ok you guys win, i'll put my pfsense as my router1, i'll put it on my to-list to get a second old desktop i have and try to get it working as an access point when i have more time, and get a hold of more network card turns out there is something wrong with the second lan in my old motherboard, its a m2n-sli deluxe i'm thinking i might just buy one of those mini pc's soon and use that instead of my old desktop i dont have any more problems, thanks for the help

....After some more research, yes I came to the above conclusion. Apologies for the lazy post! Having said that, my solution was to INVERT MATCH on the Destination network and select LAN NET, which will block access to the main network. This also is a single-rule solution! Props to Lawrence Systems on that one :) Either way, thanks a bunch for the response.

Yup, pretty much depends on what is available on the switch and the NAS and what protocols each supports. It would be surprising if both didn't support LACP though. Also how the NAS is going to to be used, there may be no advantage to using 4x Gigabit connections if clients are only transferring occasional large files for example. You could then add a 2 port lagg to pfSense for redundancy. But pretty soon you're looking stacking switches etc. You probably don't need that at this point. Steve

@chpalmer I haven't tried this myself, but supposedly this will allow Sonos devices to work. https://github.com/sonicsnes/udp-broadcast-relay-redux In the usage-notes, it explains how to use with pfsense.

@jklmn12345 Great point about the need to discuss options! I had recommended talking to Netgate because your firm purchased two Xg7100 hardware. It disappointing to hear you couldn't discussed options. To me, it seems that pfSense currently is in a state of confusion...things that were promised for V2.5, such as RestConf API, won't happen, nor FreeBSD 12.1 hasn't made it to pfSense v2.5 yet despite waiting on it, but FreeBSD 12.1 was released Nov. 2019. So, I doubt pfSense 3.0 with API plugin will happen anytime soon. So, it's difficult to rely on pfSense in this confused state. It's great you got some fruitful out come from the thread despite been a slim input thanks to Heper; however, I would not shut down the thread.

There are step-by-step instructions on how to install and configure it here -> http://pfelk.3ilson.com/

@Duckmuck hey, I'm also trying to get my Sonos Setup working in different VLANs. My Speakers are in VLAN IOT, subnet 10.0.2.0/24 (not really, but let's assume) My phone which is supposed to be the controller is in LAN, subnet 10.0.1.0/24. Which one do I have to setup as upstream and which one as downstream and which subnet has to be entered in which Interface. I see IGMP traffic in the general system logs, like group membership requests, but at the same time I see "IGMP came from myself, ignoring". Would be appreciated if you could help out

@stephenw10 I've tried every imaginable configuration possible that made sense and some that didn't. in firewall rules source any destination tv ip included and reverse. I appreciate the help though. I know from my postings I probably sound like I don't know at all what I'm doing. :P I wish you all could try it for yourself to see I'm not crazy.

@mannyjacobs73 said in Multi IGMP Proxy Behaviour: lthough I understand there is a difference between IGMP Snooping and IGMP Proxy, I do not completely understand how the IGMP Proxy service should be behaving when configured correctly... and especially with multiple devices / additional Virtual IP assigned. Hi, I'll re-write my query and hopefully someone can put me in the right direction... Basically I am wanting to know if there is any documentation or notes available regarding the behavior of the IGMP Proxy protocol which is found in pfsense (query timings, priority etc.) . Specifically when two devices are running IGMP Proxy on the same LAN, but even any pointers to more in-depth documentation as to how this service runs on a stand alone box, would be appreciated. Thank you

@tony77 As mentioned above, WiFi calling uses IPSec. Look into why that's failing. Packet capture helps here. If the VPN stays up, it's not a pfSense problem. BTW, I've never had an issue with Wifi calling here.

@stephenw10 Thanks, found that this function of size limiting was not in my version of suricata, an update was pending...

It might do. You certainly won't get that working with a subnet conflict. Steve

ip route show table 0 will give you the current routes in Android. At least it does on my older device. Had you done that you would have found 192.168.1.0/24 via the openvpn server IP was missing. Adding it as a local network there is what causes the server to pass that route to the clients. Glad you found it. Steve

You can't have two mobile IPSec servers, no. But this is OpenVPN, you can have as many instances as you have ports/resources.

the solution was reverse php version to 5.6 on the vhost in www/mailserver so not related to pFsense

There's no easy way to do that really. If I was doing it I would probably edit the config file directly and reboot to load it. Your WAN should look like: <wan> <if>pppoe0</if> <descr><![CDATA[PPPoEWAN]]></descr> <blockpriv></blockpriv> <blockbogons></blockbogons> <enable></enable> <ipaddr>pppoe</ipaddr> </wan> And you'll need a PPP section like: <ppps> <ppp> <ptpid>0</ptpid> <type>pppoe</type> <if>pppoe0</if> <ports>em0</ports> <username>your_username</username> <password>base64_encoded_password</password> <descr><![CDATA[WAN]]></descr> <provider>Your_ISP</provider> </ppp> </ppps> Or similar with your details in it. Steve

Yeah that's where inverted rules can bite you. !LAN net or !WIFI net is effectively everywhere. Your 'Wide Open' rule is actually only to the WAN subnet which is probably only small subnet with your public IP in it. You probably want destination 'any' there to allow traffic to any external IP. Steve

Because if it changes we want people to know about that change. You can edit the file to change the interval if you want or prevent access to the fqdn so it never sees any changes. Steve

Hmm, not sure why you would have to do that. You could just add them as static leases so they always get the same IP. Steve

@stephenw10 Nervermind, Thanks anyways, I just a bought ethernet switch, no need bridge and working fine now.