Lightsquid generates reports based on squid's access.log. It's a package.  Install it.

Thank you very much. It showed that the mongod was hanging. It’s part of the UniFi controller running on my pfSense as well. Until now there was no problem with that. Now ipsec is running but no IPv6 traffic. Any further advice?

You're using limiters, not actual interface shaping. I have no experience with limiters, but a common issue is the IP mask used. You may be creating a limiter PER CONNECTION. If you want to shape the entire interface, use shaping, not limiters.

I haven't seen that one before, but it would appear at a glance to be crashing in handling of SCTP on IPv6. Are you actually using anything like that or allowing it through the firewall?

Controlling outgoing traffic with just firewall rules is really hard because of the multitude of TCP/UDP ports used for different applications and many of them are not officially allocated. The worst are filesharing applications such as BitTorrent that can use almost any port imaginable. You're much better off using a proxy with whitelist/blacklist techniques if you want to control outbound.

Thank you for your help.

For a new user I would recommend keeping it simple and organizing your rules per interface.  Leave the floating rules for traffic shaping.

@heper: You can set a timeout for a single firewall rule (advanced section when editing) Thnx i found it, dint know that option was there, the limit is 3600 seconds.

that is a link to the iso, its have been gzipped, just un gzip is.. And then you have the iso file. http://www.gzip.org/

hey thank you for your reply, very interesting, I am now consistently seeing my line speed again 900mbps with a clean signal graph on the speedtest, I have attatched the top output now when at around 870mbps let me know if you think there is something that looks wrong still thank you so much for assisting me XD [image: topoutput.jpg] [image: topoutput.jpg_thumb]

It's possible your performance has actually improved. Bufferbloated networks have this peculiar characteristic that sometimes being faster makes you slower. If your ISP or drop box service has suddenly increased in performance, you may be pushing up against your max bandwidth, which can trigger many issues with bufferbloat, like high pings times and packetloss. Like kpa mentioned, give traffic shaping a try. Even something as simple as enabling Codel and setting your upload bandwidth may be enough. Very easy. It may be something else, but give the easy fixes a chance.

"even a full duplex link can handle this easily." Still bad design plan and simple… No hairpin is not a "NAT" term.. Yes you can hairpin with NAT, ie NAT "reflection".  The term hairpin means in and out same interface.. And it should be avoided if possible.  When you have multiple vlans on the same physical interface and vlan A talks to vlan B this is a hairpin, and not best for performance.  If possible if you have vlans that send a lot of traffic to each other, these vlans should be on different physical interfaces at the device making the routing decision. You say your windows machine is fast, the way you drew it - looks to be coming in different path than the interface you have your vti on?  Is that the case?  Again you state this is hosted on VM, what interface in vm are physical in the drawing what are virtual? This is esxi, where is your vmkern?  Same interface?

Did you get this working in all situations? What happens when the network connection fails? Does the WAN interface go down or does pfSense still think it's connected? Does it reconnect automatically or must you send the AT commands again? If so, have you automated the reconnection? It is also possible to enable legacy PPP mode for this model: http://blog.asiantuntijakaveri.fi/2015/07/convert-huawei-e3372h-153-from.html

Thanks Jorge!