@oscar.atkins: Hi all, As the title says, how do I know/find out whether my clients are using PFSense box (their gateway) as the NTP server? I have configured NTP on the PFSense box but I need to somehow find out if my clients are using it. For example, I have an Ubuntu client box, in which I see two options for date and time; Manual and From Internet. Since it has internet access, I assume it is getting date and time from the internet. I don't want that, I want them to use my PFSense as the time server and I don't know how to check. Could anyone please help? Thanks Run sudo ntpq -p on the ubuntu server. It may be using the ubuntu ntp servers. https://help.ubuntu.com/lts/serverguide/NTP.html

true not like they are expensive I own quite a few of them, just to play with here and there..  I picked up one just a few weeks ago for 88cents for first year.. Haven't done anything with it as yet.. But yes I agree domains can be cheap.. But never as cheap as free like local.lan ;)  And very descriptive to me, etc. etc.  Don't have to worry about anyone using it or grabbing a name I like and forcing me to use a different tld, etc.. But I doubt this OP has multiple pfsense boxes he is trying to manage ;)

if pfsense able to sleep/suspend (S3 level) when there is no network activity, for a period of time ? And what is when pfSense is the only routing and DHCP device inside of the entire LAN? Who is routing then? And what is with IDS/IPS on a DMZ or LAN or WAN Port? A network will never really sleep! i am aware that wake-up would have to be manually done Why would a firewall have to sleep? It is my WAN / DMZ / LAN device that should be even online and reachable.

So I decided to test some other setups. I've decided to add a quad NIC to the server and allocate a physical NIC to each "VLAN" then just change the PVID for each port according to the VLAN ID required for the virtual NIC in pfSense. I'm keen to hear from someone that has had VLAN tagged passed through HyperV vNICs however. My HyperV trunk matched a whole lot of documentation I've read, but still go go; I've probably missed something.

If there a better way of doing this? Not that I can think of.  If you want to resolve your local clients to some bogus domain then you will have to add an entry for every client.  How many boxes are you talking about here?  What is it that you're really doing or trying to test?  You mentioned a web server.  Are you trying to test multi-domain hosting or something, or reverse proxying?

What do you mean?  What are you looking at?

Your question would be better off in the Hardware forum since it's pretty much all about custom builds. There are many options.  It really depends what what you need to do, and how much you have to spend.  Have you checked out the Netgate store for official pfSense hardware?  The SG-3100 seems to be quite popular rigth now.  Whatever you get, make sure it has an x64 CPU with AES-NI support or you will be orphaned at pfSense 2.4.

What vpn methodology are you using?  OpenVPN, L2TP, or IPsec? The configuration will vary depending on which of these you use.

@JKnott: I'd expect you'd have trouble finding a computer that could keep up with 100 Gb.  High bandwidth network gear generally uses a lot of custom hardware to handle the processing. PCI Express lanes are the real problem requiring X16, we have found a motherboard/cpu combo that has no problem pushing 100gbps.  SuperMicro X10SRi-F Motherboard with a Intel Xeon E5-1630v3 is capable of doing so.  So don't be afraid to try different things, this is the current configuration for our 100G test nodes.  We currently have Mellanox, Broadcomm, and QLogic NICs in the field.  Though the Mellanox has proven to be the more stable card at the moment (bleeding edge can be interesting at times). @ivor: Current pfSense architecture will be the biggest limitation in achieving such speeds. We have demoed next gen "3.0" which is capable of doing 40Gbps IPsec, so far. We intend to demonstrate 100Gbps IPsec in the following months. Here's the talk on it by our Jim Thompson https://twitter.com/NetgateUSA/status/923994053015982080 Thank you, I'll give that a look.  We are jumping from 10g to 100g and skipping 40g (probably)

Are you certain it's that mouse and not a virtual connection from the virtual console (does that have a DRAC?)

You will get more knowledgeable eyeballs looking at your post if you post your question to the Traffic Shaping forum.

Create your pfSense instance with WAN NIC being bridged to LAN and LAN NIC being internal intnet1. For your Ubuntu client, make his NIC internal intnet1 For your Kali client, make his NIC bridged to your LAN. If you want to play with a DMZ, create another NIC on pfSense, internal intnet2 and another client also on intnet2. Looking at your IP assignments, you can't have your WAN and LAN on the same network which they currently are.  That will never work.  Your WAN is going to be bridged to LAN so he should have an IP address in the same network as your real LAN. Make your life easier and use clearly different subnets, like 192.168.1.0/24 for WAN and 10.0.0.0/24 for LAN. Like this: [image: vbox-pfsense.png] [image: vbox-pfsense.png_thumb]

Yes, PFSense is aware of the issue. Bug #7928

Looks to me like the router is detecting an outage and attempting to restart services to bring it backup.  Since dpinger is showing the latency I wouldn't suspect it to be one of the other services unless you are pegged at 100% utilization on the box (which you aren't).  +1 for piBa's suggestion to check the quality graphs.  I suspect you'll see latency and packet loss in there.  See if they correlate to anything in the traffic graphs.  In certain instances maxing out your upload can cause it as well if the gateway is too busy processing packets to respond to an arp command from the router.  I would suspect the cpu spikes are an effect of the outage and not the cause.  The graphs and logs will point to which is which.

Guys, Please see my post here to disable vlan1.  It is on page#5 https://forum.pfsense.org/index.php?topic=123324.msg763557#msg763557

Intel CPU's don't start self-throttling until 100c and don't shutdown until 110c. I had a GPU that run at 105c-108c while gaming, I played about 6-12 hours of games per day, and I gave that card to my brother after using it for 6 years. There are really only two things you want to keep cool in your computer. Your HDs and your memory. That being said, below 50c is pretty much safe for anything and above 70c typically means something is wrong with the cooling. If you can touch the component without burning yourself, it's fine.