Did you already create a port forward rule on wan that opens UDP Port 5060-5080 and RTP port 10000 - 20000? It is required for the VOIP to work on. Also I noticed that subnet of your LAN and WAN that you have configured for your pfsense is the same subnet. Did you already tried to change the network of your LAN? Try to make it 172.xx.xx.xx or any private IP Address that is different from your WAN Subnet. Hope this can help you

Hi Hoe, Please be inform that my issues has been resolved now. I have do the following methods. 1. Change the Firewall Optimization Options to "Conservative" on System > Advanced > Firewall & NAT (PFsense Side) 2. "Unchecked" the Clean Up Active tunnels when Peer Gateway DNS name resolved to different IP Address (Sonicwall Side) 3. Unchecked everything except for "Enable Keep Alive" on the advanced settings of the vpn setup on Sonicwall. Please refer on the attached screenshot as reference. [image: 1.png] [image: 1.png_thumb] [image: 2.png] [image: 2.png_thumb] [image: 3.png] [image: 3.png_thumb]

For the details of the Windows VPN Client settings have a look here: https://wiki.strongswan.org/projects/strongswan/wiki/Windows7

By me phase 1 could not be finished on IPv6 single stack VPN on pfSense 2.4.2-p1 if the host was behind another firewall: https://forum.pfsense.org/index.php?topic=145581.0

It is possibly as long as only one side need to be able to "open" the tunnel, much like in Mobile Client setup. With IKEv1 you need "aggressive" Mode at least with PSK, with IKEv2 you simply have to use a ID other the the IP address.

In case anybody else hopes to try this, I have just been on a chat with NordVPN, and they told me that not even their experts had managed to get that working. They were hoping that it may be possible in the future, maybe with a change in pfSense. I have no idea what kind of change that would have to be, but so far it seems like I'm out of luck.  :(

No, that is not possible.

Without seeing your settings and more log entries, no. My crystal ball is currently malfunctioning.

Awesome, thanks so much!

There is no such limit on pfSense or with IKEv1. Probably hitting a limit on the ASA. Depending on how the P2 networks are arranged you might be able to summarize them to reduce the total number.