Quite a stupid mistake!  But indeed, it's working now! Thanks a lot!

@Wasca: I've got my problem sorted but it was a little strange. I was connecting to the SIP server (Switchvox server) via an OPENVPN tunnel. The tunnel was using UDP. I changed it to a TCP tunnel and now I can make inbound and out bound calls over the tunnel. After doing some packet capture it looked like my UDP SIP/SDP Invite packets being sent by my SIP phone was getting dropped some where so they were never hitting back at the Switchvox PBX while the tunnel was using UDP. As soon as I switched the tunnel to TCP all was good. I vaguely remember reading something about SIP and UDP in PFsense being a problem, can anyone enlighten me? No such problems. Sometimes you have to change NAT settings depending on your provider and your specific circumstances but that's not relevant in this scenario. The only way changing it from TCP to UDP would make any difference is if the tunnel wasn't functional at all over UDP (something blocking it somewhere most commonly why) and worked with TCP.

Do you have a big problem with arp spoofing then? What sort of network are you using this in? @http://en.wikipedia.org/wiki/Network_switch#Configuration_options: Managed switches — These switches have one or more methods to modify the operation of the switch You can connect to the switch configure it for your network. Typically you might use VLANs or QoS options. Some such switched have: MAC filtering and other types of "port security" features which prevent MAC flooding In order to prevent an arp spoofing attack you need to stop a malicious client machine sending out arp packets announcing that the gateway IP has changed MAC address. Or at least prevent those packets reaching your other clients. The only way to do this is at layer 2, typically the switch. You set the switch to filter and arp announcements for the gateway IP other than the correct MAC which you have set. I'm still not sure what you mean by MAC Vulnerability. Do you have a link to the Mikrotik forum explaining it? It sounds like possibly you are referring to a paid access captive portal arrangement. Clients spoof their MAC address in order to get access that someone alse has paid for. Is that it? Steve

@cmb: that's never been permitted. can either very carefully manually edit the config with viconfig and make sure you don't orphan any references, or backup the config and do the same edit and restore it. Hi cmb, thanks for feedback. I found out that if I rename the interface under INTERFACES from eg. OPT2 to WAN3 then the gateway in ROUTING is called WAN3. This is working if the interface is in DHCP or Static mode. When it is in PPPoE the name is "OPT2_GW".

Since it's not in production yet, I just boot it when I'm tinkering with it, then shut it back down.  However, this error seems to have gone away since I fixed my fstab entries the other night (pfSense was originally booting off /dev/d1s1a because it was installed from USB stick, but after removing the stick, it moved to /dev/d0s1a because of the way my BIOS handles USB devices as hard drives).  Not sure if that was the underlying cause, or just coincidental.  Now OpenNTP goes through its thing in like 5-10 seconds. Also, at one point I had the box running with a USB NIC too, but switched over to the onboard and had left the configuration the same between the two.  I finally unplugged the USB NIC the night I did the fstab thing, until I'm ready to use it again… so I'm wondering if maybe OpenNTP was trying to route over the (not-connected) USB NIC. Anyways, it seems to be behaving for the time being :P

@cmb: get a packet capture of the ICMP that apinger generates and check the timestamps. I've never seen it be anything other than accurate. OK today we had a power outage and the both pfSense servers were restarted, and now it shows the right latency. I didn't change anything. That was weird, a windows-like solution :D

@podilarius: I am not sure why Endian would work and pfSense not. Have you left advanced setting alone and tried just standard MTUs? If you have installed any packages, remove them and restart. You want to get to where it is working and then make one change at a time so that you will know what is causing the problem. Actually I have tried no MTU settings, MTU settings on the LAN / WAN and I have installed no packages.  I am a firm believer in starting from scratch but out of the box in my scenario doesn't work.

That means the system clock went backwards for some reason. Isn't related to anything other than generating RRD data. System clock should sync via NTP periodically and that should get the data being collected properly again, though the system clock in some systems will drift significantly which may not be easy to work around (BIOS update or disabling ACPI in BIOS most commonly fix significant time drift if that's the case). Generally the quality RRD graph is the best place to look for connectivity problems in the past, but depending on when your system clock went nuts,you may not have that data.

It must not be the CF card then. It started doing this not very long after I built the system, so it's probably not write cycles anyway. I suppose it could be that some hardware was bad out of the box, but it was working fine at first, so I don't know. @cmb: if it were the CF you'd be seeing at least some errors in the logs, and usually a ton of them. Write errors, timeouts, something on adX or daX depending on what your CF device is.

Logging them to syslog is generally preferable. Even logs may not be telling at all though. First it's about general network troubleshooting abilities - what can you get to, what can't you get to, narrow down the problem as much as possible and troubleshoot from there. It could be any of a million things, many of which don't generate logs, from the description here.

I already spent a good 5 minutes searching and i couldn't find the answer, hence the thread.  Had the ISP waiting on teh phone so had to get a fast answer which i did thanks to mibovrd

The rules do not set a DSCP value, they only match a value that already exists in the packet. It would show up in a packet capture if the packets have already been tagged by whatever originated the traffic.

luke240778 - I am still a noob and dont't have your answers.  Since my last post, I restarted snort BUT with the "block offenders" checkbox unchecked.  This wreaked havoc on my system.  I am still reading docs on Snort and hope to be able to enable "block offenders" soon.  I have been running smoothly for 24hrs with Snort running. Sorry I couldn't help further. Brad

and ping is ICMP echo request, allowing only TCP will block pings.

Thank You jimp. My Bad. This makes sense now. Barry