"General best practice is to leave the native VLAN on a trunk port unused" It is best design practice not to leave native vlan 1 on your trunk ports, even when you have changed all other ports to other than vlan 1, and sure not to use vlan 1 as your managment vlan. But I have never heard anything wrong with use of a different native vlan. Where is that stated as best practice not to use native vlans?  That sure is not cisco gospel.. Maybe that is the gospel according to cmb ;) hehehe As a way of graphing traffic so all your traffic is in a specific tagged vlan vs the native vlan that would show all traffic going over that interface even tagged ok very clever solution to the graphing oddity, but I wouldn't agree that its best practice to only use tags.. I can think of one example where its going to cause you a problem not using native, the unifi accesspoints do not allow you to set vlan tag on their management IP.  They have to be untagged, ie native.  Sure doesn't have to be vlan 1, but they do not allow you set tag for the IP of the AP.. This might be considered a design flaw, and it should be an option to set tag on this - maybe in the future but currently if your not using native vlan here you would have issues.  Quite sure there are other such devices, but off the top of my head that was the first one that came to mind.  That would require trunk and tagged traffic to the device, but also untagged traffic.

Use weights of 2 and 6 instead of 1:3, see this note you might have missed: https://doc.pfsense.org/index.php/Upgrade_Guide#Multi-WAN_Weighted_Load_Balancing

Up? I'm attaching my configuration. With this nothing is working. [image: pic.jpg] [image: pic.jpg_thumb]

It's open source. What you're looking at there is their Access Server product, which isn't free nor open source. It's an alternative to the server-side component that's in pfSense. The only client you need is free and open source. https://openvpn.net/index.php/open-source.html

Solution: Disabled offload checksum on transmission for the virtual interface in Xen (LAN interface). Up/Down speeds are both as expected.

Thank you very much, you saved my day  ;D

Brandur  thanks You so much! Traffic Totals and Gateways Monitoring is exactly this what I need :)!

Most probably, this is a firewall rule issue. As soon as I disabled the firewall rule pertinent to ovpn, the speed tripled. Any ideas?

Probably zero to do with your increased RAM.

The Zhone router has way too many options for a hobbiest home user. Count your blessings  ;) Many ISP's limit the control of attached modem/routers to the point they're barely usable unless you want "Their Standard Configurations". Glad you got it working.

disregard this my destination wasnt set right now its working flawlesssly  sorry if i took up anyones time thanks

that happened to me before too.. enabled DHCP, boom internet working.  Glad you got it resolved.

Yeah that'd probably be one of the chipsets that won't disable autonegotiation. Verify your switch ports are all set to autonegotiate, and that your cables are CAT-5e or better and aren't bad.

I have spent quite some time lurking around here pretty well doing the same. While there is no magic bullet, the goal for me has been to have high security with low maintenance. I have quite a complex home network (to help emulate a corporate network for testing but also for security) and I am always looking to find ways to help secure it better. I have found this thread to be a pretty good starting point with some good security info; https://forum.pfsense.org/index.php?topic=78062.0 There is also some pretty good info in the wiki such as this one for forcing your (or something like OpenDNS) DNS servers; https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense Hope some of this helps and I hope some people smarter than us chime in too! pfSense is a great platform that is improving all the time.

Learn something new every day, thanks cmb..

I posted there, and Adrian Chadd wants kgdb, but he thinks(!) it's fixed in head…. I cc'd you (Chris) on my reply.

@firefox: so how this details Were blocked ? They are part of the HTTP GET browser call (Yep, it's your browser who tells the web server who / what / where / …. so using a less noisy browser will help here) Squid probably dives into the IP packets and removes them on the fly ...

I had a quick look at my Synology. This option related to the router seem to be some sort of the tool that would help you to reconfigure your home router by adding relevant firewall rules. It is only supported by some routers as per Synology Knowledge Base: https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_routerconf It require additional setup and UPnP is involved. So this option may not be something you need to use…