Re: [pfSense] Netgate Firmware
One more time: there is only so much I can say about the issue. Richard Relph's message is inaccurate, but I can not describe why or how. Specific to the subject of this thread: The coreboot (it's not really a BIOS, and yes, I'm splitting hairs) update addresses a Intel-issued "specification clarification" for C2000-based systems. The Intel specification clarification is available at the following location: https://www-ssl.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf This specification clarification includes the following text on page 36: *“If your system does not use SERIRQ and BIOS puts SERIRQ in Quiet-Mode, then the* *weak external pull up resistor is not required. All other cases must implement an* *external pull-up resistor, 8.2k to 10k, tied to 3.3V.”* Since the LPC bus, including SERIRQ is not used in the SG-2xxx, SG-4xxx and SG-8xxx systems, a software workaround for this specification clarification has been implemented by ADI Engineering in v12 of coreboot for the affected systems. The workaround disables SERIRQ to prevent indeterminate interrupt behavior for these systems. The instructions on how to update all affected systems are at the following URLs: https://www.netgate.com/docs/sg-2220/adi-bios-flash.html https://www.netgate.com/docs/sg-2440/adi-bios-flash.html https://www.netgate.com/docs/sg-4860/adi-bios-flash.html https://www.netgate.com/docs/sg-4860-1u/adi-bios-flash.html https://www.netgate.com/docs/sg-8860-1u/adi-bios-flash.html We are also working on a 'package' (for pfSense) that will do most of the work outlined in this documentation. If you aren't running pfSense on your system, then there is a different procedure, please contact Netgate customer support. We have tested this update and believe it to be low risk for you to implement. However, we encourage you to always backup your configuration before applying any update or change. We recommend that you update your affected systems at your earliest convenience. Jim On Tue, Mar 21, 2017 at 3:33 PM, Richard A. Relphwrote: > Google “cisco intel atom issue” for some of the coverage of the problem. > The symptom appears to be that on a reboot (power on? cold reset? warm > reset?) the Atom may not generate LPC clocks… kinda fatal. But it seemingly > doesn’t happen in the course of normal operation. > > Richard > > > On Mar 21, 2017, at 1:24 PM, Steve Yates wrote: > > > > Note despite the thread subject, the affected models are: > > > > SG-2220 > > SG-2440 > > SG-4860 > > SG-8860 > > SG-4860-1U > > SG-8860-1U > > > > However, what is the symptom? We have a handful of these in service at > various clients but have not noticed any issues that we're aware of. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon > Gerdes > > Sent: Tuesday, March 21, 2017 12:57 PM > > To: list@lists.pfsense.org > > Subject: Re: [pfSense] Netgate Firmware > > > > > > Topic: SG-2440 bios upgrade: > > > > https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237 > > > > > > On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote: > >> OK, now you guys have me curious… > >> > >> I have a Netgate SG-2440 purchased directly from Netgate. I’ve > >> received no emails. I don’t frequent the forums. But I am aware of an > >> “alleged” chip issue, which I believe my unit is susceptible to. > >> > >> Can someone provide a link to a relevant forum thread? > >> > >> Thanks, > >> Richard > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Netgate Firmware
Google “cisco intel atom issue” for some of the coverage of the problem. The symptom appears to be that on a reboot (power on? cold reset? warm reset?) the Atom may not generate LPC clocks… kinda fatal. But it seemingly doesn’t happen in the course of normal operation. Richard > On Mar 21, 2017, at 1:24 PM, Steve Yateswrote: > > Note despite the thread subject, the affected models are: > > SG-2220 > SG-2440 > SG-4860 > SG-8860 > SG-4860-1U > SG-8860-1U > > However, what is the symptom? We have a handful of these in service at > various clients but have not noticed any issues that we're aware of. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes > Sent: Tuesday, March 21, 2017 12:57 PM > To: list@lists.pfsense.org > Subject: Re: [pfSense] Netgate Firmware > > > Topic: SG-2440 bios upgrade: > > https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237 > > > On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote: >> OK, now you guys have me curious… >> >> I have a Netgate SG-2440 purchased directly from Netgate. I’ve >> received no emails. I don’t frequent the forums. But I am aware of an >> “alleged” chip issue, which I believe my unit is susceptible to. >> >> Can someone provide a link to a relevant forum thread? >> >> Thanks, >> Richard >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
Time to do a pcap, and see what's actually happening. Look in the SIP session description (SDP) and see what IP addresses the client is telling the other side to communicate with. Divide and conquer. On 3/21/2017 5:42 AM, Martin Fuchs wrote: what really irritates me is the fact (tried it just now) that using it over OpenVPN instead of IKEv2 it works... any idea ? i'm gonna look over it again... Von: Listim Auftrag von Martin Fuchs Gesendet: Dienstag, 21. März 2017 10:45:34 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel I think so, too, that's what confuses me. Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense so the SIP-Clients would tunnel trough the the router, terminate with the pfSense and the unencrypted packets are sent back to the router (which hosts the PBX). In my opitnion it should work, too... Von: List im Auftrag von Vick Khera Gesendet: Montag, 20. März 2017 13:48:06 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel You only need siproxyd if you have multiple SIP clients inside your network trying to talk outside. SIP should work just fine in your situation where your PBX software and your client are within the same VPN and do not block any traffic. That is, I have a situation like this and it works just fine: Internet <- pfSense NAT <- Switchvox <- local LAN clients remotes -> pfSense VPN -> Switchvox I can't tell from the OP's original description how the connections are configured. On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen wrote: maybe you need something like this https://doc.pfsense.org/index.php/Siproxd_package Eero 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: Hi ! I have a Fritz!Box (router) connected to the internet (no other possibility). In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. This pfSense VM just operates as a VPN-Gateway. I have set up the routes in the Fritz!Box for the dial-in networks to the pfSense. I can connect via IKEv2 and browse internat services. I have a Fritz!App (SIP-Client) on my phone. This app connects to the Fritz!Box (which provides a SIP-connection) successfully. When I try to make a call, the other phone rings BUT no party cann hear the other. It seems to me like a RTP-issue. On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. The firewall-rules allow IPSec to LAN (any service). I'm running pfSense 2.3.3p1 with one interface. Does anyone have any idea or some hint for me ? regards, martin ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Netgate Firmware
Note despite the thread subject, the affected models are: SG-2220 SG-2440 SG-4860 SG-8860 SG-4860-1U SG-8860-1U However, what is the symptom? We have a handful of these in service at various clients but have not noticed any issues that we're aware of. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes Sent: Tuesday, March 21, 2017 12:57 PM To: list@lists.pfsense.org Subject: Re: [pfSense] Netgate Firmware Topic: SG-2440 bios upgrade: https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237 On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote: > OK, now you guys have me curious… > > I have a Netgate SG-2440 purchased directly from Netgate. I’ve > received no emails. I don’t frequent the forums. But I am aware of an > “alleged” chip issue, which I believe my unit is susceptible to. > > Can someone provide a link to a relevant forum thread? > > Thanks, > Richard > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Netgate Firmware
Topic: SG-2440 bios upgrade: https://forum.pfsense.org/index.php?topic=127418.msg703237#msg703237 On Mon, 2017-03-20 at 19:49 -0500, Richard A. Relph wrote: > OK, now you guys have me curious… > > I have a Netgate SG-2440 purchased directly from Netgate. I’ve > received no emails. I don’t frequent the forums. But I am aware of an > “alleged” chip issue, which I believe my unit is susceptible to. > > Can someone provide a link to a relevant forum thread? > > Thanks, > Richard > > > > On Mar 20, 2017, at 7:37 PM, Jon Gerdes> > wrote: > > > > I understand where you are coming from but I don't think the > > occasional > > note from vendors of pfSense kit that covers issues with high > > importance (to users as well as vendors) could be classified as > > spam on > > the pfSense list. > > > > There are a lot of Netgate users here and Netgate gear has a bit of > > a > > focus, OS-wise. > > > > In this particular case the issue is not confined to Netgate gear > > and > > spelling it out here can't do any harm that I can foresee. > > > > You may prod users of other hardware platforms to investigate > > whether > > they they have the affected chips in their systems. That can't be > > a > > bad thing provided the note is presented in a reasonably generic > > way > > but obviously you could mention specific products that you know are > > affected from your range or perhaps a short note pointing Netgate > > users > > to a URL for more info. > > > > Cheers > > Jon > > > > > > > > On Mon, 2017-03-20 at 19:15 -0500, Jim Thompson wrote: > > > I tend to be careful about spamming the pfSense list with things > > > that > > > aren't directly related to pfSense. > > > > > > Jim > > > > > > On Mon, Mar 20, 2017 at 7:13 PM, Jon Gerdes > > > > > > wrote: > > > > It might be worth putting a press release style post here as > > > > well > > > > anyway. > > > > > > > > Your mailing list may not be perfect and some people have a > > > > nasty > > > > habit > > > > of registering things with their own email address instead of a > > > > group > > > > address/alias and then moving on. Thir account gets deleted > > > > and > > > > that > > > > box that does something for the internets stops working and it > > > > could > > > > have been fixed by a timely firmware update. > > > > > > > > To be fair, there is quite a lot of chat on the forums about > > > > this > > > > and > > > > any interested pfSenser should be hanging out there as well as > > > > here. > > > > > > > > > > > > > > > > On Mon, 2017-03-20 at 18:57 -0500, Jim Thompson wrote: > > > > > we only sent it to customers of affected units. > > > > > > > > > > On Mon, Mar 20, 2017 at 5:43 PM, WebDawg > > > > > wrote: > > > > > > Is there any other list for netgate firmware updates? I > > > > > > just > > > > > > received a > > > > > > notification from sales@pfsense about netgate firmware > > > > > > updates > > > > > > but > > > > > > it was > > > > > > not sent to this list? > > > > > > ___ > > > > > > pfSense mailing list > > > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > ___ > > > > > pfSense mailing list > > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > ___ > > > > pfSense mailing list > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
what really irritates me is the fact (tried it just now) that using it over OpenVPN instead of IKEv2 it works... any idea ? i'm gonna look over it again... Von: Listim Auftrag von Martin Fuchs Gesendet: Dienstag, 21. März 2017 10:45:34 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel I think so, too, that's what confuses me. Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense so the SIP-Clients would tunnel trough the the router, terminate with the pfSense and the unencrypted packets are sent back to the router (which hosts the PBX). In my opitnion it should work, too... Von: List im Auftrag von Vick Khera Gesendet: Montag, 20. März 2017 13:48:06 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel You only need siproxyd if you have multiple SIP clients inside your network trying to talk outside. SIP should work just fine in your situation where your PBX software and your client are within the same VPN and do not block any traffic. That is, I have a situation like this and it works just fine: Internet <- pfSense NAT <- Switchvox <- local LAN clients remotes -> pfSense VPN -> Switchvox I can't tell from the OP's original description how the connections are configured. On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen wrote: > maybe you need something like this > https://doc.pfsense.org/index.php/Siproxd_package > > Eero > > 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > > > Hi ! > > > > I have a Fritz!Box (router) connected to the internet (no other > > possibility). > > > > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. > > > > This pfSense VM just operates as a VPN-Gateway. > > > > I have set up the routes in the Fritz!Box for the dial-in networks to the > > pfSense. > > > > > > I can connect via IKEv2 and browse internat services. > > > > I have a Fritz!App (SIP-Client) on my phone. > > > > This app connects to the Fritz!Box (which provides a SIP-connection) > > successfully. > > > > > > When I try to make a call, the other phone rings BUT no party cann hear > > the other. > > > > > > It seems to me like a RTP-issue. > > > > > > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. > > > > The firewall-rules allow IPSec to LAN (any service). > > > > I'm running pfSense 2.3.3p1 with one interface. > > > > > > Does anyone have any idea or some hint for me ? > > > > > > regards, > > > > martin > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
no change with sipproxd installed... very strange... Von: Listim Auftrag von Martin Fuchs Gesendet: Dienstag, 21. März 2017 10:44:36 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel since it's only one client i did not think about it but it's worth a try... Von: List im Auftrag von Eero Volotinen Gesendet: Montag, 20. März 2017 11:10:56 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel maybe you need something like this https://doc.pfsense.org/index.php/Siproxd_package Eero 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > Hi ! > > I have a Fritz!Box (router) connected to the internet (no other > possibility). > > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. > > This pfSense VM just operates as a VPN-Gateway. > > I have set up the routes in the Fritz!Box for the dial-in networks to the > pfSense. > > > I can connect via IKEv2 and browse internat services. > > I have a Fritz!App (SIP-Client) on my phone. > > This app connects to the Fritz!Box (which provides a SIP-connection) > successfully. > > > When I try to make a call, the other phone rings BUT no party cann hear > the other. > > > It seems to me like a RTP-issue. > > > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. > > The firewall-rules allow IPSec to LAN (any service). > > I'm running pfSense 2.3.3p1 with one interface. > > > Does anyone have any idea or some hint for me ? > > > regards, > > martin > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
I think so, too, that's what confuses me. Internet -> Router -> (NAT: IPSec, OpenVPN) pfSense so the SIP-Clients would tunnel trough the the router, terminate with the pfSense and the unencrypted packets are sent back to the router (which hosts the PBX). In my opitnion it should work, too... Von: Listim Auftrag von Vick Khera Gesendet: Montag, 20. März 2017 13:48:06 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel You only need siproxyd if you have multiple SIP clients inside your network trying to talk outside. SIP should work just fine in your situation where your PBX software and your client are within the same VPN and do not block any traffic. That is, I have a situation like this and it works just fine: Internet <- pfSense NAT <- Switchvox <- local LAN clients remotes -> pfSense VPN -> Switchvox I can't tell from the OP's original description how the connections are configured. On Mon, Mar 20, 2017 at 6:10 AM, Eero Volotinen wrote: > maybe you need something like this > https://doc.pfsense.org/index.php/Siproxd_package > > Eero > > 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > > > Hi ! > > > > I have a Fritz!Box (router) connected to the internet (no other > > possibility). > > > > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. > > > > This pfSense VM just operates as a VPN-Gateway. > > > > I have set up the routes in the Fritz!Box for the dial-in networks to the > > pfSense. > > > > > > I can connect via IKEv2 and browse internat services. > > > > I have a Fritz!App (SIP-Client) on my phone. > > > > This app connects to the Fritz!Box (which provides a SIP-connection) > > successfully. > > > > > > When I try to make a call, the other phone rings BUT no party cann hear > > the other. > > > > > > It seems to me like a RTP-issue. > > > > > > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. > > > > The firewall-rules allow IPSec to LAN (any service). > > > > I'm running pfSense 2.3.3p1 with one interface. > > > > > > Does anyone have any idea or some hint for me ? > > > > > > regards, > > > > martin > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
since it's only one client i did not think about it but it's worth a try... Von: Listim Auftrag von Eero Volotinen Gesendet: Montag, 20. März 2017 11:10:56 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel maybe you need something like this https://doc.pfsense.org/index.php/Siproxd_package Eero 20.3.2017 11.56 ap. "Martin Fuchs" kirjoitti: > Hi ! > > I have a Fritz!Box (router) connected to the internet (no other > possibility). > > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. > > This pfSense VM just operates as a VPN-Gateway. > > I have set up the routes in the Fritz!Box for the dial-in networks to the > pfSense. > > > I can connect via IKEv2 and browse internat services. > > I have a Fritz!App (SIP-Client) on my phone. > > This app connects to the Fritz!Box (which provides a SIP-connection) > successfully. > > > When I try to make a call, the other phone rings BUT no party cann hear > the other. > > > It seems to me like a RTP-issue. > > > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. > > The firewall-rules allow IPSec to LAN (any service). > > I'm running pfSense 2.3.3p1 with one interface. > > > Does anyone have any idea or some hint for me ? > > > regards, > > martin > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SIP through IKEv2-tunnel
Hi ! No possibility to disable STUN on the SIP client. Von: Listim Auftrag von Rosen Iliev Gesendet: Montag, 20. März 2017 19:51:26 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] SIP through IKEv2-tunnel Hi, Have you try to disable the STUN support on your phone? Cheers, Rosen Martin Fuchs wrote on 3/20/2017 3:36 AM: > Hi ! > > I have a Fritz!Box (router) connected to the internet (no other possibility). > > In i have NATted ESP, GRE, 4500, 500, 1701, ... to a pfSense VM. > > This pfSense VM just operates as a VPN-Gateway. > > I have set up the routes in the Fritz!Box for the dial-in networks to the > pfSense. > > > I can connect via IKEv2 and browse internat services. > > I have a Fritz!App (SIP-Client) on my phone. > > This app connects to the Fritz!Box (which provides a SIP-connection) > successfully. > > > When I try to make a call, the other phone rings BUT no party cann hear the > other. > > > It seems to me like a RTP-issue. > > > On the pfSense i have Advanced Outbound NAT configured with no NAT-Rules. > > The firewall-rules allow IPSec to LAN (any service). > > I'm running pfSense 2.3.3p1 with one interface. > > > Does anyone have any idea or some hint for me ? > > > regards, > > martin > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold