@hda: Did you see these ? netwerkje.com/eigen-router haroldschoemaker.nl/2015/07/eigen-router-achter-een-xs4all-vdsl-aansluiting-3/ https://forum.pfsense.org/index.php?topic=104809.msg584237#msg584237 @David_W: A switch will do what it is configured to do - tagged operation on a VLAN, untagged operation on a VLAN or no access to the VLAN. In this case, the VDSL bridge's Ethernet port needs to have access to VLAN 4 and 6, both tagged. pfSense needs interfaces on both those VLANs - the most efficient way is to use a single switch port (or lagg group, if you have such a thing) with access to VLAN 4 and 6, both tagged. The switch must be configured to match what is plugged in to the ports. For access to the VDSL bridge's management interface, you will probably need access to a third VLAN unless the bridge has a second Ethernet port for management purposes. If the management VLAN must be untagged, you must set the PVID of the switch port to the ID of the VLAN you intend to use for this management interface on your switch as well as configuring the port to have untagged access to the relevant VLAN. Though I'd get one thing working at once, if you have sufficiently recent firmware on your Vigor 130 and the network interface in your pfSense box supports jumbo frames, I believe you should be able to use RFC 4638 to operate with MTU 1500 over PPPoE on XS4ALL. As of today, this support is built in to pfSense 2.3 builds (which reach beta status today) - all you have to do on 2.3 is set the MTU of your PPPoE interface (likely WAN) to 1500. I've made an unofficial patch for 2.2.4, 2.2.5 and 2.2.6 - amd64 full installs only. I'd upgrade to 2.2.6 before trying this. Thank you both for the comments on this. The solution was indeed to tag the vlans on the switches. It all works now. Thanks again!

It happens to me too on Linux when using netdiscover: sometimes some device is not seen. But I think it is normal: this list is not exhaustive, because it depends on the method(s) used to detect devices. Even nMap sometimes does not detect an open port that is really open, i.e: 22TCP is shown as filtered, but if I try to log via SSH, I success. When I reviewed about the matter sometime ago, I found a brief explanation about the several methods that detect nearly 100% each device in the LAN at the websites of dSploit and zANTI2 for Android: ARP scan, ICMP ping… etc. Anyway, NetDiscover/ARP-Scan partial search is enough for me on most cases. Thanks you, JohnPoz.

I run RASPBX behind NAT (pfsense) and am able to connect both laptops and mobile phones remotely. If you are able to connect to other applications over the IPSEC tunnel then you be good to go. Here is what I did. 1. Port forwarded 5060 to RASPBX IP for SIP messaging. 2. Port forwarded a RTP port range for the audio traffic. The size of the  port range is  dependent on the number of users you have. In my case I forward a range of ports starting at 10000. 3. pfsense auto created the firewall rules for the above. 4. Ensured that the remote clients were programmed to use the ports in #1&2. Don't assume that they are. my BRIA mobile sip app was using some other ports and had to be reconfigured. 5. Set up an IPSEC VPN same as the OP. 6. Confirmed that I can connect with  Android and IPAD versions of Bria and a Mac application called Telephone. 7. Just for kicks I also tested allowing SIP requests from my cellphone IP address directly through the firewall to the RASPBX. (No VPN). Also work fine, with caveat that my cell data plan provider always assigns the same IP address no matter where I am. I suggest that you get access to the SIP logs on the server to see if there are any transcoding errors or mismatched RTP port ranges.

Where are these logs? I'm very new to PF Sense. I've watched a couple tutorials and read some of the documentation  :-\

Someone already asked for a Smokeping package for pfSense but it didn't go anywhere.  You could run your own instance of *nix in a VM and then install Smokeping and use that.  Not as good as running it on the one appliance but better than nothing.

Hi! You can use OpenVPN in bridge mode for that. Add network adapter and bridge it with OpenVPN tap device.

Okay - so I have now fixed this and achieved what I wanted here is the final code: #!/bin/sh wget -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://192.168.1.1/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt wget -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=[b]MYUSER[/b]&passwordfld=[b]MYPASSWORD[/b]&__csrf_magic=$(cat csrf.txt)" https://192.168.1.1/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&__csrf_magic=$(cat csrf2.txt)" https://192.168.1.1/diag_backup.php -O config-router-`date +%Y%m%d%H%M%S`.xml rm cookies.txt rm csrf.txt rm csrf2.txt                                                                                                                                  ls -td *.xml | awk 'NR>30' | xargs rm  I got it to work by removing all special characters from the password, I wasn't sure which one was causing the issues as my admin password that worked also has a couple, but removing them all worked. I have put the user back to only have access to "Diag/Backup-Restore" page, and not the other login permission. I also added the last four lines: They remove the files created by the script, and the final line keeps deletes the old configs once there is more than 30 (I have just the .sh file and the .xml configs in their own directory). I will run a daily cron job on the FreeNAS box to run this script therefore having the last 30 days of configs saved. Its working in testing - but if anyone has any pointers on what I can improve (or may have overlooked) please don't hesitate to educate me. Also seeing as how I've started a thread and basically answered my own question, if this needs to be deleted so be it. But I've left this here for anyone else in the future. Cheers

@phil.davis: If this is unchecked firewall and NAT is turned off. Hence your outbound NAT didn't work. That sentence is the wrong way around, it should say: If this is checked firewall and NAT is turned off. Hence your outbound NAT didn't work. Yes. Sorry, my mistake.

@heper: a firewall is not the solution to DDOS. This. If you need DDoS protection there are companies out there that provide it. They are not cheap but they tend to work.

OSPF daemon in Quagga is actually two separate daemons, one for IPv4 and the other for IPv6. Quagga package on pfSense does not include any management interface for ospf6d (IPv6), so you would have to configure it by hand. Second problem is there are no startup scripts to make ospf6d start up automatically, you would have to modify pfSense startup scripts, etc for this to work.

Not sure, but is that the full command line? try checking the process with the following: ps auxww the 'ww' part will show the full command for each process.

Take a look at pfBlockerNG

Hello, I think I have gone back to the original slice via the console. If I boot it with verbose logging I get the following error…. Configuring firewall......t_delta hjdskhak789hjh too short I then can not access anything as it's not dishing out any IP's on DHCP. Any thoughts?

It's probably hardware (although memory is ok), as the machine started to reboot itself every hour or so… resolved by installing 2.2.6 on another box. Thanks anyway for all replies.

@David_W: You don't need to configure the authentication type. pfSense will accept requests to carry out CHAP, PAP or EAP. If your ISP requests PAP authentication, pfSense will carry out PAP using the username and password you have configured. PPPoE is, in most cases, as straightforward as configuring the username, password and PPPoE parent interface. Thank you. So it uses the correct authentication type automatically. That's great. I was wondering about this though because there was nowhere to configure it in the user interface and there was no note about this on the PPPoE screen.

Install the card Do a fresh and full install of pfSense 2.2.6 If the card is not recognized, try loading the "ex(4)" driver module for it. Alternatively you could try out; Install the card Install FreeBSD 10.1R and see if this card get recognized If not compile the driver from source code and then find out which .ko module is loaded for this card as driver copy this .ko module over to your pfSense when the card is installed and then load it Please make sure that the same FreeBSD and pfSense versions will be used to realize this. FreeBSD 10.1 > pfSense based FreeBSD 10.1 32Bit > 32Bit and 64Bit > 64Bit