It's open source. What you're looking at there is their Access Server product, which isn't free nor open source. It's an alternative to the server-side component that's in pfSense. The only client you need is free and open source. https://openvpn.net/index.php/open-source.html

Solution: Disabled offload checksum on transmission for the virtual interface in Xen (LAN interface). Up/Down speeds are both as expected.

Thank you very much, you saved my day  ;D

Brandur  thanks You so much! Traffic Totals and Gateways Monitoring is exactly this what I need :)!

Most probably, this is a firewall rule issue. As soon as I disabled the firewall rule pertinent to ovpn, the speed tripled. Any ideas?

Probably zero to do with your increased RAM.

The Zhone router has way too many options for a hobbiest home user. Count your blessings  ;) Many ISP's limit the control of attached modem/routers to the point they're barely usable unless you want "Their Standard Configurations". Glad you got it working.

disregard this my destination wasnt set right now its working flawlesssly  sorry if i took up anyones time thanks

that happened to me before too.. enabled DHCP, boom internet working.  Glad you got it resolved.

Yeah that'd probably be one of the chipsets that won't disable autonegotiation. Verify your switch ports are all set to autonegotiate, and that your cables are CAT-5e or better and aren't bad.

I have spent quite some time lurking around here pretty well doing the same. While there is no magic bullet, the goal for me has been to have high security with low maintenance. I have quite a complex home network (to help emulate a corporate network for testing but also for security) and I am always looking to find ways to help secure it better. I have found this thread to be a pretty good starting point with some good security info; https://forum.pfsense.org/index.php?topic=78062.0 There is also some pretty good info in the wiki such as this one for forcing your (or something like OpenDNS) DNS servers; https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense Hope some of this helps and I hope some people smarter than us chime in too! pfSense is a great platform that is improving all the time.

Learn something new every day, thanks cmb..

I posted there, and Adrian Chadd wants kgdb, but he thinks(!) it's fixed in head…. I cc'd you (Chris) on my reply.

@firefox: so how this details Were blocked ? They are part of the HTTP GET browser call (Yep, it's your browser who tells the web server who / what / where / …. so using a less noisy browser will help here) Squid probably dives into the IP packets and removes them on the fly ...

I had a quick look at my Synology. This option related to the router seem to be some sort of the tool that would help you to reconfigure your home router by adding relevant firewall rules. It is only supported by some routers as per Synology Knowledge Base: https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_routerconf It require additional setup and UPnP is involved. So this option may not be something you need to use…

@johnpoz: if you have questions post up your rules and we can go over them. Thank you so much John, Our first Pfsense Firewall Hardware is up and running.

"Destination > any  >" Well that is wrong..  Dest would be your wan address. so you read the troubleshooting doc..  And did you follow it or just read it.  First thing to do is make sure the traffic is actually getting to pfsense wan.  Pfsense can not forward something it does not ever see. How are you testing this?  You need to make sure your coming from outside pfsense..  Your not trying to hit your pfsense wan IP from inside pfsense are you - that would be nat reflection and can be problematic and should really just be avoided.  There is never really a valid scenario that it makes sense. this really is clickity clickity..  Create your foward and your done.  If something is not working you either did it wrong or the traffic is not even getting to pfsense.  You also need to check your firewall on the box listening on 443.  maybe pfsense sends it through and that firewall blocks it?  You sure the box is even listening on 443?  Can you access it from a host on your lan directly? The troubleshooting guide covers pretty much every scenario that could be a problem. Its possible your isp blocks 443 and or you have a nat in front of pfsense that you did not forward 443 to your pfsense wan IP, etc. etc..

well quick test to make sure its pfsense or not, unplug pfsense lan from your network ;)  Does it still get answered?  If your showing an answer from that mac, then it would be in your clients arp table if on the same layer 2. But pfsense might be sending it out its wan, and something upstream could be answering.  If that is the case then yeah you would show mac of pfsense lan as the answering mac.. That would be my guess to what is happening. perfect example of this is me pinging my cable modem management IP ping 192.168.100.1 Pinging 192.168.100.1 with 32 bytes of data: Reply from 192.168.100.1: bytes=32 time=26ms TTL=63 Reply from 192.168.100.1: bytes=32 time=1ms TTL=63 Reply from 192.168.100.1: bytes=32 time<1ms TTL=63 Reply from 192.168.100.1: bytes=32 time=1ms TTL=63 my pfsense wan is public..  But I can still access my cable modem via that rfc1918 address since pfsense wan is directly connected to it.  If something on your wan answering - sniff on pfsense wan and find the mac that is answering.  It might be showing your gateway on your that network, but then you would know its something else upstream.

Generally, yeah, it's best to not loop traffic through the firewall where it's not strictly necessary to do so.