@ldl said in Newbie questions:

@Gblenn Replacing my asus router with something newer, as the Asus one is outdated (the main reason), sure still works but yeah.

Another reason as to why I want to replace it, is that if I'm going to use my own router, then other people in my house will obviously be on the same line, so I want to accommodate them as well, because currently, they're not on my router as that's in another room, they're on the ISP router,

I get that the it's outdated, and of course you should try to do 2.5G on the WAN. That all makes sense, but you should only have one router in use.
And it seems to me like you are using your routers as a way to connect peoples devices so they can get out on the internet. But that's what switches are for, and they are way cheaper per port.

I will be considering upgrading the NICs and switches in the future however if I feel the need for more than 1Gb

What's the cost of these routers you are looking at?
I'm guessing you could get a 2.5Gbit dual NIC card (to upgrade pfsense with) plus one or two managed Netgear or TPLink switches for the same price.

And if you want to segment your network to separate users from each other, use VLANs. You have your Cisco switch, and if you add more VLAN capable switches you have full control. And your dumb Netgear can still be used for extra ports towards users or devices that all belong to the same VLAN.

But you do all of this having pfsense as your one and only router, connected to the ISP ONT. And you can still use the Asus and even the old ISP router as wifi AP's. But then they are no longer routers they are just semi smart switches with wifi.

Either can work though if you want to address buffer bloat specifically I would use Limiters as shown here:
https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

I doubt this is a config issue. However if you back it up you easily restore it so testing a default config would at least rule that out.

@Autourdupc No he means like some sort of tunnel, or something like PPPoE

Also keep in mind speed test is only showing you from and to your specific client and their servers.. while the interfaces on pfsense are going to show all traffic.. If your network is quiet while testing there shouldn't be much difference.. But its never going to be exactly the same - for starters on the wan there always going to be some noise level.. And same with lan you could have other traffic that doesn't even go out the wan or it might.

Also they are presenting you with 1 number, which is not the case with pfsense showing you a graph.. that data flow rate is going to fluctuate - they present just 1 number, which is never the case.. It doesn't jump to 100, and stay exactly at 100 for 30 seconds.

Also the graph on pfsense is going to do smoothing of what it presents of some different degrees..

I really wouldn't worry about it as long as your in the same ball park number.. But yeah you have to look at the numbers either both bits or both bytes and or do the math conversion in your head.. Because there is a 8X difference between B and b..

I can't believe I missed the config revision in the table! Doh! Thank you both that answered my question!

@elvisimprsntr said in sh script to create bootable USB-drive with LATEST OFFICIAL REL of pfSense CE:

@Sergei_Shablovsky said in sh script to create bootable USB-drive with LATEST OFFICIAL REL of pfSense CE:

Why you use pinging the remote host instead of checking if certain remote path exist (or checking the success of this remote path creating)?

I have two pfSense sites on a Tailscale MESH VPN, one behind double NAT.
I use the same script to backup the remote site to my local NAS.

I have decision that procedure of correct and flawless backup/restore pfSense configuration still are so called “headpain point” for most of all pfSense users

And even provided “rollback to last good configuration by using ZFS snapshots feature” - not so help with this: this ZFS-rollback” really good in the middle of working system, but not good if you need quick restore after hardware failure when needed to setup fresh on bare metal another server.

Several times I see how after disc crash in Netgate Appliance and replace disc on same Appliance, procedure of “complete restore from last good ACB configuration from remote Netgate servers” not flawless: sometime some packages not installed for unknown reasons, and hw rebooting between some packages still needed…

Sad bud true…

Sometimes it take a few pings before the NAS is reachable via Tailscale.

Why You not using FreeBSD famous net/rclone, backup/zapzend, backup/zfs_autobackup, backup/sanoid and syncoid?

Each of this solution give You more flexibility, because You not only need to backup one pfSense config.xml, but may be a bunch of other scripts and edited BSD system files with custom settings.

@SteveITS this is great. It looks like my system is online now and I can login.

Thank you!

@nadvig23
Just to let you know that everything it's functional. The link that you gave me was exactly i need it to do :
https://ratil.life/pfsense-with-centurylink-1gb-fiber/

Thanks!

Dear @JKnott , read the conversation again... Specifically:

@NightlyShark said in How much of a security concern is virtuallization:

@starcodesystems Hahaha, if only it was possible to hack a bank from home and have your mac be a concern these days... I miss those days, early 2000. 2002, when I got my first PC.

@demux
Not built-in to pfSense, but this script works. You will need to edit the config manually for the temp for which you want a warning. It polls the system at 5 minute intervals, mails on warning, mails again on warning cleared. All credit to @luckman212 .
https://github.com/luckman212/pfsense-temp-alert

@stephenw10 Thank you

@johnpoz said in Need help printing from one network to another:

https://pulsedive.com/premium?key=API_KEY&types=ip

Thanks for looking. I am not using Pulsedive, but have been digging around also to see what I can find.

Connections from the firewall itself should not need NAT. But it would be loaded by that point anyway.

Yup you can password protect the console with that option.

However if some bad actor has physical access to your firewall they could do whatever they want anyway.

Steve

I don't know about pihole specifically by adguard does much the same thing and is in the OpenWRT software repo.

https://redmine.pfsense.org/issues/15355

Has been created for this.
Thanks