@deanfourie Are there any errors logged for those services? “Nslookup hostname pfSenseIP” …will test DNS directly.

Hmm, something must be connected there. Try running a pcap on each to see if that traffic is actually there. When the WAN pulls a lease from pfSense does it show the other interface as the DHCP server MAC? Steve

Nice. Thanks for following up.

It's more that it doesn't get updated under some circumstances still to be determined. A clean install is not affected. Steve

@jonathanlee yep I agree. The new status icons are extremely helpful. I love it

@netboy Never mind.... This worked. Removed CNAME x.mydomain.com Configured Dynamic DNS in google domain for x.mydomain.com Used pfsense SERVICES -> DYNAMIC DNS and selected "google domains" and entered username and password and voila x.mydomain.com works and points to my server Sorry for the confusing post.

After some discussion with their support they disabled CGNAT for me. :-) -Rico

@gertjan said in How to detect P2P traffic and block it using pfSense: I still doubt that a app on some pc somewhere on some LAN will 'cooperate' by having it's activity detect by some upstream device running snort and the OpenAppID detector. I should really try it out, as I have, in theory, a device (4100 MAX) that would be able to do so. It is a cat and mouse game between the p2p software developers and the IDS/IPS Layer 7 detection software developers. The goal of p2p is to "elude" detection, and the goal of stuff like OpenAppID is to "detect" p2p. Currently there are some things that do still happen in the clear during initial session setup, and that allows detection. Of course tomorrow some p2p variant will make a change to foil that detection, and then the OpenAppID folks will respond. So, back and forth the game continues.

@johnpoz No it's not that not sure how that got there.

@vpittman One other thing is with a VLAN, you could give VoIP priority over other traffic. However, that's not much of an issue these days, with Gb switches.

Problem resolved : https://redmine.pfsense.org/issues/12834 You can install the System Patches package and then apply this patch directly from the built-in Recommended Patches list. The patch is available in the System Patches package version 2.0_4 or later, no need to create a manual entry.

@stephenw10 appreciate you Stephen. Thanks for all the support !

You can't NAT on an IPSec tunnel like that. If you need to NATyou have to use the BI-NAT field in the Phase 2 setup. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html Assuming this is a policy based tunnel (not VTI). Steve

@stephenw10 Thanks a lot Steve!!!!

Nice work! It's probably because of the latency difference. With local transfers the latency is so low you can see the full bandwidth with a single TCP connection. SMB is notoriously latency sensitive. It looks like multichannel works around that to some extent. Steve

ive personally have issues with bandwidthd not reporting data on top talkers. https://forum.netgate.com/topic/177849/bandwidthd-not-capturing-any-toptalkers ntopng always works but its hard on the ssd with lots of flows happening.

@qcezwadxs said in 10 Mbps DL (from 980 Mbps) after upgrade to Netgate 6100: @plawlor What is the make/model of the SPF+ 10G RJ45 modules? Please and Thank You. 10Gtek ASF-10G-T

Forwarded it from where to where? If you're testing from a VM behind pfSense and that VM is using pfSense for DNS then adding host override there will work.

@bmeeks Thank you very much for your help, you mentioned the points I needed to hear. I will investigate and work on the matter. Regards.