I'd love a solution to this - see it constantly on my lab SG-3100 - have even pruned it back in terms of packages and still does it :( Same scenario - usually I can SSH in and restart PHP-FPM but other times i have to hard reboot the device. Not the result i was hoping for testing an SG3100 for use at clients :/

So it was traffic shaping after all. What looked like defaults to me must have been the wizard’s work from ages ago when I was trying to do QoS for one specific machine. Thanks for your responses!

@DGCupit One thing I did years ago, when I had an intermittent problem with my ISP is I wrote a script that would periodically ping my ISP's gateway and log failures. You could have it restart DHCP instead. Here's my script: #! /bin/sh while [ 1 ] do ping <address> -4 -c 1 || date >> ~/log;sleep 50 done

Yup, that^. Just use two interfaces in pfSense and that will be the default behaviour. Otherwise reply-to uses the gateway defined on the interface. Steve

OK I think I found the way. For all the time I spent trying to figure it out, it's embarrasingly simple, but I took longer because I did not understand that: it needs powershell 7 (or maybe 6+, but I didn't test that) it needs to NOT run in ISE. Running in ISE screws up the type used for the file in the final hash table, even if you try to run PS 7 with enter-pssession. You've been warned! :-) Anyway, this sample code worked for me - hope it helps someone else: $Timeout = 15 $restorearea='aliases' $conffile='c:\path\aliasestest.xml' $CsrfToken = $null; $PW = 'pfsense' $Uri = 'https://192.168.1.1' $LoginPage = Invoke-WebRequest -TimeoutSec $Timeout -Uri $Uri -SessionVariable Session $CsrfToken = $LoginPage.InputFields.FindByName('__csrf_magic').Value $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList 'admin', (ConvertTo-SecureString -AsPlainText -Force ($PW)) $Creds = @{ __csrf_magic=$CsrfToken; usernamefld=$Credential.GetNetworkCredential().UserName; passwordfld=$Credential.GetNetworkCredential().Password; login='Login' } # Login to web portal $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri $uri -Method Post -Body $Creds $CsrfToken = $Result.InputFields.FindByName('__csrf_magic').Value # Get backup pagethat $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri "$uri/diag_backup.php" $CsrfToken = $Result.InputFields.FindByName('__csrf_magic').Value $RestoreArguments = @{ __csrf_magic=$CsrfToken donotbackuprrd='yes' encrypt_password='' conffile=get-item -path $conffile decrypt_password='' restorearea=$RestoreArea backuparea='' restore='Restore Configuration' } $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri "$uri/diag_backup.php" -Method 'POST' -form $RestoreArguments

@AKEGEC Thanks for the suggestion. I tried a managed switch but still saw the same issues. I think I must of somehow run the poe into the Pfsense box.

@Rico Thank you

@Rico @bingo600 In other words, if it is on "bytes", the max I get is 2mb/s if you mouse over the live graph. If I change to "Bits", the max I get is 16mb/s. But it should be 2MB/s for the bytes...right? The "b" isn't changing.

These should get you started https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html https://www.slideshare.net/NetgateUSA/radius-and-ldap-on-pfsense-24-pfsense-hangout-february-2018

@OverrRyde said in Gigabit speed help: @Cool_Corona what's limiting? The onboard nic? Cpu? Thanks CPU

[image: 1603962208316-screenshot-from-2020-10-29-12-03-16.png] WARNING: If the remote server requires both a username and a password, but only one is filled in, the system will hang on reboot prompting for OpenVPN Client credentials unless Authentication Retry is checked.

I‘m not quite sure. I made the entry and the system didn‘t hang at this point anymore. I have removed the entry after afterwards and the system is running properly. I have consulted my programmer about this, he assumes that this debug mode might have caused the file to be recompiled. Can this be the solution?

@jeff3820 said in Pfsense package recommendation for internet connectivity, lost packet %, and internet latency: It would also be great if I could receive an email if connectivity, lost packets, or packet loss exceeded a user set threshold. If the connection is lost, no mail could be sent from pfSense. You should monitor your connection from the outside and have your WAN interface reply to ping requests from this outside IP.

Yes, I'm running the dev package as I've read it's better overall maintained. That's the info I wanted Steve. Thank you so much once again. I really appreciate all your help! :)

As I said in PM you will need to define exactly what you are trying to do here. 'implement TLS' means nothing. I would guess you mean some sort of VPN tunnel? Steve

Here is a link to the source code for the latest version of Intel driver for what appears to be your card: https://downloadcenter.intel.com/download/15815/Intel-Network-Adapter-Driver-for-82575-6-and-82580-Based-Gigabit-Network-Connections-under-FreeBSD-?product=46827. This is only the C source code. To use this driver, you would need to create your own separate FreeBSD-11 virtual machine with the proper developer tools installed (compiler and linker) and then compile the source code into the binary driver module. Then copy that module over to your pfSense box and load it. That may be more effort than you wish to expend, though. The one thing I've noticed over the years with FreeBSD is that the support of newer hardware seems to lag behind Linux. The drivers within FreeBSD-11 and earlier are maintained by a team of Intel folks who then submit the updates to FreeBSD. For FreeBSD-12 and later, as I mentioned in a previous post, FreeBSD has moved to a new wrapper API called iflib. That move has muddied the waters a bit in terms of NIC driver development and support as now the FreeBSD team has the iflib API part while hardware manufacturers write the pieces that need to directly manipulate widgets on their particular NIC. It might be worth trying pfSense-2.5 DEVEL since it is based on FreeBSD-12.2/STABLE and will contain newer NIC driver versions.

You are right. I configure the bandwidth and then working. Thanks.

@kiokoman Thanks for the review of the logs, I have made some changes to the VM, I am hoping that it resolves the issue!