You would probably want to examine the firewall logs for the time it is not reconnecting and see if anything is blocked.

You might also want to look at the state table and see what states are established on behalf of the PBX and see if that gives you any indication why it isn't working.

https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

Thanks everyone for the great replies.  As I suspected, this will be a long, tedious manual process.

@jimp:

You said it's a "new" NIC but that is an em device. Any current Intel card should be igb.

All I meant by that is that we bought the same type card that we were running in our other routers that is "new" as it has never been used. I recognize that it is not the most cutting edge technology, but it is what we know will work based on our other router setups.

As far as what the crash report says, is it something that can be solved by reinstalling the OS or by setting up IPv6? We never set up IPv6 in the past because we don't use it at our company but if that will solve our issues, then I am willing to set it up.

@clay005:

My suspicion is, It is restarting when someone remote our the server using its the Domain name (or computer name not ip address). Because before i register the IP address to have a name we are using ip address to remote the server and im not having this kind of issue.

This can't be a suspicion, except if you refuse to check your firewall, the rules present on WAN.
There should be none **, and in that case : impossible, non one can connect to your pfSense.

Btw : you just showed that you missed one of the biggest concepts of the Internet : people rarely use IP's, or, they work well. Humans like addresses like test-domaine.fr, which are translated directly to :

test-domaine.fr has address 5.196.43.182 test-domaine.fr has IPv6 address 2001:41d0:2:927b::15

Remember that addresses or URL like test-domaine.fr aren't use on the Internet : you see them on your screen, they are looked up to IP addresses and that it.

The fact that you use a domaine name - like my test-domaine.fr - doesn't mean that people can find you more easily, or not. True is, domaine name are public. But you don't care, you have a firewall, and nothing initialed from the outside come in. That was the very reason you put the firewall in place.

** if there are rules ….. well, you shouldn't. One never does before all consequences are understood ;)
Btw : Never ever expose the pfSense GUI to the outside (WAN or Internet).

UPDATE:
@Harvy66, I tested out latest opnsense as well which is based off FreeBSD 11.1 but I still faced the same issues.
The solution for my problem was to disable nested paging under VM -> System -> Acceleration, after which the bandwidth went full throttle! :)


If you want two factor auth, you can install the FreeRADIUS package and use it there (Google Authenticator or mOTP)

@inews:

it will be open wifi network […] if possible to make some usernames with different permissions to the network.

That isn't possible with captive portal, but if your access points can do multiple SSIDs on different VLANs, you could setup a different SSID that has WPA2 Enterprise authentication, then it could put those special users on a different VLAN with different firewall rules/setup.

You'd setup the second VLAN/Network on pfSense but getting users into that network is entirely up to your access points and switches, though, not pfSense

Hi All,

Sorry for waking up a very old topic.

I've tried James' suggestions but instead of using a physical NIC for the BT Vision LAN i'm using a VLAN.

However I'm unable to receive a picture at all. Just wondering if this is still working for anyone?

@heper:

maybe a wiring issue when using the cable modem.
might be an mtu issue when using the new DSL

Turned out the problem on DSL was a firmware problem on the modem side.

@heper:

also don't flip random options that you find  …. thats a pointless waste of time

Even if you disagree. Those options actually make sense to try

@heper:

advise:
reset to factory defaults, leave everything as default except the PPPoE bit, then try changing(lowering) the MTU to the correct value

As i mentioned at "Here are some details for the Pfsense " section, the firewall was already "stripped" from the more "exotic" configurations.

Anyway thanks a lot for giving a thought to my issue and for the advice.
George

We use prtg, there is a free version but i do not know if it contains the needed functions.
I think it was called netflow, this is a package.

@piperbob:

When I click on status/system logs, all of the links show "no logs to display".

Is there a setting somewhere that disables logging?

When the page comes up after you do status > system logs, on the top right hand side you should see a link called "settings". Check it out to ensure that you have basic logging on. Depending on your configuration a bunch of additional links will show up on that same page (to the left of settings). Some of them are for built in services, some of them for optional packages that you might have installed. Many of them have their own logging settings, so go onto those links and check out.

Going to have to give us more than this.. You mention layer 3.. So you have a L3 doing routing downstream of pfsense??

Why don't you draw up your network.. Your downstream should be via transit.  Unless you just mention L3 switch because it is, but your only using it as L2 and pfsense is doing all the intervlan routing?

From the info give there is no way to help you…

Do you or have you in the past had any networks/vlans on 192.168.100.0 No Do you or have you in the past had any static routes setup for 192.168.100.0 Maybe I had a firewall rule at one point, but not at the moment. Do you or have you in the past had pfBlockerNG installed. Yes, currently installed

I'm not sure how 192.168.100.0 is relevant because with and without pfsense configured to reject those DHCP leases the WAN issue is the same.

@jaquintero:

Good morning

Welcome to the forum.

ASSP (to send and receive mails).  NO Postfix (for delivery mails to internal Exchange Server with transport protocol).  NO DNS (actually use bind9). Yes, there is a BIND package for pfSense Apache (for SSL certificates of our sites).  NO Reverse proxy (to show our sites allocated in other server). YES, HAproxy and Squid are available

HTH

@johnpoz:

Wouldn't you just normally do GRE over Ipsec if you needed layer 2 connectivity?  This way your traffic is encrypted.

not trying to hijack this thread but since you mention it– got any decent guides or tuts for setting up GRE-over-IPSEC w/ pfSense? I've not really come across any and the topic has always interested me.

What model of modem?
http://badmodems.com/

Puma modems will bog down with lots of UDP traffic and cause issues similar to yours.

I went with creating a user into FreeIPA with Read access.