It is. For the first one, you'd have to push a route to the client for that particular website. You can even push it by dns name, but you have to set manually in the installed OpenVPN client's config the allow-pull-fqdn parameter. For the second one, it works out of the box. You'd create two OpenVPN server instances (running on two different ports) for the two types of users. Assign the created server's tun interfaces as pfSense network interfaces, and then you can apply firewall rules to them as usual (for the first one to only allow access through wan, and for the second one allow acess through the second nic lan). You'd have to set up hybrid NAT too, for the first one to access that special site from behind the VPN tunnel.

The 100baseTX will only be there if you set it there. The only possibility outside of explicitly setting it on that interface that I can think of is this issue where interface assignments with VLAN changes can end up shifting, in which case maybe a VLAN ended up changing assignment to another interface that had 100basetx set, but that doesn't sound like the case. https://redmine.pfsense.org/issues/3209 situation described in: https://redmine.pfsense.org/projects/pfsense/repository/revisions/1c32fb7e988fae89cf2da474778f39bcdd8a8656 Guessing it's more likely you're assigning a VLAN to an interface that had 100baseTX set.

If the mtu is 4 byte smaller it most likely has to do with the vlan128 you have on the wan. This will be the vlan tag:  Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI) So this indicates you will have a subinterface 128 on your wan, and the default gateway is .178. I would expect this at the provider side, but you wrote you hit the webinterface of the vigor at that address. The subnet you have with 255.255.255.248 mask has network address 178.x.y.176 and usable adresses are .177 to .182 Normally a default gateway woud be first usable address. (.177) Can you find a static route to 0.0.0.0/0 in the vigor pointing to 178.x.y.177 ? The ip addres the vigor gets via dhcp might only be for fiber to manage the device through.. What you could try with pfsense is to make the wan ip address .178 with subnet mask 255.255.255.248 (in the subinterface 128) You than would need to make aliasses for the public adresses on the wan side, and nat your internal ranges to these aliasses. So 192.168.1.0/24 to .181 192.168.2.0/24 to .180 192.168.3.0/24 to .179 See this: https://forum.pfsense.org/index.php/topic,64387.0/topicseen.html I think you not need that dhcp stuff at all, as the vigor is not longer used.

Oh okay then I will try. Thanks. I will keep you posted

@deajan: Hello, as you're using a CF card, you have a NanoBSD setup which won't be of great use if you intend to use Squid or any other disk space hungry plugins. The best advice I can think of is to make a clean install and restore the config file from the NanoBSD install, and then reinstall the packages. Yeah I decided to do that, moving files would most likely cause major issues in the future. Thank you!

Thanks for the advice, I know linux can't deal with GEOM and slices as in FreeBSD. The funny part is that CloneZilla is supposed to deal with FreeBSD partition scheme, but can't handle pfSense's one. Anyway, this was my quick and (really) dirty solution to handle my problem in a couple of hours.

@shaharhd: I followed this: https://www.netgate.com/docs/rcc-ve-2440/pfsense.html You're fine. The bits weren't technically all wiped from the drive, but your reinstalled OS can't read any of them that remain.

figured out: https://www.netgate.com/docs/rcc-ve-2440/pfsense.html

thanks Divsys the disk usage command screamed that /var/log was the culprit consuming all the free disk space. I will dig deeper and rotate the logs…after Easter. My intention is to move the /var dir to the separate free space partition on the internal mSATA drive. There's plenty of disk space there so why not!? have a great Easter everyone.  ;D

FIXED! Yea….motherboard was same... ;D I took out the PCIe card and ran the live cd again. This time only showed the one PCIe (re0). Thanks for your quick help!

You will probably need a managed switch to do this with one physical interface. I don't get it though. With only one NIC how are you connecting both the AP and the modem?

The packages should reinstall but will take more time. System > Tunables will migrate in the config. You'll want to manually copy loader.conf to the new system. Restoring a full backup and restoring a config file to a new install are two different things.

You can't put the same IP subnet on multiple interfaces.

My gut tells me both technologies have improved (and continue, I'm waiting for Nantero to reveal a commercial version of their product - exciting possibilites). Any rough analysis will tell you a USB stick will never outperform/outlast a SSD if their from the same generation. The SSD is supposed to be hard drive storage for laptops/desktops/servers, etc. The USB stick is supposed to be convenient storage you can carry around and plug into various things. There's lots of overlap in their design criteria, but there's differences in their intended usage which makes SSD what you want for a pfSense box.

That's not what he's asking for. DNS running on the second pfSense interface (OPT1) doesn't matter because it will only do anything if the hosts on that subnet have it configured as their DNS server. Just don't do that. You could, in fact, set your hosts to use the DCs for DNS then have the DCs forward to pfSense for actual Internet DNS resolution. When you create an OPT1 interface a DHCP server is not created automatically so there will be no DHCP server so no problem. If you want to just use LAN that was automatically created, got to Services > DHCP Server and disable it. Configure your DC DHCP server to give your AD clients the addresses of your DCs for DNS. Neither has anything to do with whether you have internet access or not, other than without good DHCP and DNS, which should be provided by the DCs, the internet won't work.

I just upgraded a pfSense 2.0 install to pfSense 2.2.x and I'm seeing the same issue. My real gateway is not listed under RRD Quality instead I see an entry called WAN_DHCP without any stats at all. I've never used DCHP for the WAN connection on this setup so this puzzles me a bit. I'll report back if I manage to figure out a workaround or fix. Edit: Turns out my gateway had the "Disable Gateway Monitoring" option checked, when I removed it the real gateway showed up in the list above the RRD graph.

To me the one untagged isn't really a virtual though.  It's "native" (for lack of better term) or real, or physical, etc. and requires no vlan technology, capability or processing.

Thank you to all, for the consensus reply. VLAN's it is then. Kind regards, jB  8)

Choose the custom install option and define a / partition that's smaller than 64 GB (probably put the rest on /usr/).

nah about to look over it , been setting up alot , but AP it is :) thanks guys