Mmm, either uncheck 'DNS Server Override' and set 'DNS Resolution Behavior' to Use remote. Or set a domain override for penguinpages.local in Unbound to use the AD server. Steve

@luckman212 Ok, thank you for responding. I am now on 2.5.2 and happy for now, I will try this in due time.

Good result. As an alternative you can just tune the monitoring settings to better match your line. Some WANs have far higher latency under load. You might also try an FQ_CODEL setup instead of HFSC. Steve

@penguinpages On the Export page Use : Other , instead of interface IP [image: 1652539001735-8730e35b-5102-4431-a4d7-f0e2ab1a3456-image.png]

@stephenw10 After replacing the SSD I have not seen any errors after 4 days of uptime, even with ntopng running, so problem was indeed the bad SSD. Thank you so much for your help in troubleshooting my issue!

@stephenw10 Just wanted to respond with close on this issue. DNS and setup of pfBlockerNG-devel plugin helped solve and the youtube videos on it also were help in learning more tuning. AD Auth. Issue was first that I did not have groups named and decriptions matching in AD... which created a bit of rabbit hole.. Then when I just took time to recreate Auth type with AD recommended template, it worked. Thing to know is if you don't get groups respond on query, and can add/ change user group membership and see auth test track those changes.. STOP.. fix AD.. then move on to other things. Good Return Example: AD group membership matches [image: 1652535028805-9eeadbd7-30c2-4337-9634-47dc01004e60-image.png] Thanks for help and responses to this posting. As I learn more , hopefully I can help others

@stephenw10 thank you, this is reassuring to hear. Indeed an odd claim considering pfSense is already FreeBSD 12.3 based. I haven’t seen any such issues with pfSense, but I spent hours trying to diagnose the IPv6 dropping issue with opnsense before. I really wouldn’t want it to come to pfSense at some point.

@stephenw10 Did upgrade the driver. As far as I can see, no additionnal error. I shall let you know if it is definitely stable. Thank you again for your help.

@stephenw10 thank you I try...

@stephenw10 ahhh you got it, I need to setup vlans in proxmox & pfsense... Been stuck on this for days, Thank you. You saved my home lab!

@johnpoz My bad, I reinstalled pfSense.

I reflashed the device and now it works fine. No more timeouts/delays and no more weird networking issues we were battling with in another thread.

@nd-t I would have never thought to run pfsense in AWS. How are your clients connecting to the internet to get to their pfsense instance?

They are base64 encoded and stored in the config file. So backing up the config includes that. See: https://docs.netgate.com/pfsense/en/latest/captiveportal/file-manager.html#managing-files Steve

Speeds that low look like a link speed/duplex mismatch somewhere if you have removed the shaping. So look for something failing at layer1.

So the P2 will effectively end up being (in my example) 10.200.10.0/24 to 10.100.10.0/24. Each side 'hides' it;s local 10.10.10.0/24 subnet behind another, same sized, subnet. You could use any unused subnet for that I just chose 10.100.10.0 and 10.200.10.0. So on each side that would be the Binat address. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html However if you do not need access between the two subnets dircetly but only from the pfSense_1 OpenVPN subnet this becomes easier. You only need to BiNAT on the pfSense_2 side like: [image: 1652360612067-screenshot-from-2022-05-12-14-02-05.png] On the pfSense_1 side the P2 would be just be 172.10.10.0/24 to 10.100.10.0/24 To access the remote side VPN clients would need to use the equivalent NAT address. Steve

@josephchrzempiec said in Monitoring my network bandwidth remotely?: The laziness in me just wants to see trafic nothing else that is all that page is - have you even looked at it? Its a graph showing you your traffic of the interface you pick that is it! [image: 1652356964222-traffic.jpg] If your really anal about it - you could just hide all the other stuff on the page with your fav web tool that allows that - say ad blocker.. [image: 1652357460215-newgraph.jpg] Just set the graph how you want it - and remove all the other elements on the page.. No need for scripts no need for programming - just point and click.. There you go.

@stephenw10 said in The firewall has encountered an error: There's no time stamp so we can't say if that's related but it certainly shouldn't do that. Check the System and Snort logs. Okay thanks, I also notified Snort via email....

The gateway is what your ISP passes to pfSense to use as the next hop for routing. It's a router at their end of the WAN connection. See: https://docs.netgate.com/pfsense/en/latest/network/subnets.html#ip-address-subnet-and-gateway-configuration Steve

It's possible but you would need to carefully select the signatures you enable. I would not recommend it. But it won't alert you in real-time anyway. I agree with the above; use something running on the Mac to monitor those connections. Steve