You're right, rolling back did nothing. I've had to throw my asus router at it, because I cant be down. I hate that, because pfsense is a much better firewall with amazing traffic shaping capability and much more. Any commercial router is a joke compared to pfsense. I upgraded from 2.1.2. Yes, I also dont understand why anything would change since it was on manual outbound nat. However, the added capability seems to also add some complexity for sip in particular. I find with anything else in relation to pfsense, it just works. I really want to offer pfsense to my customers in combination with freepbx. I have not yet been able to get the system working without intermittent inbound / outbound call problems. I should say that yes, Ive got it working, but test the number hours later and am met with dead air. I dont have pfsense in front of me to currently look at , but manual outbound nat was for 5060 set as a static port (copied and edited per the auto generated rules for outbound nat). Is it required to port forward to the internal server as well? Firewall rules were (from any) to pass 5060, 1024, 4569 (fax) 10000-20000 RTP to 192.168.1.160. I note that RTP with pfsense starts at 5004 when choosing the drop down. I appreciate your thoughts and help Shane

Yes, the question here is: where did 192.168.0.1 come from? Since it's not your LAN subnet and not an IP your ISP would be handing out, do you have other internal interfaces? VPN perhaps? One possibility is that your WAN is a cable connection and that you have a cable modem that hands out private IPs when it can't see the ISP. If that is the case you can prevent it happening by selecting IP addresses to refuse int he dhcp setup. Steve

Thank you for helping me find a solution to the issues i was having. From the article posted, i can see a solution , but as the gateway keeps changing , How can i create a script that will apply this fix automatically. i was thinking i could create a script and called it up at <afterfilterchangeshellcmd>Thank you and i appreciate your support. Wato</afterfilterchangeshellcmd>

@extide: The problem you are now having is because you are Double NAT'd. Essentially it's because you're using 2 routers/firewalls. You should get rid of the other one. I'm only using 1.  If my previous hardware didnt die, I would have continue using Untangle.  But because I have to reinstall from scratch, I'm thought I just gonna try pfsense

I would suggest that DD-WRT is simply not catching the interruption in service. The connection comes back up in ~1min so there's a good chance you simply don't notice. You could try disabling apinger for the WAN which will probably put you on par with DD-WRT but, as Chris said, it looks like your cable service is going down. Go to System: Routing: Gateways: Edit the wan gateway, check 'disable gateway monitoring'. Steve

Hi drj Works like a charm with admin account. Thanks.

https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

@Hollander: That is an extreme list  :o It is. I have no idea what most of those mean. Look at my values compare them to your or to other posts on the forum. If something looks different or some value with the word 'error' in title is >0 Google it.  :) Steve

@mamun: When I checked the LAN interface I noticed that it had defaulted to auto negotiate however my interconnecting switch was configured as 100MB FD, I check the speed/duplex settings on the switch port and found that the nic was connecting as 10MB HD, hence the speed issue. Once I manually set the interface on the NIC within pfSense from auto to 100MB FD, the speed went back to expected levels again. The standards always say that at the ends of a cable ports's speed/duplexity have to be configured the same way. Either both ports auto, either both ports manual to the same value. One end auto and the other end manual is non-standard, and it only works if NIC manufacturers/drivers have implemented it - that really differs from asic chip type. Never do that. If it works, you're just being lucky…

all the traffic has to share a single Gigabit connection between the pfSense box and the switch. For that reason plus the ease/simplicity of configuration, I believe it's best to configure the VLAN's on the Network Appliance and just add the required number of NIC ports to the Cisco Managed Switch, taking care to tell the switch ports what VLAN owns them.

pfSense will always use the system default gateway for connections generated from within the box itself. I assume your ISP is handing you a gateway IP via DHCP also in the 10.x.x.x subnet? Do you have a gateway address for your public IPs? I assume you must otherwise your retrun traffic would have no route. Seems odd that they don't give you a route to the internet via the 10.x.x.x network.  :-\ Steve

@xtropx: I was able to recoup some lost space by deleting the .pbi in /tmp. That's interesting because the standard config in Nano is to mount /tmp as a ram drive. I'm not even sure you can do anything else without some work. Did it actually change the disk usage? Steve

Ah ok. The Marvell 88e8053 NICs as reported in the link can suffer a lock-up. In the Watchguard boxes it usually only happens under heavy load and is reported as a "watchdog timeout" in the logs. There is an easy workaround though: https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Known_Issues_2 The firmware (actually more like a group of register settings) update didn't help the watchdog issue. It only removed errors from yhd boot log. Are you seeing those errors? Which version are you NICs running? What does the following report: pciconf -l | grep msk Steve

There is already an existing thread open with suggestions to try. Edit: Here - https://forum.pfsense.org/index.php?topic=75069.msg413219#msg413219

Can you access the firewall via console?  Check your CPU status.  Perhaps something is gumming up the works, so to speak.

I have been playing with GRE tunnels recently and I have them working fine on 2.1.2.  The only caveat is that the tunnels still need to be manually started after a reboot.  I am surprised that using 'ifconfig gre0 up' doesn't bring the tunnel up. Are you able to ping the tunnel endpoints?  Did something happen to any of your rules to stop allowing GRE through?  Is either firewall on a DHCP address and the address changed after the upgrade/reboot?

someone any ideas which rules i must set for LAN traffic?

Not supporting hostap mode is what i was afraid of, it's the whole reason i have wanted wifi working  :-[ This little box is so nice with the dual Lan and not to crazy expensive. I will just have to use my TP-Link - TL-WA901ND 2.0, as my wifi access point then. Mulit-SSID da thing  ;D May give building a kernel module in a VM a go at some point because as you say it does not look like it's too crazy mad scary to do. Thanks for the help/info  8)