Not sure if your provider offers IAX instead of SIP. IAX is much more likely to work behind firewalls/NAT (are you absolutely sure that you only have these 2 ports open? that really sucks). Maybe just download a softclient using IAX to test if they offer it. If that works you might be able to setup an asterisk server that is linked to the other server through IAX and register your hardphones with SIP at your local asterisk.

diagnostics>states in the gui or for a more dynamic view like already pointed out by ermal pftop from the shellmenu.

I changed a simple home router (speedtouch) to pfsense just because i wanted lower ping on gaming and i did get it from 40~50 to 20~30 ms.
I a have one box runnig 24/7/365 (had a 1.0.1 version with 117 days of uptime) i am using the new release now.
Its more flexible and if the hardware fails you can have it running in less than an hour again with the same config

Btw, PPTP is encrypted whereas PPPoE is not. FWIW it's more secure using PPTP.

Maybe just resetting the modem would have helped?

Since your router can't do DHCP spoofing/Half-Bridge mode, I'd change the router's LAN IP to 192.168.0.1/24 and make the Pfsense Wan Interface 192.168.0.2/24.  Then set the DMZ on the router to route all traffic to the pfsense wan interface.  It's not pretty, but I have to use this solution; and I haven't had any problems with the double NAT translation–even with SIP (Voip) which is a pain when it comes to NAT.

Ah, found the "half-bridge" mode it in the ADSL router – it was called "PPP IP Pass"  as opposed to "NAT". I hear it is also called DHCP spoofing. Now if I could only find a cable modem using PPTP that does the same thing.  My biggest problem with these SOHO routers is their poor handling of large amount of states due to memory and cpu limitations.  Heavy, continuous loads cause them to slow down and need periodic rebooting, so I want to avoid their routing engines altogether.

Cheers,
Z

Then do a double nat. Set the modem in router/nat mode and search for an option called "dmz" or "expedited host" in the modems webgui. Assign the pfSense WAN IP there and everythig will be forwarded to the pfSense. The only things that don't work nice with such a config is the integrated dyndns client (as pfSense doesn't see it's real WAN IP anymore) and maybe IPSEC (unless you configure a different identifiers than "my ip address").

Hm, I also noticed by accident, thanks to the arse-backwards filesystem (bangs head against desk), that there are two php.ini files - the in-use one actually being in /usr/local/lib/php.ini, and another one in /usr/local/etc/php.ini. Not sure what the purpose of that is, but I'm going to guess that if I reboot after having mistakenly made my boot-time edit to ./etc/php.ini, I may now have my problem sort-of solved. Not one to reboot my gateway on a whim though, so I guess it'll have to wait til the next reboot. =P

Good to hear :)

Some devices need a reboot or manual arp cache reset when IPs change to new macadresses.

@GeeZuZz:

sullrich: I'm not sure what you mean by "monitoring ip" - you mean its a ISP problem? I'm not loosing connection every 5 minutes - it appears to be very random, but in average i would guess 5 minutes.

hoba: WAN is ADSL 2+ using PPPoE (static IP). WAN adapter is le1.

The main reason why i'm thinking it may be pfSense is because it appeared to work fine for about 12 hours right after i restarted pfSense the first time. But of course, that could be a coincidence… But i also think those spikes right before connection is dropped was a little weird.

Any other things i should check out before i contact my ISP?

Edit: I'm just using  "ping -t" from Windows to monitor the connection - and the last 30 minutes it looks like instead of connection going down, the ping time just goes up to 100-200ms for the same period.. Only went completely down one time ("request timed out").
Edit2: Now it just started to show "Request timed out" again... And it went down every 10-20 seconds the past minutes...

If you think it is the ISP, you can try this…..

open 5 cmd windows on your windows box
first cmd window ping your internal gateway EX: 192.168.1.1 -t
second cmd window ping your WAN port Static ip EX: 10.1.1.10 -t
At this point…you **"should"** not have any drops if it is your ISP
now the 3rd cmd window ping your ISP gateway IP 10.1.1.1 -t
the 4th, just ping something on the net EX 4.2.2.2 -t
5th ping another internet address EX ping 208.68.222.222 -t

run these pings for a while to monitor
If you can, isolate one pc on the LAN to do the testing.
If you think it is PFSense, take the box out of the picture by connecting your pc/laptop right to the provider device (with your windows firewll on ;) ) and setup your connection to the net…run the same test

Now, if you get drops past the 3 cmd window (ISP gateway) , good chances are that your ISP is the problem.
If you get drops on 3,4 and 5 all at the same times, check with your ISP.

You can also use something link ping plotter to ping these address over a timeframe and you will be able to check what time they dropped.

What does top report when that happens? You can run it from diagnostics>command or from the shell for a more dynamic view.

@hoba:

Yes, I have not used any of these solutions yet so I can't be of much help here.

Anyway, thank you  :D

i have this problem as well, packetloss on all interfaces. The difference in this case is, that i didnt upgrade to 1.2, i have a clean installation.

If this packetloss occurs, i cannot ping the pfsense box from the lan. It disapears by itself, if i reboot the box the packetloss is gone.

I removed some installed packages like ntop, will see if this fixed the problem.

@BigHusky:

Over the last year of trying to get pfsense (just base, without any additional modules) to perform properly it just became clearer overtime that in order for pfsense to be able to perform close to the proprietary appliances you have to throw in 'very' expensive hardware (expensive at the router level). We ran it on a 1.8GHz Athlon with 1 and 2 GB of RAM and tried various network cards. Everytime you mention here that you are getting very poor throughput going for example to another host on the same network as the WAN interface, etc. you will most likely be told you need to buy Intel Nics and all other Nics are pretty much 'crap'.
It turns out that even smallest routers and up to Cisco equipment don't have such 'highend' nics and certainly not such 'highend' cpu's/ram and still outperform pfsense in the same setup by a wide margin.
Unless you are willing to put in the money for all these items you might end up in better performance shape if you go with a PepLink or other multi-wan appliance.
I have high hopes for 1.3 and will be testing it again when first releases appear. In the meanwhile we had to take it out of usage.
Just some other thoughts.

But when you are talking about Cisco, Adtran, Sonicwall or any other pre boxed unit, they design the product around a specific hardware (including nics) and test that hardware.
I am sure that the engineers behind the pre built devices had to find the pefect match of performance and price that worked.

With a product like PFSense, you have to deal with many different Motherboards, CPU, Memory. BIOS settings, and yes NIC's. So yes, it is a bit harder to get the "perfect system"
but look at all the variables that are taken into play.

If someone recommends to use Intel nic, it is because you are getting the collective experience of other users and their success and testing.
I am sure no one is just saying get intel nics just so Intel can make more money.

I have used Many pre built boxes and you can certainly run into bottle necks on them also.

Look at it this way…..
If i have a Server that needs another nic, do i want to use something that has a proven track record or install a $15 off the shelf nic in a clients server?

@cmb:

This is already addressed for 1.3 though, with a complete rewrite of the traffic shaper that gets rid of this and several other limitations in 1.2.

Oh, sweet.  I plan to load 1.3 as soon as the beta lands, so I'm going to forget about this now. :)

Thank you.