@pst I have tested the June15 25.07-RC and the same problems exist there. Certain limiter combinations just doesn't work in the 2025 releases of pfSense. @stephenw10 , is Netgate aware and actively working on resolving the current limiter issues, or do I need to raise yet another redmine?

Here's todays results from 25.07.r.20250715.1733:

test #1 LAN Limiters

Setup:

Limiters configured on LAN 100Mb/s DL 50Mb/s UL policy routing IPv4 only (IPv6 LAN rules disabled)

Preparation:

reset firewall state table

Results:

speedtest.net DL 96Mb/s UL 47Mb/s

Conclusions:

LAN speeds matches the configured LAN limiters (Success) test #2 LAN+WAN Limiters, policy routing

Setup:

Limiters configured on LAN 100Mb/s DL 50Mb/s UL policy routing IPv4 only (IPv6 LAN rules disabled) Limiter configured on WAN 200Mb/s DL 150Mb/s UL buffer-bloat floating rule on WAN (Netgate recepie)

Preparation:

reset firewall state table

Results:

speedtest.net DL 196Mb/s UL 145Mb/s

Conclusions:

LAN speeds matches the configured WAN limiters (Failure) test #3 LAN+WAN Limiters, default routing

Setup:

Limiters configured on LAN 100Mb/s DL 50Mb/s UL default routing IPv4 only, IPv6 LAN rules disabled Limiter configured on WAN 200Mb/s DL 150Mb/s UL buffer-bloat floating rule on WAN (Netgate recepie)

Preparation:

reset firewall state table

Results:

speedtest.net DL 193Mb/s UL 48Mb/s

Conclusions:

DL LAN speed matches the configured WAN DL limiter (Failure) UL LAN speed matches the configured LAN UL limiter (Success)

Hey, I just wanted to say thanks for the new PPPoE backend! I have a Netgate 1100 and was pretty disappointed at first: after switching from my ISP’s router to the SG-1100, my DL speed dropped from around 650-700 Mbps to 450-500 Mbps. I was seriously thinking about switching to third-party hardware and reselling the Netgate. But then I came across the if_pppoe option and decided to give it a try. My DL speed are now back to almost what they were originally, an incredible improvement. Really appreciate it!

@cybrnook

It looks if you are referring to the pimd engine version

854cb5be-fd74-43b0-848a-b83df5637c1b-image.png

Which is quite old, and as far as I know not working under FreeBSD. I have compiled the never released pimd-3.0.b1 version (using FreeBSD15 current).

@cmcdonald Appears to be back/fixed. Thanks.

You can set the size it rotates at and the number of files to retain in the log settings at Status > Logs > Settings. As long as you have the space you should be able to increase it.

@stephenw10 The Ultra Ethernet Consortium

@stephenw10 Aye that's right

Hi guys,
I create simple shell script reports for AbuseIPDB from filter.log file. Maybe it will be helpful to someone.
It was tested over a one-week period and works as expected.
Here is the link: ttps://github.com/whoami-0x44/abuseipdb-reporting-pfsense

Yes you can choose 2.8.0-beta from the installer menu.

Edit: Now 2.8.0-RC

Nope, none of those are a big concern. Some of that could be cleaned up but they are just ugly.

@w0w

Seems so or possibly an interaction with if_pppoe and something else within the new beta.

Regressing to 24.11 again and symptoms vanish. Reverting to the old backend on the beta seems fine too (albeit with the old pppoe issues).

I had to work back again and re-test as I had the test diff patch applied with the revised beta, which drew some doubts on my results for a while. Fat-fingering in a config error when testing is something I try to avoid but you have to admit your mistakes.

I'm waiting for the next beta drop really, to see if the changes also impact the issues I see. Opening up all the cores may just be peeling back something that was already latent and just masked by the old backend process.

I did do a couple of tests that suggests the upload fq_codel settings may need adjusting against a different workload for if_pppoe; but too early to be sure.

I'm also being nudged to try Kea again, as apparently it has matured a bit since its launch.

☕️

Hmm, it does seem kinda shady!

There's no FreeBSD port as far as I can see, though there is one for v2ray which this was forked from.

You are asking about adding it as a client to connect to the xrayvpn service only?

I'm not really seeing any advantages over existing VPN options TBH.

@matthijs

I had an issue with a static arp entry, but it was a wrong configuration on my side (an old wrong static arp entry/Mac address) The IP adres with this static ARP entry was in use by another host (with another MAC address) an that was an issue. I did not experience this in 2.7.2 So in fact 2.8.0 is behaving correctly

@jimp oh cool, it never even occurred to me that ppl would carry around a universal cert