Use weights of 2 and 6 instead of 1:3, see this note you might have missed: https://doc.pfsense.org/index.php/Upgrade_Guide#Multi-WAN_Weighted_Load_Balancing

Up? I'm attaching my configuration. With this nothing is working. [image: pic.jpg] [image: pic.jpg_thumb]

It's open source. What you're looking at there is their Access Server product, which isn't free nor open source. It's an alternative to the server-side component that's in pfSense. The only client you need is free and open source. https://openvpn.net/index.php/open-source.html

Solution: Disabled offload checksum on transmission for the virtual interface in Xen (LAN interface). Up/Down speeds are both as expected.

Thank you very much, you saved my day  ;D

Brandur  thanks You so much! Traffic Totals and Gateways Monitoring is exactly this what I need :)!

Most probably, this is a firewall rule issue. As soon as I disabled the firewall rule pertinent to ovpn, the speed tripled. Any ideas?

Probably zero to do with your increased RAM.

The Zhone router has way too many options for a hobbiest home user. Count your blessings  ;) Many ISP's limit the control of attached modem/routers to the point they're barely usable unless you want "Their Standard Configurations". Glad you got it working.

disregard this my destination wasnt set right now its working flawlesssly  sorry if i took up anyones time thanks

that happened to me before too.. enabled DHCP, boom internet working.  Glad you got it resolved.

Yeah that'd probably be one of the chipsets that won't disable autonegotiation. Verify your switch ports are all set to autonegotiate, and that your cables are CAT-5e or better and aren't bad.

I have spent quite some time lurking around here pretty well doing the same. While there is no magic bullet, the goal for me has been to have high security with low maintenance. I have quite a complex home network (to help emulate a corporate network for testing but also for security) and I am always looking to find ways to help secure it better. I have found this thread to be a pretty good starting point with some good security info; https://forum.pfsense.org/index.php?topic=78062.0 There is also some pretty good info in the wiki such as this one for forcing your (or something like OpenDNS) DNS servers; https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense Hope some of this helps and I hope some people smarter than us chime in too! pfSense is a great platform that is improving all the time.

Learn something new every day, thanks cmb..

I posted there, and Adrian Chadd wants kgdb, but he thinks(!) it's fixed in head…. I cc'd you (Chris) on my reply.

@firefox: so how this details Were blocked ? They are part of the HTTP GET browser call (Yep, it's your browser who tells the web server who / what / where / …. so using a less noisy browser will help here) Squid probably dives into the IP packets and removes them on the fly ...

I had a quick look at my Synology. This option related to the router seem to be some sort of the tool that would help you to reconfigure your home router by adding relevant firewall rules. It is only supported by some routers as per Synology Knowledge Base: https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_routerconf It require additional setup and UPnP is involved. So this option may not be something you need to use…

@johnpoz: if you have questions post up your rules and we can go over them. Thank you so much John, Our first Pfsense Firewall Hardware is up and running.

"Destination > any  >" Well that is wrong..  Dest would be your wan address. so you read the troubleshooting doc..  And did you follow it or just read it.  First thing to do is make sure the traffic is actually getting to pfsense wan.  Pfsense can not forward something it does not ever see. How are you testing this?  You need to make sure your coming from outside pfsense..  Your not trying to hit your pfsense wan IP from inside pfsense are you - that would be nat reflection and can be problematic and should really just be avoided.  There is never really a valid scenario that it makes sense. this really is clickity clickity..  Create your foward and your done.  If something is not working you either did it wrong or the traffic is not even getting to pfsense.  You also need to check your firewall on the box listening on 443.  maybe pfsense sends it through and that firewall blocks it?  You sure the box is even listening on 443?  Can you access it from a host on your lan directly? The troubleshooting guide covers pretty much every scenario that could be a problem. Its possible your isp blocks 443 and or you have a nat in front of pfsense that you did not forward 443 to your pfsense wan IP, etc. etc..