So the P2 will effectively end up being (in my example) 10.200.10.0/24 to 10.100.10.0/24. Each side 'hides' it;s local 10.10.10.0/24 subnet behind another, same sized, subnet. You could use any unused subnet for that I just chose 10.100.10.0 and 10.200.10.0. So on each side that would be the Binat address. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html However if you do not need access between the two subnets dircetly but only from the pfSense_1 OpenVPN subnet this becomes easier. You only need to BiNAT on the pfSense_2 side like: [image: 1652360612067-screenshot-from-2022-05-12-14-02-05.png] On the pfSense_1 side the P2 would be just be 172.10.10.0/24 to 10.100.10.0/24 To access the remote side VPN clients would need to use the equivalent NAT address. Steve

@josephchrzempiec said in Monitoring my network bandwidth remotely?: The laziness in me just wants to see trafic nothing else that is all that page is - have you even looked at it? Its a graph showing you your traffic of the interface you pick that is it! [image: 1652356964222-traffic.jpg] If your really anal about it - you could just hide all the other stuff on the page with your fav web tool that allows that - say ad blocker.. [image: 1652357460215-newgraph.jpg] Just set the graph how you want it - and remove all the other elements on the page.. No need for scripts no need for programming - just point and click.. There you go.

@stephenw10 said in The firewall has encountered an error: There's no time stamp so we can't say if that's related but it certainly shouldn't do that. Check the System and Snort logs. Okay thanks, I also notified Snort via email....

The gateway is what your ISP passes to pfSense to use as the next hop for routing. It's a router at their end of the WAN connection. See: https://docs.netgate.com/pfsense/en/latest/network/subnets.html#ip-address-subnet-and-gateway-configuration Steve

It's possible but you would need to carefully select the signatures you enable. I would not recommend it. But it won't alert you in real-time anyway. I agree with the above; use something running on the Mac to monitor those connections. Steve

800MB in one hour is not that much by modern standards. A single Mac running icloud backup will burn through that easily. At 1Mbps on your ADSL WAN it's not possible to upload 800MB in one hour. So that must include upload and download. I would find out what their actual cut-off limit is and add your own limiter to prevent hitting it. Though in my opinion if you're paying for 10/1Mbps you should be able to use it. Steve

@whitetiger-it said in How to find who is generalizing traffic: I know only traffic totals (and only a little); I don't remember if stats is for single PC. I do not know the other tools and therefore I ask you for advice. However, I need to find the PC that is generalizing traffic in INTERNET UPLOAD. The traffic over PC’s ethernet card is also for other reason, for example to NAS, server or printers. Yeah, think your are right about Traffic_Totals - that’s only for combined traffic. BandwidthD or Darkstat is what you are looking for. They will summarize traffic for individual IPs. But if you route traffic to your servers, printers and what not (through pfsense to another interface), that will be included by default to. But there is likely a “internal network” type definition you can setup to have them exlude traffic to other local IP scopes.

@danielr It's a Netgate domain, you can run md5 checks against the files if you wish, but the software itself is not only unsupported now but also may not allow installation of packages properly as the maintainers may not be maintaining those old versions anymore. v2.3.5 was released nearly 5 years ago and many CVEs have been discovered, patched and replaced in the last 1500 days.

@stephenw10 said in Pfsense Admin Portal Protocol: Ok, so you could do something like this: Disable the anti-lockout rule on LAN. Add a floating rule: Pass, IN, all interfaces, TCP, source: <the_IP_to_allow>, destination: This firewall, port 443. Add a floating rule below that: Block, IN, all interfaces, TCP, source: any, destination: This firewall, port 443. Make sure you have console access so you can roll back that change if you get locked out! Steve Dear Steve, Thanks a lot for your explanation.

Yes, you can add those two sets of subnets as P2s in a policy based config and it will work. The BGP session will use the APIPA addresses and the the routed traffic will be carried by the other P2. It will of course fail if BGP passes other routes since they are not carried. To allow traffic to/from those APIPA addresses, which are blocked by default, be sure to enable it: https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#allow-apipa Steve

It could be configured to use the wrong primary console. That's the last messages you see on voth consoles before it switches to primary only. https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html?#booting-with-an-alternate-console Steve

@stephenw10 Or more precisely, don't send a frame that exceeds the recipients maximum size. There's nothing in an Ethernet frame that says what the MTU is.

@danielr That's covered in the docs here: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restoring-from-the-config-history However you cannot restore to an external backup file easily.

pfSense itself can use any configured DNS server including anything that might be passed to it via DHCP. So it may be able to resolve when clients cannot when Unbound is not running. However you should forget about DNS if LAN side clients cannot even get an IP address. Do you have a subnet conflict between WAN and LAN? Steve

I saw the exact same thing. Throttled my 300-350 Mb/s connection down to 40ish. I even reinstalled the thing from scratch and it repeated a couple days later. This morning would not pass traffic at all, but could ping from the gateway. Rebooted but still throttled. Disabling the shaper on the WAN interface completely fixed it immediately. I'll follow up if repeats the phenomena. Will be happy to submit logs if you tell me what and where to send. Other than this, no complaints or issues. Running pfSense+ 22.01 "free" on a HP EliteDesk very small PC.

@f-meunier Thanks! I was hoping that would be the case, but better to know before-hand.

@chpalmer thanks for the reply. I've removed the old card and re-assigned the new card to my LAN. (to prevent confusion I only keep two cards in the server wan and lan) there is only one light on the 530t and none on the insignia USB. Not sure if setting the speed is the problem, even if it was running at 10 MBs, I should be able to connect to the internet from my PC , but the only machine that seem to be able to connect to the internet with two 1000base NICs installed, is the firewall server. Also i do not see where I can change the speed. nothing on the console menu, or on the dashboard ( using a web browser to connect to the firewall ip address) i've even ran an update from the menu after installing the card. is there something that need to be run from the Pfsense dashboard when adding a new Card , something like disabling PfBlockerNG and then enable it. is there a speedtest for the NICs , something that will show the speed the card is running at?

@cidk2 said in Talk Talk Fibre Broadband + pfSense: Default Gateway 62.2XX.XXX.XX, please edit and mask.

@johnpoz said in Cloudflare:443 in fw log...: just personally block all traffic to 1.1.1.1 Floating rule, out WAN, quick, source any/any destination 1.1.1.1/any? Thanks