You should not need any special settings for that. The phone connects out to Verizon on IPSec and routes the calls over that as far as I know. The default allow rules on LAN will pass that.
You could check for open UDP port 4500 states when wifi calling is enabled to confirm that.
IPSec can be affected badly by an incorrect MTU setting. You might look into that if the issue continues.

Steve

If you have a serial console, leave a client open and connected to it, either with a large scrollback buffer or logging all output. Then monitor it during a reboot, see if you get any output.

If you only have a video console it's harder to capture errors, but you still might see something.

If there are no crash reports and nothing in the logs, then it's harder to diagnose. That said, it's almost certainly hardware if that is the case. If it's crashing under load, which could be from the encryption required to run the VPN, then most likely it's heat or power-related, but it still could be anything (RAM, CPU, etc)

You were right man. I did get an answer.
The book is very well done though, thanks. In my case, basic set-up is not bad and no major curves. Just slow and careful for someone not specifically in the network field. Beyond basic... I think will take a long time. Good little lab start.
And worth moving to a SG-5100 I think.

Closing this off - for some reason, rebooting the test device worked. (Basically I came back to test and it worked).

So I can only assume it was either intermittent, or maybe some issue with the DHCP client?

Hi Steve, I think we did recently update so that could definitely have been it. Thanks though for all your help!!

@philipputrus said in FTP server behind pfSense...:

The server use Active mode I checkd that by connecting to it from the CMD

For active mode you need to have the client FTP proxy installed and configured. It will not allow the server to open data channels without it.

Steve

No I haven't but I'm thinking of it as updating our infrastructure.

When you run tcpdump on the interface in pfSense you see eveything the driver is sending but that might not necessarily make it onto the wire.
By using a switch in between, mirroring the port and capturing on there you see what traffic is actually going back and forth.

Steve

Ah in Tautulli interface - thanks.. Yeah that does make it easy to find ;)

that scope would all be great if you made them vlans and actually isolated them.. But if they are all on the same L2 kind of just meaning less.. And means you have to for sure hand out reservations for every mac address.

You are only opening one port so you're exposing only the service listening on that port. The RasPi could have everything open but nothing is going to reach it except what you're forwarding.

Steve

I set on accept for Promiscuous mode, mac address changes and forget tramits on WAN vswitch,
Since my network goes Virtuel WAn switch-pfsense-virtuel LAN switch.
Also very important to note that is a reboot of whole esxi is necessary for it to acctually implement the changes made.

I didnt discover this at beginning.... so alot of my testing was flawed cause changed wasent acutally being made...

Thanks for all help.

Sure... without success :(

Thank you. That fixed my problem.

Traffic between the modem and Asus router there is all inside PPPoE apart from traffic to the modem itself. So that's probably not what you want to do. pfSense would not 'see' most of that traffic.

pfSense as the gateway and Asus as an access point is the way to go there.

Steve

If you use a shellcmd that gets stored in the config file and hence can be retsored and is never lost at an update etc.
If that command calls a custom script that might be lost though. You can use the filer package to store that in the config so it's all restored however.

Steve

TNSR is a completely different product than pfSense, and both will be developed concurrently from what the Netgate people have said recently.

Upgrade fixed it! Thanks.

Impressive response time. 3 minutes. :)

@akuma1x

Hi Jeff,
thank you for showing me the way to the discussion about it.
Now I know a bit more.

James

Could be an MTU issue. Try to ping with large packets, how large will pass?

https://docs.netgate.com/pfsense/en/latest/routing/unable-to-access-some-websites.html

Steve

If you do need to apply that command at boot you can do so with a shellcmd:
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

And actually now I think about it if you use the 'afterfilerchnages' type there it will be applied if the WAN goes down and comes back up. That might be all you need there.

Steve