In the different environments where I use PF I'm using different appliances
acting as modem/routers.
In most cases I use those supplied by the ISP.
In other cases I use some other low-medium level modem/routers.
As an example some are Tp-link TD-W8968.
All these modem/routers connect:
- to the ISP on the phone line over ADSL and PPPoE/PPPoA
- to the pfSense WAN port via Ethernet port
They are just enough to act as
- ADSL2+ modem on the 20 mbit/sec ADSL lines
- inbound NATP towards the PF WAN IP.
pfSense act as routing firewalls, sometimes as VPN endpoints, never as
ADSL modem.
O.
--
In data venerdì 26 settembre 2014 20:00:59, Hannes Werner ha scritto:
> Thank you very much Odette,
>
> what type of router do you use? Those who are doing the PPPoA? So you
> use pfSense as a strict Firewall?
>
> On Fri, Sep 26, 2014 at 4:35 PM, Odette Nsaka
<[email protected]> wrote:
> > Not too much related, but I am.
> >
> > I'm using a multi-wan connection to different ISP who give me dynamic
IP
> > address. I set up the Internet connection via a couple of different
> > routers, one for each ISP.
> >
> > The difference in my configuration is that the routers connect to the
ISP
> > via PPPoA and PF is connected to the routers via regular IP local
subnet
> > connection (no PPPoE/PPPoA on PF).
> >
> > This way everything works fine, asterisk on the LAN side of PF too,
even
> > when one or both of the public IPs are changed.
> >
> > In case of failure of one (or the other) of the ISP connections, asterisk
> > connects with no problem to the VoIP provider, no matter on which is
the
> > active or preferred gateway.
> >
> > O.
> >
> > --
> >
> > On Sept. 26th 2014 15:51:37, Hannes Werner wrote:
> >> thank you very much Giles, but unfortunately it doesn't help.
> >>
> >> anyone here who is using asterisk behind pfSense on a dynamic IP
WAN
> >> successfully?
> >>
> >> On Fri, Sep 26, 2014 at 2:44 PM, Giles Coochey <[email protected]>
wrote:
> >> > On 26/09/2014 12:42, Hannes Werner wrote:
> >> >> are you saying that people with dynamic IP shouldn't use
pfSense
> >> >> behind an Asterisk service? I've had asterisk running behind Fritz-
Box
> >> >> for years without any trouble. I've seen the cheapest router
being
> >> >> able to handle this like the speedports. I can't believe pfSense is
> >> >> unable to do this, but it doesn't matter a clear word would solve
the
> >> >> problem for all the time and you do not have to worry again
about this
> >> >> issue.
> >> >>
> >> >> maybe you guys do better telling those users to change there
router?
> >> >
> >> > It's not my place, either, to pass comment on what free software
you
> >> > should
> >> > decide to use, I am also none other than a happy end user (with a
PPPoE
> >> > service on at least one of my pfsense boxes, but with a static IP).
> >> >
> >> > Doesn't ensuring that you have Gateway monitoring enabled, and
then
> >> > ensuring that you have, under System --> Advanced -->
Miscelleaneous
> >> > -->
> >> > "State Killing on Gateway Failure" enabled provide a workaround
> >> > resolution for you? I'm referring to
> >> > https://redmine.pfsense.org/issues/3181 which is referenced from
#1629.
> >> >
> >> > Also it's clear that bug #1629 is pushed out to 2.2, although the
> >> > latest
> >> > comment is for it to be addressed, or to push it out to 2.3. It's
> >> > probably
> >> > not good news for you, but it looks like there is a schedule for it to
> >> > be
> >> > fixed.... just not very quickly.
> >> >
> >> > Do bear in mind that the original PPP software was designed for
> >> > opportunistic on-demand dial-up connections, and isn't perfectly
suited
> >> > for
> >> > running server side applications on the client end. PPPoE & PPPoA
built
> >> > on
> >> > this, I guess, to allow ISPs to continue to use their RADIUS
> >> > infrastructure
> >> > for customers authentication as they moved to broadband / cable
based
> >> > connections.
> >> >
> >> >
> >> > --
> >> > Regards,
> >> >
> >> > Giles Coochey, CCNP, CCNA, CCNAS
> >> > NetSecSpec Ltd
> >> > +44 (0) 8444 780677
> >> > +44 (0) 7584 634135
> >> > http://www.coochey.net
> >> > http://www.netsecspec.co.uk
> >> > [email protected]
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > List mailing list
> >> > [email protected]
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
