Yeah, I would start out with some basic shaping here using PRIQ. Put RDP and VoIP as high priority and everything else low. Start out as simple as you can, it's easy to end up with something far too complex for traffic shaping.
Yes, that's correct. LAN side clients should be using the pfSense LAN IP as their gateway.
pfSense should only have one gateway itself though in a simple setup like that. If it has more that one (probably wrong) it might be choosing the wrong one. Setting the default gateway to WAN_DHCP does not hurt in any case.
I believe that distinction is relevant only where powers of 2 are used, such as memory size. I don't believe that applies to data rates, which have always been in powers of 10. It's been that way for as long as I've been in the telecom business, almost 50 years. I certainly have never heard of bandwidth expressed in numbers based on binary.
Technically you could do it by running pfSense as a virtual machine in Windows using hyper-V or VBox etc. But pfSense is a complete operating system, it cannot run as an application on your desktop. It expects to be running on it's own dedicated hardware but running virtualised can also work.
Q: Are you able to resolve any address?
A: I tryed under diagnostics/ dns lookup, it takes 60 seconds or more to resolve.
Q: Is Unbound running? (Status > Services)
A: Yes, it is running.
I figure out that i have 2 addresses in general setup dns, one is our remote AD / DNS Server, the second DNS was 188.8.131.52
I tryed to ping our AD DNS server without success so i changed it to 184.108.40.206 and 220.127.116.11 in general setup than switched from DNS Resolver to DNS Forwarder after that it worked.
The AD DNS IP i set under DHCP Server IP with 18.104.22.168 too.
Thank you for the help.
If you are running an OpenVPN server in pfSense (VPN > OpenVPN > Servers) you do not need to change anything in pfSense. Traffic to it will be forwarded from the external router and it will accept it.
What needs to change is how the remote side is connecting to it. If it's not using an FQDN that you can update via DNS it will need to have the new public IP entered directly.
@stephenw10 Got the WAN port working, everything is great now. I had to disconnect the old router from the ONT (I had been doing that previously and I'm certain that was not part of my original problem, which you have helped me solve).
Thanks. I believe the issues you are seeing are largely due to pfBlocker which updates the pfSense configuration system (and hence triggers a backup) on a very frequent basis. I have increased the capacity of the server to the highest reasonable value which may help a little.
A couple of years ago a mechanism was introduced to allow pfBlocker to bypass the backup system, but so far it has not found much employment. I plan to contact the developer as well as a member of our own development team to see if we can can some movement there.
In addition, some filtering has been added to pfSense to help alleviate the situation. You should see that in the next release.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.