It's L2TP over IPSec transport so the firewall should only see the IPSec part. You would need to forward UDP ports 500 and 4500 and possibly ESP if you want a non-NAT-T connection.

Steve

Nothing has changed in that regard in 2.5 as far as I know. Not yet at least.

Steve

Nice. Not sure how I missed that /24. Must have been low on coffee!

@Tenou said in SIP-Calls over LTE drop after exactly 32 seconds (OpenVPN) - WiFi is fine:

The VPN-Subnet is configured as “local trusted”

Not sure what you mean with 'trusted', but your VPN subnet should be added to a list of local networks in Asterisk. Then check your SIP signalling on Asterisk side.
I see no signs that pfSense has anything to do with your problem. Please read this and follow the link there.

@yaminb In my case there's no potential for an IP conflict because there's no DHCP on any WAN IP. The pfSense has a WAN but everything else is just passed along. The routers are all downstream and would hand out DHCP to any device plugged into their networks. I only have a dozen WAN IPs so it's not hard to track those in the switch, and nothing would ever be connected directly to the ISP other than those dozen, and even those are post-pfSense.

Ok.. I'll give it a try. Thanks guys..

Why do you think it would not work?

I have never tried it but it should be able to auth against LDAP. The 2FA part might introduce a challenge.

Steve

Yes you might have a bad cable or bad terminal setup. Hardware flow-control that has no wires existing can result it no input to the appliance.

Can you enter Coreboot setup (F10 for boot menu)? That would prove your terminal setup.

Steve

Just for record keeping. I flashed back to stock 2.4.4-p3 and no issues.

Do you see any blocked traffic?

Make sure your rules do not reference, for example, WANnet which no longer exists.

Do you see traffic for 192.30 arriving at the WAN if you run a pcap there and ping it externally?

Steve

That option is in 2.5 already:
https://redmine.pfsense.org/issues/9808

Hi,

I have been looking for a similar setup, can you give me a few pointers please, thanks

Did you use the metronet supplied dns or use your own?

Fixed now

Issue was it seems that I was applying the PPPOE to the WAN interface and not then assigning WAN as re0.911.

Thank you so much for taking the time to respond!

Regards

Ben

What server computer? The one running pfsense or the one you using to access pfsense web gui? That pfsense time is not going to be correct.. Since its not currently able to talk to what you set for its ntp source.

The VPN is actually disconnected or traffic inside it stops?

Check for blocked traffic at that time. Check the states still exist.
Are you running Snort or Suricata? Check the alerts.

Do you have multiple internal clients using the VPN client connecting to the same external server?

Steve

@JKnott well not much if I'm honest.... to be clear I haven't set that... In mobile clients I've ticked the "provide a virtual ip address to clients" box and specified 192.168.205.0 with a mask of 24 (as per the instructions I think).

I'm not sure what else I'm supposed to do to be honest (all a bit new to me) which was sort of the point of the post.

All help gratefully received.

@m0zeid said in Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions:

2x256 gb RAID 0 SSDs (chinese models)

About this, I'd change to a RAID1 configuration.

We moved from a couple of FG100-D (HA) to 2 pfSense (CARP) with UniFi APs (12 AP-AC-Pro) and pfBlockerNG-devel.

No regrets.