Yep, right here (see attachment) under the Interfaces tab. [image: 1579800525307-screen-shot-2020-01-23-at-11.27.08-am.png] Your new LAN can either be an actual network port if you have an open port on your pfsense box, or it can be virtual (VLAN) if you want to do it that way. Then see here for some setup instructions for this new interface: https://docs.netgate.com/pfsense/en/latest/interfaces/interface-settings.html Jeff

I've couldn't detect what is not working, after upper comment the ISP installed additional router between pfsense and radiolink switch. Now we're using 176.xx IP for the WAN Interface. Thanks for all comments.

secondary [image: 1579702991761-screenshot-2020-01-22-at-14.16.18.png] [image: 1579702995562-screenshot-2020-01-22-at-14.16.45.png] [image: 1579703009108-screenshot-2020-01-22-at-14.16.52.png]

@johnpoz said in Creating a backup of /Root etc.: Why would you want to do this? Just back up the config, have some install media around... Worse case you install pfsense clean and restore you backup. You can just use the ACB as well https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html @johnpoz thanks for the input - here's what I'm trying to accomplish. I have some custom stuff that I would like to backup to a flash drive and be able to restore without depending on the network or another computer (just the pfSense box). Most of it is in root, and I have also created a user CUSTOM which is under /home/custom - I hope that I won't have to use it, but just in case something gets lost I want a fallback. Also note that as it stands the backup plugin can not backup root (see note above) - I don't know if Netgate is the maintainer or if it is someone else. As for the autoconfigbackup, I would love to use it, but I would rather have it point to a box inside my firewall - call me paranoid, but I keep finding out that things we thought were secure, aren't because of error or improvements in hacking tools. If it is never in the cloud, then it can't get stolen from the cloud. @johnpoz as an aside ". Worse case you install pfsense clean and restore you backup." - I it was just the base pfSense, I would agree with you completely .... but what about a use case where there are a lot of plugins? How does one make sure none of them have changed since they were installed/disappeared from the plugin repo? I had a problems several years back where I couldn't get the config to restore properly without connectivity, and I couldn't get connectivity with a working pfSense. I think that some changes have been made since then, but it is so long ago all I can remember is that I had a very uncomfortable several hours trying to get things back up.

Yeah it's like I said you can bridge the VLAN the server is on to the WAN. So: Edit the server VLAN interface and set it to v4 type none. Create a new bridge in Intercaces > Assignments > Bridges and add the WAN and the server vlan interface to it. Set the server to be a dhcp client. Make sure you have firewall rules on the server VLAN interface to allow the dhcp client traffic. And any other traffic you may need. Be aware that rules use 'Server net' will no longer be valid since that interface no longer has an IP or subnet. Add rules to WAN to allow whatever traffic you need to reach the VoIP server. Steve

You may need a route to 10.233.2.0/24 if that is not accessible via the default route but only then. I assume you can access the pfSense webgui from 10.233.2.4? Otherwise you would only need those routes to establish connections over the VPN from the firewall itself rather than from hosts behind it. Your screenshot where you have 10.233.2.0/24 in the P2, which is required, shows 0 packets in or out on it but it also shows as established for 0 seconds. If you have that up, or both P2s there, and send traffic from either end do you see the packet counter increase in either direction? Steve

@jimp Thanks, fixed. [image: 1579540700839-annotation-2020-01-20-121352.png]

Hmm, well hard to say without more logs etc from the time. Unbound was not responding for some reason. Neither was any other DNS server configured for the system. Without anything in System > General that could only be servers handed to pfSense by the ISP via DHCP on WAN.

You're right. [image: 1579535662308-6743f69d-639a-4060-a514-af60c52ee008-image.png] Test : [image: 1579535697563-d0ba3ebe-8738-4385-ad29-69e89e3e05c5-image.png] which is correct.

@stephenw10 thank you works great (:

It's clearly maxing out something. You should definitely test over a wired connection first though you could just be seeing wifi issues. Steve

@JKnott Yep the phone was connected to the network, it had a static ip at first, then i removed its static from pfsense, which gave it a dchp address. All the internet worked, the only things that didnt work were the walmart app, amazon app, and affirm app. I could browse the internet, download off of play store, and play games. I dont understand what happened, after I formatted the pfsense hard drive and reinstalled it, my phone could connect to the apps. It was 100 percent something i did in pfsense some how, because I could connect to those apps on my other internet from a different provider, and at walmart.

@stephenw10 kk, that solves it. I'll go firewall route! Thanks!

Well that could definitely be true, why would they allow access to their DNS servers publicly? That doesn't explain why you saw the delay to IP addresses directly though. Steve

Ok, thank you!

@plrpilot When you say "from the VPN", what is the device that is initiating the VPN on the remote side? Is it OpenVPN or IPSEC VPN? Please provide additional information about the network topology, perhaps you need some specific routing.

@stephenw10 said in Login Beep: Well the startup tune is played using the beep command so you can change the frequency if you edit the beeps. But there is no volume option I'm aware of there. OK, thanks a lot!

I look forward to pics of your decorative laptop arrangement.

Ok so I assume 192.168.30.21 is the phone here? And just to be clear the OpenVPN client is running on the phone itself? That's certainly how I understand it and what it looks like in that 1194 state. There is clearly some unencrypted SIP traffic from the phone there. You could try making a call and refreshing the states to see where the rtp traffic is, it might open more unencrypted states. You could put in a block rule on LAN for the port 5060 traffic so it cannot open those states outside of the tunnel and see if you still have connectivity. Steve

Hello Stephenw10, HAPPY NEW YEAR !!! I WISH YOU HEALTH AND LUCK !!! Thank you for the reply and sorry for my late reply. We still didn't fix it, because the other side is missing an "behind keyboard device" :) I will write you when we have results ! Thank you again and have all the best. Regards, Mladen