpad.dat from your other proxy - then point wpad.wifi-sytems.com to that proxies IP..  If that is where the pac file is housed.

I had comparable symptoms (hanging on login) with a Firefox ESR 31.1.0 (opensuse 12.3 64bit), but both machines didn't go to 100% CPU (iirc, other applications worked fine and the machines are in general slightly overpowered). Deleted CompanyName CAs and the machine went back to normal, but again without distrusting the pfSense certificates.

I have one WAN interface and 2 LAN interfaces configured through pfsense. The reason for 2 LAN interfaces is one for local network communication and throughput SNR testing. For the LAN interfaces, I do not have any gateway configured. And the machine that i have taken the ipconfig from, has a static IP and hence I configured the gateway accordingly (10.1.2.1 - no idea why it did not show up). The issue is in pfsense, I have assigned the LAN interfaces static IPs of 10.1.1.1 and 10.1.2.1 and also assigned DHCP server to serve different subnets. But this machine had static IP configured (10.1.2.20) and I am not too sure whether I should be configuring the IP configuration and DNS myself, or just leave them to be set automatically by the DHCP server. So the domain that I have configured the pfsense box is called wifi-systems.com and I cannot configure the LAN interfaces with the same domain as it cannot be found..it's just a random domain…the network is actually not a part of the domain. That being said, I am not too sure how I could leverage my clients to point to that domain when it cannot be a part of the same. The reason I am pointing to googledns is because I do not have a dns server on the wan side of pfsense. With the correct proxy settings (IP and port) configured in the pfsense box, I am able to get the pfsense box through the internet as I see the message "You are currently running the updated version". But when I am trying to leverage my clients to be able to use the same proxy settings, my clients cannot connect to the internet. Hence I tried setting up WPAD but that failed too :( Could you please let me know is tehre any step that i need to take? Sorry for the trouble, I am actually really new to pfsense.

AsterisksNow = Simplicity… The new one comes with fail2ban running already - which is nice.

you could use a distro like http://pbxinaflash.net/ or http://www.freepbx.org/freepbx-distro and create blacklists to block unwanted calls.  Both are excellent choices but I prefer piaf a little bit more.  if you run into issues the piaf forum is an excellent resource. As for cards I prefer Rhino http://rhinoequipment.com/analog.aspx  but they may be overkill/priced for a home environment. For home use something like the obi 110 should be a good solution  http://www.obihai.com/product-primer

Everything works great! Thank you so much for all your help!

Sorry about the delay, I was away for a few days with only a tablet to write with. Ok, so you want to have an additional interface that will host a wireless access point. You want want clients on that interface to have access to the internet but not to any machines on the LAN interface. Do you want wireless clients to be able to access the pfSense webgui? I will assume you do not. Two ways of achieving this you can allow access to everything and then block access to what you don't want or you can allow only access to what you want. I choose the latter because it involves less rules (faster processing) and is more logical to me. So, by default pfSense will block all new connections coming into an interface so without adding any rules to OPT1 wireless clients will not be able to connect to anything. We need to add rules to allow only connections to the internet. I have an almost identical setup on my home box, the difference being I have a lot more internal interfaces. I first setup an alias that contains all my local subnets Firewall: Aliases:. My alias is called LOCAL and for simplicity it's set as 192.168.0.0/16. Now set a firewall rule on OPT1 Protocol: IPV4 Source: OPT1 net Port: * Destination: !LOCAL    (the ! indicates NOT here) Port: *                              (you could limit this further by using a limited range of ports here) Gateway: * Thus only connection to addresses outside your local subnets will be allowed. This works fine BUT if your using the pfSense DNS forwarder (which you probably are) then you need to also allow access to that. Add another rule to OPT1 Protocol: IPV4 Source: OPT1 net Port: * Destination: OPT1 address Port: 53    (DNS) Gateway: * And you should be good. If you test you will find that clients on OPT1 can still access the webgui on the WAN address because the web server listens on all interfaces. If you don't want that add a specific block rule at the top of the list to block it. Attached is a screen shot of the rules I have on my wifi interface. All the additional rules allow access to further services but only the two I described above are necessary for internet access. Steve Hmm still can't attach files so here's a linked image: [image: Wifi1%20Rules.jpg]

@stilez: I had stuff here that was causing similar issues a couple of years ago, with pfsense 2.0.x.  The advice above matches what I found in the end. Some more things to try: Check the system RRD graphs, especially quality. A big issue for me was that dropped packets rose from 0.2% to 35-40% under heavy load, if the config didn't allow enough resources.  Worth checking if that's part of your issue. I got frustrated with this and ended up turning the esxi box off (and pfsense along with it). I set it up about a month ago because I had an assignment for uni where I need to build a test domain environment. Anyway I got pfsense running again with clients all using pfsense. I still had the torrenting issue. But I noticed the ram usage was high, even though I gave it I think 4GB of RAM. I decided to turn RRD graphs off. Problem solved! For whatever reason, the RRD graphs were killing my browsing for clients, as well as killing the reverse proxy (squid would just stop, service would NOT restart). Hopefully this might help people in the future!

Done!…..  :D :D :D :D...... Thanks so much Pfsense friends!