I had a similar issue the day I upgraded to v2.3.2 back in July…. and I'm still convinced something changed, but that's another conversation. As soon as I upgraded to v2.3.2, the DNS forwarder stopped resolving.  I tried both the resolver and the forwarder to no avail.  The fix for me was to deselect "ALL" from the interfaces section and manually selecting my "LAN" interface.  As soon as that was done, DNS started resolving again and my issues went away.

If you setup the DNS domain overrides to forward internal DNS resolution properly and use DNS hostnames rather than IP addresses on your clients for internal resources properly, it should be fairly seamless to migrate the servers since there's effectively no changes to be made to the individual clients. If you use DDNS hostnames, even remote warrior VPN configurations won't need changes - just switch the DDNS updates over to the new site.

"How do IT learners fix their Wi-Fi (add extensions)?" Huh?  People that want good wifi install properly placed AP.  They would connect them to their switch..  They would not try to bridge interfaces on pfsense?  It takes all of 5 seconds to get an AP up and running on a network.

@Derelict: @stormrage: Could I make this so that the subnet can be changed when it reaches my pfSense box? ModemRouter(192.168.1.1/24) >>                                                [WAN1]>    pfSense (10.0.0.1/22) ModemRouter(192.168.1.1/24>Another Router(192.168.1.1/25)>>  [WAN2]> I can add another router infront of WAN2 so that the subnet can be changed when it reaches pfSense box? ModemRouter(192.168.1.1/24) >> [WAN1]>    pfSense (10.0.0.1/22) ModemRouter(192.168.1.1/24>Another Router(**192.168.2.1/24**)>>  [WAN2]> More like that - sure. Thank you! I will try that and return with the results :)

@Derelict: I would like to know how would you do with using pfsense as your main ISP router / firewall. Do you need any support from the ISP ? The absolute best/proper thing to do is have the ISP assign a /29 to your WAN interface then route the /28 to an address on that. That address being your WAN interface address. (If they need you to justify the /29 tell them you need at least 3 addresses there for your High-Availability setup.) Then you just number the DMZ with the /28 (or a smaller subnet of that, leaving the rest for other purposes) and disable NAT for it. And you're done. Any other solution involves yucky things like Proxy ARP, 1:1 NAT, and bridging. Thank you very much this was the answer of my question.

Have you looked at the ntopng package? I find it quite comprehensive in telling me who did what etc.

In normal there are three common ways to solve this out. PBX like Asterisk inside of the DMZ (APU2C4, Raspberry PI,….) STUN Server outside in the Internet or on the ISP side SIP-ALG inside of the Router or Firewall (likes the SIP-Proxy package for pfSense) Asterisk VoIP Siproxd package VOIP configuration PBX VoIP NAT How-to Here are some other peoples speaking about they get it right done! Overview on configuring pfSense Firewall/NAT for VOIP SIP phones?

I´m not pretty sure about what´s happening, do it is necessary some kind of optimization, some parameters need to be modified?? In normal you will getting out something between 2 GBit/s and 4 GBit/s from a real 10 GBit/s connection, pending on the used protocols and services and yours 3,7 GBit/s will be then optimally placed in there and underfeed that clearly fine. So if you want to tell us more about your real hardware that is used, we might be able to come more to the one or other point. As an example, if you are installing a Chelsio T520 NIC that is really good driver sorted under FreeBSD or pfSense, it would be perhaps showing up other results then yours. If you are using Intel Xeon E5 dual CPU set up it could really be that you will have a good chance to handle that amount of speed fine. But please don´t get me wrong here at this point, it will be nice to know what throughput you will archive through the pfSense firewall using NetIO or iPerf v3. Is this pfSense installation a native install or inside of a VM? What CPU @0,0GHz and cores is that installation build? Can we achieve 10 gigabit speeds using OpenBSD or FreeBSD ? [flow 1]  0.0-30.0 sec  32.7 GBytes  9.35 Gbits/sec [flow 2]  0.0-30.0 sec  31.8 GBytes  9.12 Gbits/sec To get 10 GBit/s in a test environment let you get out in the real life perhaps between 2 GBit/s and 4 GBit/s pending on the use protocols and/or offered services. For sure this can be differ each from another based on the used hardware and the done tunings in the software. Perhaps if you have the luck and they (pfSense team and/or developers) helps you out you could be doing some real life tests for them, because not all cases and environments are identically and so they are able to get also more out about that!?

Thanks for the info. I didn't realize that was possible. For now, since I can relatively easily accomplish my objective using mirroring to another virtual host, I'll stick with it, but it's nice to know there are better solutions.

RMA the shitty modem. Absurd.

And this happens only on networks with both IPv4 and IPv6… Probably phone with crappy wifi chip or firmware...

I should add my WAN is PPPOE, does that account for it ?

Thanks very much working great now appreciate your help  ;D

What sort of firewall/router exists at the remote office? What softphone are you using? What about the firewall on the softphone PC?