@stephenw10 kk, that solves it. I'll go firewall route! Thanks!

Well that could definitely be true, why would they allow access to their DNS servers publicly?

That doesn't explain why you saw the delay to IP addresses directly though.

Steve

Ok, thank you!

@plrpilot When you say "from the VPN", what is the device that is initiating the VPN on the remote side? Is it OpenVPN or IPSEC VPN?
Please provide additional information about the network topology, perhaps you need some specific routing.

@stephenw10 said in Login Beep:

Well the startup tune is played using the beep command so you can change the frequency if you edit the beeps. But there is no volume option I'm aware of there.

OK, thanks a lot!

I look forward to pics of your decorative laptop arrangement. 😁

Ok so I assume 192.168.30.21 is the phone here?

And just to be clear the OpenVPN client is running on the phone itself?
That's certainly how I understand it and what it looks like in that 1194 state.

There is clearly some unencrypted SIP traffic from the phone there. You could try making a call and refreshing the states to see where the rtp traffic is, it might open more unencrypted states.

You could put in a block rule on LAN for the port 5060 traffic so it cannot open those states outside of the tunnel and see if you still have connectivity.

Steve

Hello Stephenw10, HAPPY NEW YEAR !!! I WISH YOU HEALTH AND LUCK !!!

Thank you for the reply and sorry for my late reply.

We still didn't fix it, because the other side is missing an "behind keyboard device" :)

I will write you when we have results !

Thank you again and have all the best.

Regards,
Mladen

ok you guys win, i'll put my pfsense as my router1,

i'll put it on my to-list to get a second old desktop i have and try to get it working as an access point when i have more time, and get a hold of more network card

turns out there is something wrong with the second lan in my old motherboard, its a m2n-sli deluxe

i'm thinking i might just buy one of those mini pc's soon and use that instead of my old desktop

i dont have any more problems, thanks for the help

....After some more research, yes I came to the above conclusion. Apologies for the lazy post! Having said that, my solution was to INVERT MATCH on the Destination network and select LAN NET, which will block access to the main network. This also is a single-rule solution! Props to Lawrence Systems on that one :) Either way, thanks a bunch for the response.

Yup, pretty much depends on what is available on the switch and the NAS and what protocols each supports. It would be surprising if both didn't support LACP though. Also how the NAS is going to to be used, there may be no advantage to using 4x Gigabit connections if clients are only transferring occasional large files for example.
You could then add a 2 port lagg to pfSense for redundancy. But pretty soon you're looking stacking switches etc. 😉
You probably don't need that at this point.

Steve

@chpalmer I haven't tried this myself, but supposedly this will allow Sonos devices to work.

https://github.com/sonicsnes/udp-broadcast-relay-redux

In the usage-notes, it explains how to use with pfsense.

@jklmn12345 Great point about the need to discuss options! I had recommended talking to Netgate because your firm purchased two Xg7100 hardware. It disappointing to hear you couldn't discussed options.

To me, it seems that pfSense currently is in a state of confusion...things that were promised for V2.5, such as RestConf API, won't happen, nor FreeBSD 12.1 hasn't made it to pfSense v2.5 yet despite waiting on it, but FreeBSD 12.1 was released Nov. 2019. So, I doubt pfSense 3.0 with API plugin will happen anytime soon. So, it's difficult to rely on pfSense in this confused state.

It's great you got some fruitful out come from the thread despite been a slim input thanks to Heper; however, I would not shut down the thread.

There are step-by-step instructions on how to install and configure it here -> http://pfelk.3ilson.com/

@Duckmuck hey, I'm also trying to get my Sonos Setup working in different VLANs.

My Speakers are in VLAN IOT, subnet 10.0.2.0/24 (not really, but let's assume)
My phone which is supposed to be the controller is in LAN, subnet 10.0.1.0/24.

Which one do I have to setup as upstream and which one as downstream and which subnet has to be entered in which Interface. I see IGMP traffic in the general system logs, like group membership requests, but at the same time I see "IGMP came from myself, ignoring".

Would be appreciated if you could help out

@stephenw10 I've tried every imaginable configuration possible that made sense and some that didn't. in firewall rules source any destination tv ip included and reverse. I appreciate the help though. I know from my postings I probably sound like I don't know at all what I'm doing. :P I wish you all could try it for yourself to see I'm not crazy.

@mannyjacobs73 said in Multi IGMP Proxy Behaviour:

lthough I understand there is a difference between IGMP Snooping and IGMP Proxy, I do not completely understand how the IGMP Proxy service should be behaving when configured correctly... and especially with multiple devices / additional Virtual IP assigned.

Hi,

I'll re-write my query and hopefully someone can put me in the right direction...

Basically I am wanting to know if there is any documentation or notes available regarding the behavior of the IGMP Proxy protocol which is found in pfsense (query timings, priority etc.) .

Specifically when two devices are running IGMP Proxy on the same LAN, but even any pointers to more in-depth documentation as to how this service runs on a stand alone box, would be appreciated.

Thank you

@tony77

As mentioned above, WiFi calling uses IPSec. Look into why that's failing. Packet capture helps here. If the VPN stays up, it's not a pfSense problem.

BTW, I've never had an issue with Wifi calling here.

@stephenw10 Thanks, found that this function of size limiting was not in my version of suricata, an update was pending...

It might do. You certainly won't get that working with a subnet conflict.

Steve