@stephenw10 Got it thanks ...

I've been using airVPN for years and would recommend it, fast and stable.

Thanks all, this has been very helpful!

Ah OK.

Upgrading to 2.4.4p2 has resolved my problem.

Do what the logs files says. edit : IE : goto console mode, option 8 and enter unbound-checkconf

Not many steps here. If it were me I would: Remove the any allow all rule on the interface for the subnet in question. Add a rule to allow DNS to the interface IP. Create an alias containing the IP addresses of the sites you want to allow. Add a rule to pass traffic from the subnet to that alias for TCP. If you really wanted to restrict further use a ports alias to allow only ports 80 and 443 as the destination too. BUT... that will only work well for sites that resolve to a single IP address or only if you have all the resolvable IPs in the alias. So it will not work for Facebook, Youtube etc. Or at least not well. Steve

He doesn't want to hear the facts nor listen to the guidance we are trying to put forward. He does not want an answer to a complex question. He wants an answer to a simple question. The answer to the latter is: https and 443.

I just read that it actually needs MSS Clamping to be 1350 or MTU at 1400 and misread the line in the pfSense as being MTU and not MSS. I just realized my mistake it's been a long three days in troubleshooting this. I just stopped and started the IPSec service on the Azure appliance after making that change and it worked the first few tries (this has happened a few times). I'll go ahead and continue testing to see if the results stick.

@mattzap said in Help with troubleshooting low interface throughput: Ah-ha! Yes, I do have AT&T. Here's the relevant threads I just found: https://forum.netgate.com/topic/138604/sudden-drop-in-throughput-900-900-on-modem-vs-30-100-on-pfsense/14 https://forum.netgate.com/topic/112691/wan-throughput-capping-at-500mbps-att-gigapower/3 https://forums.att.com/t5/AT-T-Fiber-Equipment/DMZPlus-mode-in-my-Pace-5268AC-causing-browsing-to-not-work-but/td-p/5712305 I haven't read through all of this yet, but it all starts out matching my situation exactly. I'll report back when I get a chance to get up to speed on this and see if it turns out to be my issue. Thanks! Yep, those are some of the relevant threads. I think the user found a solution on the AT&T forums.

Yes, if anywhere it would be using Snort or Suricata with custom rules files. Better to ask in the IDS/IPS section for help with that. Steve

Great. Thanks for the update. Steve

Gotcha! Thank you guys!

even after configuring the mini-box with the basic's the minnowboard to me is still the better buy . since you have a switch already the extra ports on the minobox will be a waste.. my minnowboard has proven stable no way i personally would buy a knock off

UPDATE: I have made a factory reset on the XG7100, created a VPN tunnel and now Rsync works without any issues.. So that points to something in my configuration.. I will try restore a backup I made before the reset and see how that goes.. I might otherwise have to do a step by step reconfiguration and see if I can find the issue

I also curious as to why you need 3 virtualized instances of PFsense.

I have moved this post to my correct original account https://forum.netgate.com/topic/139236/which-hardware-for-pfsense-should-i-choose-continued. Please do not post here.

@derelict I say that's a constant regardless of what you do :)

@stephenw10 said in Packet Capture Causes GUI Error?: I created a bug to track it: https://redmine.pfsense.org/issues/9239 Thanks for doing that-Great job of writing up! (Not sure if its worth suggesting, but another possible solution might be to cut the output at some predefined number rather than none. Might also be easier to code as it wouldn't be necessary to create a "None" option. If you think the idea has merit please add to you report.) Thanks again for creating the report!

@ssbarnea said in Where to put shell commands to run at login?: I am not willing to ruin the uptime of the router by rebooting it for that, even if is my home-office one. There is nothing to be proud about a high uptime. A high uptime only showcases that you're late with updates.