You don't want to use the Quickbooks file direct over a VPN, it'll be WAY too slow, you could end up with data corruption issues and any number of other problems. I have a dedicated desktop VM for my company's Quickbooks and my bookkeeper has access via RDP. That's the only reasonable way performance-wise to do Quickbooks remotely.

Point 1 was the problem, that on the OpenVPN client computer exist two networks and network cards: a) Traditional LAN adapter (192.168.199.99) b) OpenVPN LAN adapter (10.10.10.5) But I was able to solve that with a client specific setting "Tunnel network" = 192.168.199.252/30. Now packets originating from this machine appear as 192.168.199.254, and that is okay for me. Point 2 is solved, too: I feared that the user at customers OpenVPN machine could be able to change his IP address to something else to get access to other networks, but if he does so, he'll never get answer- packets back from the server. Then I have everything!!! Thanks a lot to you dreamslacker, and everyone else who wanted to help on this topic, too. Hugo

My ISP has a so called "firewall" enabled by default on all clients. After my request they disabled it, and everything works fine now.

Yes ISP provided me a modem and I dont have a bridge modem. I got my setup working now by creating different subnets. Now  I can control filtering from Netgear and from pfsense box.

Edit the rule you want to log. Check the box to log. Save. That's it.

I was a little spaced out.  I reckon the ADSL firewall box has multiple VCs on the DSL and bridges one of them to the pfsense WAN.  So your options of actually trying to route using the DSL firewall are pretty much shot. If there any chance that you can get 4 usable interfaces on the pfsense box? If you can, then you need to setup 2 as WANs. 1 Public will NAT to the 2.0 subnet (3rd interface) The other 'WAN' would actually be connected to the DSL LAN and NAT to the 2nd private subnet (4th interface). You can then setup firewall rules on pfsense to allow communications as required between the 2 private subnets.  In this instance, you would simply DMZ the pfsense 2nd WAN address on the DSL firewall (simplest option if you don't quite understand the networking concepts) A pictorial representation: [image: pfsensenat.gif]

Doesn't exist there yet either.

looks like the problem was with ESXi, specifically needing to enable promiscuous mode for bridging to work. I'm still having some minor routing issues, but I think it's working as I wished now

@cmb: You have asymmetric routing so you need to check "Bypass firewall for traffic on the same interface" under System>Advanced. Sorry, should have mentioned that was already done.  Needed that the first day due to other routes in the network.

Reject == filtered Blocked == closed The note about TCP/UDP just means those are the only protocols that actually return anything for reject.

You add a rule that matches the traffic on WAN. If it's getting blocked, your rule isn't right. Post it.

Thanks. Good to know. Learning a new thing everyday.

Definitely something you want to drill down and figure out.  It could be something running on a laptop (assumption based on the fact that traffic was seen in your wifi network and then your LAN) that's causing the traffic.  It may be benign or it may be malicious.  Better to chase it down with wireshark as jimp (forum question answerer supreme) recommended.  Please post back with whatever you find.

please tag resolved issues in the subject line so people don't keep reading your post :)

I would probably suspect RAM more than HDD with a panic like that. Though the current process was "da-popb4smtp" - that does not exist on pfSense. I'm not even sure if any packages would include that. Was that something you installed?

Please do a little searching before asking questions: http://doc.pfsense.org/index.php/How_do_I_block_instant_messengers

ok… here's a weird fix that stop the "disconnected from chat server" problem. in my case what you can see in my setting... i just change the rule in port 11031 TCP (the hon chat server) to default gateway. at this point its weird because the game server port 11100-11500 UDP will pass trough gateway 192.168.1.254 and the port for chatserver 11031 TCP will go trough gateway default which is 192.168.1.251 set in wan link. the game works fine and the log seems to be clean and not much of port 11031 log problem. what i found out is that if i use the firewall rule to force port 11031 to go trough gateway 192.168.254. my firewall log will have a lot of port 11031 block by default ending with TCP:P / F / A... and game seems to DC almost every 3 minutes. i did try to play around with the firewall rule under "Advance option" -> state timeout in second of 24 hours(in second) and the game will dc from chatserver longer than before this setting is applied. if i dont do any loadbalancing in pfsense and leave the game to go trough the default port. no problem in firewall log with any port 11031 get to log. that's where i try to leave the tcp port 11031 to go through default gateway. and it seems to fix it. i guess the game server will log your ip in its table for the game purposes and the chat server will have a separate table of its own to log ip. it makes sense if we see theses servers as a separate objects in the network world (obviously they have different ip) and they works differently. one is for the whole game where it will receive mouse clicks, keyboard short cut and in game chat system and all of this are recorded and can be played in the replay links. and the other one is just the chat server the IRC for the client and some more advance command where you can follow or join game. as for garena messenger. when you login garena messenger click on hon game, garena will send and update the config of the game where the game will auto log you when the game runs. and after the game runs. you can kill the garena. and nothing happens. now i have different problem... sometime during in game... my character will run back to fountain and then DC... :-( this is bad... have you got this kind of problem?