@auto_carr this is an old topic, but I ran into this type of problem that coincidently looks like this kind of loss in bandwidth using intel nics. I created a thread here, if you ever got around figuring this out please share. thanks! topic bandwidth loss

@stephenw10 OK, I also realized it is much easier to edit the XML. Thanks the config file is an XML.

Fixed it. When mucking around with the static and DHCP. When deleting the gateway it removed the default gateway config and selected automatic. TLDR; Lessons learned when placing a edge switch to offload the VLAN tagging from PPPoE and VLAN tagging on the WAN interface: Configure the WAN interface to PPPoE only. Remove the VLAN Reboot. PFSense seems to pull the PPPoE settings in at reboots. Leaving this in hopes it can help someone else and save time.

Worked :-) Two small typos (?) but excellent tip - thank you very much! <?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); # Added ';' to the end of line $msg = "Great tip from Gertjan!"; if (!empty($msg)) { notify_via_pushover($msg); } # When executed, removed space -> '-q': # php -q /root/pushover_test.php ?>

Not sure what I did, but I accidently locked myself out, so I redid a new build and everything is working fine now. Thanks for your help !!

@paulqsource Try this : On the dashboard, the 'radiusd' process should be 'green' : [image: 1640854586223-ae61402f-a40d-44aa-b384-ce82a38a7df4-image.png] Stop it : [image: 1640854627543-a0eebd41-9efe-419d-8a25-80aa0d6d6100-image.png] Open a console connection, menu option 8. Type radiusd -X Now the FreeRadius process starts, and logs over the console. If you use a ssh client like Putty, warning messages will be yellow, errors will be red. Your mission : find the red lines, and make them go away. When I start radiusd, I only see these : [image: 1640854977670-2dea9d74-9c6e-4e22-bcf4-2eca10e4cb6d-image.png] Then, it idles, waiting for 'things to do'.

Obviously there is a bridge somewhere. Most probably the wifi ap is by mistake connected to the wired lan segment.

@stephenw10 agreed, but I would argue its never "better" to bridge ;) hehehe Not saying it doesn't have use cases.. But it should be the last freaking choice, and only as a stop gap measure until you can get the equipment needed not to do it ;) If I was out of switch ports, and I could not disconnect something - and I had an extra port on pfsense. I would still prob just bring that up on its own network.. If I HAD to have it on the same L2 as xyz.. ok then setup a bridge. But this would only until I could either disconnect something and free up the switch port. Or my order for another switch or bigger switch came in ;) Even in that scenario - I would most likely look for something I could move off the switch to an interface on pfsense that could be another network. So I could put this thing I needed on network xyz on the switch ;)

Also see: https://redmine.pfsense.org/issues/12440

@networknotwork you can create a feature request over on https://redmine.pfsense.org/ And if you found a bug/issue or improvement in the .tcshrc you could put that in there as well. edit: This has been a enlightening thread to be sure.. I learned a bit about making sure your actually awake when testing something ;) and also about the stupid bell thing hehe, and got me to update my local ssh client too.

@stephenw10 They generate 3Mb of traffic each. GreyiPad is only used to watch the cameras. The other one does that 99% of the time. Maybe not a great reason, but that is the reason.

@mantis0711 See thread https://forum.netgate.com/topic/167206/gateway-drops-and-never-comes-back for another report and diagnosis.

@tjsas1 problem is isp most likely will do nothing about it, unless this was a business line and you have ddos protection with them (normally not free).. Your best bet is prob get your IP changed, if you can not do it locally by altering your pfsense mac address on its public interface. Then get with your ISP and asking them change your IP, because your seeing inbound dos traffic - send them the sniffs you did showing the traffic, etc. And any info you can gather about amount. I wouldn't hide your public IP in those sniffs ;) Problem is with such traffic is nothing you can do at your end, other then changing your IP.. internet -- isp --- 10mbps connection --- you If the internet is sending you 10mbps of traffic, and filling up your pipe.. There is really nothing you can do at your end.. The traffic be it you drop it on your end or not, is still using up your connection. Its a common misconception to what a firewall can do.. Now if there was say 1mbps of traffic and it was being sent to your server behind your router/firewall and this 1mbps of traffic was hurting your servers performance - then you could filter that from being sent on to your server. But as long as the traffic is sent, your connection would still see the 1mbps of traffic.. You need to stop the traffic from being sent to you down your limited connection. This is either done at the isp end, or you need to change your IP so that traffic to 1.2.3.4 doesn't go down your connection. Other option ;) Get a fatter connection heheh.. If you had 1gig, and they were only sending 10mbps - then it wouldn't be a problem.. But if sending 1gig, you have the same problem.

It looks like a certificate mismatch because pfSense uses a self signed cert to serve that page.

@bahman via the marketplace I linked too.

@stephenw10 I will try next. i'm new to pfsense, so will slowly setup as I go. thank you for all the inputs.

@opensourceprotection said in SMTP notifications not working with gmail: Solved! Every time you test the connection you have a to reinput the password. Even though you'll see the shortened black dots, the password is not saved from the test before. (I'm assuming it's reverting to what it has saved but can't say for certain.)  I was seeing the shortened black dots and thought PFSense was rolling over the password from the previous try this was not the case. Once I copied the setting of johnpoz (with the appropriately changed email addresses) it worked like a charm the first time, and when tested again it failed like before. That's what clued me in. If I entered everything fresh, hit save, THEN hit test I could get it working multiple times in a row. Thank you everyone for your help with this! This was the solution to the issue I was having! Thanks for your help.

The 1100 is preconfigured to boot to a functioning state. You should be able to connect a dhcp client to LAN and it will receive an IP address in the default LAN subnet, 192.168.1.0/24. That allows you to connect to the webgui and complete the setup. The most common cause of that failing is that the WAN is connected to an upstream router and that device is also using the 192.168.1.0/24 subnet creating a conflict. If that's not the case then, yes, connect to the serial console to investigate what state it is in. https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html Steve

Not all of the interfaces were selected so it was re-broadcasting only on a few interfaces. Thanks for the push in the right direction.

I think you should restate your requirements. The number of clients is not the correct end number you are looking for, it is the number of states (RAM usage). I have about 20 devices on my network doing things. I have 800 states, or about 40 states per device. 10k clients times 40 states is 400,000 states. My 8Gb FW defaulted to over 800k states, my memory usage is low so there is room to grow. (40 states per device is not a solid number you should use, just an example.) 10Gb is where you look at interfaces and CPU, a 6100 should handle that speed. Any packages you add on top should be added to the CPU and RAM numbers. When you are done you should have an idea as to the the CPU and RAM needed, then you can make an educated guess on which device is best suited for your needs. If you have performance data from previous events you can improve your estimation on CPU and RAM needed.