It’s generally recommended to avoid using the Virtual IP (VIP) to access the GUI for security reasons. The VIP is typically exposed to more traffic and potential attacks, so accessing the GUI through it could expose sensitive administrative interfaces. Instead, it’s safer to access the GUI from a management interface or VPN that’s not directly exposed to the internet. When you route all traffic from the Test subnet through the pfSense firewall using a specific LAN IP, you’re essentially creating a single point of failure. If you want to use the VIP (10.0.2.101) and still have the traffic appear to come from the load balancer’s public IP, you’ll need to ensure that the VIP is correctly configured for outbound NAT and that the load balancer is set up to handle outbound traffic from the VIP address.

Hi, Because of the differences, is it still a question for me which pfSense version is this? (for example, it's a difference...) [image: 1589966065569-a5e04914-dd2a-4541-837e-1c1e7326f70d-image.png] The second important thing is server mode (you use TLS), but that's all I see: [image: 1589965625870-a4666822-e747-4e05-9657-82e796510e7c-image.png] instead of: [image: 1589965661226-0b4e10a0-be71-4b2c-ad2c-d118a3478c69-image.png] I don't see your own cert for the connection either: [image: 1589965717587-8b5bbbd9-235b-4183-94a3-d0bd6e1d3d4e-image.png] instead of: [image: 1589965778044-8fd16d58-39b6-45f3-a24c-c4f941401cf3-image.png] like: [image: 1589965880180-ff6291f2-6a01-4d33-866c-1f5c2019df89-image.png] and even a VPN User is required: [image: 1589965936182-3397cc2b-5bbd-4e55-933a-bccc0f134c07-image.png] with: [image: 1589965989354-a4585c69-0d7d-49a8-8bc9-792285643332-image.png] exactly where does the DNS (10.0.1.31) point?? this is the box itself or a separate DNS server on the network

No idea. But doubtful. If the docker-hypervisor relationship is completely ignorant of the guest OS then maybe, but I wouldn't hold my breath.

I want to make tunneel between pfsense and vps, I have no idea how to do that. Kindly help

@Rico sadly doesn't seem to solve the issue. I deployed the OpenVPN on ubuntu behind the firewall and forwarded the port, now I got it working. I am not sure why it's not working, to be honest, but the fact that it worked for a while and that its very slow without using any resources makes me believe something is unstable there, possibly with how my hosting solution manages VM's. Anyway thank you for all the help.

Open a ticket with the support, they can 100% help you out. https://go.netgate.com -Rico

@Rico word! i do not need to unserstand why i would do this ;) CSO local networks but here in ausrtia a lot of things are possible ;)

Yes the netmasks are all /24. For now it is 1 peer for testing. But in the future i would like to have the possibility to add more clients. The following is what I'm trying to accomplish: [image: 1586624098701-test.png]

@onlyfor1question said in pfSense installation hangs at a certain screen: @NollipfSense I just tried using that and I got the same error. Sounds as if you're having hardware issue...try pfSense 2.4.5rc to see whether you have the same exact issue.

I suggest you post exactly what the ISP provided to you regarding how they provisioned IPv6 to you.

There are ways to do this by sending logs to a remote syslog server and using third-party tools to scan the firewall log entries. However, be forewarned this will get very old to you very fast (getting alerts/emails for every unwanted firewall access attempt). A normal firewall will see dozens to maybe a few hundred connection attempts per day on the WAN side. Even if you limit the alerts to just a handful of ports, you will soon grow very tired of your email app "dinging" with new mail messages ... . I say this in a nice way, "you must be new to firewall administration"... . This is usually the first thing a newly minted firewall administrator thinks he wants until he has it, then he quickly turns it off.

The entire running config can be backed up from Diag > Backup/Restore. The file is /conf/config.xml if you're digging through the filesystem directly. https://docs.netgate.com/pfsense/en/latest/backup/index.html Steve

@akuma1x Cheers for getting back to me and sorry about the delay in reply. It turns out it was nordvpn in the background. I had it set to "NOT" auto-start with windows, which it wasn't and there was no icon in the app tray but when I went into task manager there was some part of it that was running in the background blocking all Lan traffic but not wan traffic. Really weird, and hard to diagnose! I turned on nord's auto-start with windows feature and turned it off again, rebooted and everything was back on. Really annoying, not happy with Nord.

Well it is up to the ISP device to provide reasonable support for a customer-owned firewall device while still providing the necessary IPTV, etc functionality.