Categories

• TNSR

  Discussions about TNSR

  TNSR Announcements

  Feedback

  Installation and Upgrades
  304
  Topics
  1056
  Posts

  N

  @derelict said in 2 BGP Session dropping randomly same time:

  @michmoor said in 2 BGP Session dropping randomly same time:

  I see drops.

  If you are working in the <= 10Gbit/sec space and are using reasonably-current physical hardware and Intel NICs, you are probably not experiencing an inability of tnsr to forward whatever traffic you are asking it to forward.

  Even though i am using less then 10Gbit/sec but that should (worst case) cause queues or outbound packet drops? Why the BGP session drop?

• pfSense® Software

  Discussions about pfSense Software, click a category below

  Messages from the pfSense Team

  General pfSense Questions

  Installation and Upgrades

  Firewalling

  NAT

  HA/CARP/VIPs

  L2/Switching/VLANs

  Routing and Multi WAN

  Traffic Shaping

  DHCP and DNS

  IPv6

  IPsec

  OpenVPN

  Captive Portal

  webGUI

  Wireless

  SNMP

  Documentation

  Development

  Gaming

  Virtualization

  Hardware

  Bounties

  Retired
  106377
  Topics
  647946
  Posts

  J

  @jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

  Please do a capture of the full DHCPv6 sequence, as what you provided was from after pfSense had been running for a while.

  Im not at home, wont be until the end of the month.

  @jknott said in No RA on WAN and ISP brushes me off stating its my FW config that is at fault.....:

  Also, who's the ISP?

  Vidanet

• pfSense Packages

  Discussions about pfSense software packages

  Cache/Proxy

  IDS/IPS

  Traffic Monitoring

  pfBlockerNG

  ACME

  FRR

  Tailscale

  WireGuard
  17292
  Topics
  108882
  Posts

  B

  Hi all,

  I'm a software developer with a company for home automation. Most of the development we do in C# and typescript/javascript/html etc for the front-end and a bit of swift and java for the apps.

  Because in home automation the network is one of the most important things to get right, and on larger projects there are alot of companies wanting their devices on the network, proper management of the networks is really important.

  Luckily i've managed to convince the other owners that the best option is to use pfsense and now we deliver several projects a year with netgate 7100, here and there we use the 4100 or 3100 on smaller projects or employee's home network.

  These are private networks, but the networks consist of 200+ connected devices and things like alarm systems, ground detection, camera systems, movie theater systems and other stuff that need remote maintenance every once in a while. As our system controls everything and we provide the network, what i usually do is setup a vpn server and allow access to certain parts for certain users. All works pretty well but i would like the end user to have more control over the network and also i would like to implement a communication between our automation system and pfsense.

  What i would like to achieve is to allow the end user, who knows nothing about networking usually to be able to use our app to enable a period of maintenance for a specific company. Because now all the companies have restricted access, but the end user doesn't know when these people are accessing the system and with camera systems the feeling of having more control is very much appreciated. Basically controlling rule templates/aliases etc.

  There are also devices that phone home, for example, trinnov amplifiers always has a connection to their company server and they can control the amplifier which is just a pc running a specialized linux so they have a way inside the network always and would be able to access everything on the subnet. There are different vlans for certain devices and user devices are not on the same subnet, and i'm pretty sure trinnov can be trusted but sometimes there isa a situation where i would prefer these devices to not always be connected to some remote server we know nothing about. Maybe some company's employee is mad for some reason and starts spreading malicious scripts, who knows or their network is breached and an attacker can reach your network through theirs because the device is always connected to their server. Pick your doom scenario.

  Devices do need access to WAN for updates etc, i just would like to be able to have our system, which already has a configuration with network address, mac etc to be able to make rules for the devices configured in our system, and allow the access only when needed, and get instant reports about the firewall blocking some connection of this device. We create device drivers for the control of a device, and i would like to include maybe something like firewall profiles in this driver which can be switched.

  For this reason i would like to develop a package, doesn't have to be public, that creates either a secure connection to my automation system or creates a tcp server so i can control the router and exchange data needed and create a system that knows what's going on in the network and is able to control the firewall rules, but also really important to have feedback and report any issues so our back-end knows when to inform us. The situations will be decided by us, but i need a communication protocol or api endpoint. Looking around, i see a rest api (fauxapi), cool package but i don't want a rest api as it seems rather resource intensive to poll all the time.

  I've also been looking into doing this with SNMP, but i think this might be sluggish and doesn't support the things i want, but i could be wrong. To me it seems developing a package that is really light weight with a secured tcp connection would be best.

  Is there anyone who is able to give me advice on where to start, or just exchange ideas on how to achieve what i want?

  Best regards,
  Baruch

• pfSense International Support

  Discuss pfSense in other languages

  Chinese

  Deutsch

  Español

  Français

  Indonesian

  Italiano

  Russian

  Nederlands

  Norwegian

  Portuguese

  Polish

  Romanian

  Swedish

  Turkish
  40971
  Topics
  259175
  Posts

  J

  Le Netgate 2100 comporte 1 port RJ/SFP et 4 ports RJ.

  Pour les VLAN, je recommanderai de centraliser sur un switch administrable, éventuellement avec utilisation d'un 'trunk' (1 câble = plusieurs VLAN portés). Le pfSense aura le rôle de routeur Level 3 = inter VLAN, avec filtrage bien sûr.

  Je suis pas certain qu'une machine branché sur un port du Netgate soit équivalent à la même machine branché sur un port du switch administrable. En tout cas, je ne brancherai aucune machine directement au Netgate à moins qu'elle ne soit seule et unique dans son propre réseau.

  Exemple : sur le switch administrable :

  port 8 : port trunk - lien avec le fw : untagged = rien / tagged = vlan 4+5 ports 1 à 3 : ports réseau vlan 4 : untagged = vlan 4 / tagged = rien ports 4 à 6 : ports réseau vlan 5 : untagged = vlan 5 / tagged = rien

  Je brancherai le NAS sur le port 4 (vlan 5).
  Je pourrais tester en connectant un PC sur le port 1 (de vlan 4 à vlan 5) ou le port 5 (en restant sur le vlan 5).
  Dans le premier cas, le flux doit passer de port 1 - port 8 - fw - port 8 - port 4.
  Dans le deuxième cas, le flux doit passer de port 5 - port 4.
  Nécessairement le premier cas induit un diminution de perf ...

• Official Netgate® Hardware

  Information about hardware available from Netgate

  1761
  Topics
  12955
  Posts

  L

  Hi,

  Long time pfsense user, new Netgate appliance owner.

  I bought a Netgate 1100 to do my home routing. Very small setup : 1 linux server, 1 desktop, 1 laptop, 1 wifi router in bridge mode, 3-4 IoT (lights), a ps4, a smart TV. Nothing crazy.

  I have been using an old PC with pfsense for years.

  Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
  4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
  8 gb of RAM
  1tb SSD

  With this PC as my router, I'm getting DL: 785.94 Mbit/s // UP 800.11 Mbit/s from speedtest-cli from my linux server. The rest of the post will only be about local network speed, I just wanted to give a context.

  After watching some review like Lawrence video (https://www.youtube.com/watch?v=_bM3XqK5JzE) and the Netgate marketing, I figured the 1100 hardware will be enough for my needs.

  Unfortunately, when I test locally with factory reseted box, I only get 400 Mbps from default install. I'm confused because Lawrence gets 700+ from same setup and he installed pfblocker (which I didn't).

  I duplicated tests from his video and from this post : https://forum.netgate.com/topic/140100/sg-1100-throughput-test/

  Same local setup I only replace a switch by the Netgate 1100 in default mode (NAT from LAN to WAN). Same 3 cables, same second switch.

  Legend :
  C1 = Cable 1
  S1 = Good quality gigabit switch 1

  Baseline : Windows laptop DHCP 10.0.0.78 <--C1--> <--S1--> <--C2--> <--S2--> <--C3--> <-- linux server 10.0.0.111 -->

  On laptop :

  iperf-3.1.3-win64> ./iperf3 -c 10.0.0.111 -p 6666 [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 1.08 GBytes 925 Mbits/sec sender [ 4] 0.00-10.00 sec 1.08 GBytes 925 Mbits/sec receiver iperf-3.1.3-win64> ./iperf3 -c 10.0.0.111 -p 6666 -R [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 1.08 GBytes 932 Mbits/sec 0 sender [ 4] 0.00-10.00 sec 1.08 GBytes 931 Mbits/sec receiver

  Test with Netgate :

  Laptop DHCP 192.168.1.100 <--C1--> <--Netgate 1100 LAN 192.168.1.1--> <--Netgate 1100 WAN 10.0.0.84--> <--C2--> <--S2--> <--C3--> Server 10.0.0.111

  Netgate : 22.05 factory reset
  Wizard : DNS : 1.1.1.1/8.8.8.8 + override DNS

  iperf-3.1.3-win64> ./iperf3 -c 10.0.0.111 -p 6666 [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 559 MBytes 469 Mbits/sec sender [ 4] 0.00-10.00 sec 559 MBytes 469 Mbits/sec receiver iperf-3.1.3-win64> ./iperf3 -c 10.0.0.111 -p 6666 -R [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 495 MBytes 415 Mbits/sec 0 sender [ 4] 0.00-10.00 sec 494 MBytes 414 Mbits/sec receiver

  Sometimes I will get 500 Mbits/sec in upload, but download is always low 400.

  I tried also installing iperf3 on the appliance to test either sides (Laptop to Appliance's LAN IP and also Appliance's WAN IP to linux server) and I still get around 400Mits/sec.

  I'm disappointed. I did my research before buying and I was expecting having around 700Mbps which covers my needs with my ISP internet speed.

  Anything I could try to bump up my download speed from 400 to 700 ? I'm hopeful and pessimistic at the same time, I saw others with more speed, but I'm quite confident in my testing skills and setup.

  Any help will be appreciated.

• Netgate Announcements

  Information about hardware available from Netgate

  19
  Topics
  84
  Posts

  

  @kitsunexor I'm sorry you're experiencing an issue with your 1100.

  It looks like we are working through it in support now.

  The cause won't be the same as what is discussed in this thread because there have been hardware changes to prevent that since. The symptoms may be the same of course.

  Either way that device is in warranty so if it is determined to be a hardware issue we can get it swapped out for you.

  Steve

• Off-Topic & Non-Support Discussion

  Feel free to talk about anything and everything here

  Forum Feedback

  Community Job Board
  3040
  Topics
  16626
  Posts

  R

  @stephenw10 I've not experienced any issue with LEDs (edit see PS)... and I used that device for about 6 rotations of bench test vs. live network test mules. hmmm. I do use the System/LED Configuation drop down to change the WAN connection to an amber, but otherwise leave it alone. That's only because the power LED does weaken but works substantially better as amber.

  Yes, after changing snapshots 4 or5 times, reloading LuCI got to be a pain - especially since I don't like putting unconfigured machines on the network. I'd been following the 22.03 development so when they put out rc4, I just switched over to 22.03. Fortunately those builds do come with LuCI pre-installed.

  I do take a config backup, reset to defaults, then update from a squashfs-factory image each time. Then all I have to reload are WPAD and the ip-bridge diagnostic.

  PS: on these 3200s the LEDs for the two radios seem much, MUCH more durable than the older 1900s and 1200s. The constant flicker of the 2 radio band LEDs weakened them to a point you could only see them in a pitch black room. I have a hand full of surface mount LEDs left from replacing mine on the older boxes. Let me know if you need a couple.