@tunnlrat Wireguard is the bomb. You'll get way better performance over it than you will OVPN. Performance will ultimately be based on the power of your router CPU but you will likely be able to push packets at a great rate per second.

@stephenw10 Just a quick followup that I figured out the issue to this problem. The problem had to do with a rule cleanup that took place prior to the upgrade. While while the rules that were cleaned up didn't pertain to the VPN traffic directly, it did reveal that the rules specific to this segment's traffic were impacted by two specific issues. 1. The direction of the traffic flow since a floating rule that altered the gateway used existed. and 2. Quick match was not enabled which means the rules pertaining to the traffic were not being applied immediately and were PROBABLY being addressed by a rule downstream. some additional tcpdumps that showed the return traffic hitting the firewall on the new VLAN segment for the VPN, but NOT hitting one of our SERVER VLANS where the request originated. This pinpointed the issue as being firewall related. I didn't want to just dismiss it as a bug without further troubleshooting, but was running out of ideas initially. At any rate, all has been fixed and is working again. Thanks so much again for chiming in!

Could have potentially been this: https://redmine.pfsense.org/issues/13381 Steve

Hmm. Well that implies it requires UPnP. You could test that by disabling UPnP though. And that means it can't work behind double NAT. However if it works by simply disabling the VPN you should be able to simply route the console traffic past it. It seems likely the VPN is changing the default route on the firewall. Or perhaps causing UPnP to show the VPN interface as the external IP. Steve

@akinori said in Allow traffic: going to let traffic coming from LAN interface going out to WAN and vice versa? By default pfSense will pass all traffic out and in on the LAN interface. WAN blocks all inbound traffic by default and will allow all outbound traffic without any special rules.

Issue with the flux capacitor?

I would definitely test enabling (or disabling) flow control at the link level on the NIC. Some connections absolutely require that.

@johnpoz, I've done nothing for you to act so childish in this question and have provided what ever information I can but you just keep on making assumptions and even saying my info is BS. There is nothing mysterious here, it's just something where I cannot share the customers technology. They are doing something that's proprietary and that's that. The only thing I can share is my mention of UDP and that's where it doesn't work with a host, it has to be bare metal. Again, thank you for your help.

Yes, that sounds very much like you're hitting that issue. Try setting the supersede option and see if it returns.

@stephenw10 Thanks for the reply!!

The SIP server is on the same LAN as the phones. It used to be external but it's local now. Different lines use different ports, 5060, 5061, 5062, 5064 on 4 line phones for example but there's also just one phone.

Perfect, thanks! Everything appears to be working again.

@johnpoz Ok, that is great anyway. Really thank you.

@bengregory said in need help on pfsense setup on virtualbox: now i can't access gui from pc3 and 4 and can't ping pfsense and can only access the pfsense gui from pc in the virtualbox That's good. That's what I expect to happen unless you have added firewall rules to allow it on WAN and routes to the LAN subnet so PCs 3/4 know how to reach it. They should be able to access the pfSense GUI on the WAN IP if the WAN firewall rules are passing that. Anything you do to make PCs 3 & 4 send their traffic via pfSense is going to be a hack with that network topology. You should have them on a separate layer 2 segment. However to do that you would need to set the pfSense WAN as the default gateway on PCs 3 & 4 dircetly. Then you need firewall rules in pfSense to allow traffic from them into the WAN. And you need a custom outbound NAT rule in pfSense to NAT traffic from the WAN subnet to the WAN address. Otherwise you will have asymmetric routing. This would be a really horrible setup! Steve

@pirod said in new pfsense firewall blocks many websites: was on static ipv4 I guess. Not sure why. Well if it was static you would of had to have set the IP, etc It defaults to dhcp that is for sure. BTW - still waiting for where you see all the complaints with no answers ;) I see many people complaining the same and no real answers are given.

thanks.... Netgate Support got me sorted

@stepinsky you would need to edit the subject (ie your first post) then you can edit that and add a tag of solved, etc.

Now that Frontier has resolved the corruption on their end, my problem is now resolved. Thank you everyone.

@thedragon said in Problems restoring my config: Is there anything in particular that causes the second set of tags to be added? Yes, the specific software-related bug I linked to caused it. In the next release the double-tag will be ignored.

@stephenw10 hi Steve, the version I use is the 2.6.0. In the file config.xml I have tried only to modify the "username" On friday I will test the alternative format in the field "URL" in the config.xml file I will update you thank you for now! regards sblack