The Cache/Proxy forum is the place for this question.

See this message and those above it in the thread: https://forum.pfsense.org/index.php?topic=119511.msg662743#msg662743 Package server issues should be resolved now.

There is no Tor package for pfSense Yes, lots of people have connected pfSense to various VPNs, including those based on OpenVPN and IPSec. This forum is for general discussion.  If you have pfSense-specific operational questions or support questions, you might be better served by posting your questions in the English Support - General Questions forum.  If your question is about specific pfSense functionality, there are a number of forums dedicated to that specific function such as Firewall, NAT, Traffic Shaping, VPN etc.

Sounds like a plan. dd-wrt gui only supports port-based vlans. Let me chew on this and see if I can get her done.

To give a general explanation of this. TCP defines a window as how many segments are in-flight Most TCP algorithms use packet loss as an indicator to back off Buffer bloat means hundreds of milliseconds of data can be buffered and trickled in to you Now imagine this. Your bloated buffers can hold 500KiB of data. Netflix wants to send you an average of 5Mb/s in 250KiB chunks while reusing TCP connections. If Netflix sends you 250KiB of data at 10Gb/s, while you can't receive it that fast, you cable/DSL modem's buffer holds all of the data. Since no packets are dropped, Netflix never knows to back off. Since all of the data fits within the TCP window, and the bloated buffer can hold the entire window, you will get line-rate bursts. This is why bufferbloat is bad. I had a variation of this. My ISP has an elastic buffer that allows bursts through. Instead of the buffer soaking the burst and slowly trickling it through, it let the burst pass, then started to clamp down. This meant my computer will receive the data at full 1Gb/s even though, at the time, I had a 100Mb connection. My computer would ACK all of the data, making the send think I actually have a 1Gb connection. As they continued to send 1Gb/s at me, my ISP's shaping algorithm would start to restrict the bandwidth and started to drop packets. This would cause a burst of packet-loss at the start of any heavy low-latency TCP connection. I actually fixed this by having PFSense shape my downloads. Instead of just telling the 1Gb burst through, PFSense would buffer it and start dropping some packets prior to my ISP doing so. This did two things. 1) It delayed the packets 2) It dropped fewer packets early on before the sender ramped up to full speed.

https://forum.pfsense.org/index.php?topic=78480.msg428354#msg428354

I can't believe it was release on github. Was the no cvs server available to use?

Yes, I would love that to. Especially how to use max upload/download bandwith limits per user. Did you find a working solutions?

Overall, Chrony is actually quite nice. Shame about the license.

@Harvy66: Just a quick fix, just enabled Codel shaping on your WAN and LAN interfaces and set your bandwidth to 90% of your actual bandwidth. +1

Hey john, you make me laugh :) I have been there this weekend and what I could find was not the best :/ situation: WAN -> WAN OPT1 -> (direct line)PoE switch -> several ProCurve M5M310 AP and Linksys (was installed years ago by a company) (IP 192.168.2.xxx) LAN -> simple (dumb) switch, from here it goes 4 ways: (IP 192.168.0.xxx) 1: phone box (currently disabled) 2: to reception -> dumb switch -> computers, printers. 3: to office -> dumb switch -> printers, computers 4: camera the ISP is even more horrible then i thought, they got a DSL line that has a maximum of 28Mbps and if we are lucky we get 6Mbps at night. I have told them to change this ASAP this month, and going to change this to a 125Mbps line to start with.

[image: 20160923_092048_1.jpg]

I myself prefer meritocratic forums. Not a huge fan of democratic, everyone's opinion matters, everyone gets a trophy forums. But I do frequent support forums where the target audience are the general public and need help.

Hi, i like your captive portal design, I am setting up one for elementary school I was wondering if you are will to share the code. thank you!

This forum is for General Discussion.  if you need technical support, try the Support forums, specifically the Cache/Proxy forum.

Don't rule out that the gateway itself just doesn't like responding to pings. While highly correlated, some hardware accelerated devices can forward packets fine, but actually responding to pings requires the severely limited host CPU to do work.