• Connectivity issues

    3
    0 Votes
    3 Posts
    482 Views
    D

    Thank you for your response. I will try and keep notes on when it occurs throughout the day tomorrow and see if anything odd is in the system logs.

  • Basic static route question, doesn't seem to be working.

    12
    0 Votes
    12 Posts
    1k Views
    M

    @viragomann:

    ping and traceroute maybe do well. ICMP is a stateless protocol. The problems with that come if you establish a stateful connection.

    So I'd try one of the suggestions.

    OK, thanks for bearing with me! That one got through, I can just about picture how that makes a difference with how things are flying around.

  • Connect from work to home with ssh tunnel ?

    Locked
    7
    0 Votes
    7 Posts
    1k Views
    jimpJ

    Sounds like a good way to get fired. Or worse than that if "classified" material is involved, assuming you meant government "classified", and not company secrets/work product, which could still be a crime depending on the circumstances.

    Locking thread. If you want to evade your company policies, you are on your own.

  • [SOLVED] WAN only recognized through switch, getting awful speed

    8
    0 Votes
    8 Posts
    900 Views
    D

    @muppet:

    I would check with your ISP and see if they have hard-set your port to 100/Full
    Maybe the pfSense is trying auto and, seeing nothing, not bringing up the port.
    And the switch, not seeing auto frame either, might be defaulting to 100M half-duplex, thus causing all the frame drops/problems.

    This really sounds like an Ethrnet problem, nothing to do with pfsense itself.

    PfSense works just fine, so it's not the problem.  The problem will be your Ethernet card, the drivers or similar.
    Try and do some diagnosis to see what speed and duplex the port is coming up at, especially when connected to your laptop (is auto-neg being used or not?)

    Thank you!
    It really was something wrong with ISP's port. It was set to auto, but still didn't work correctly, so my connection was regularly jumping through different modes-speeds and getting big error rate. They just changed the port, and now everyhing is perfect.

    They would never do anything if I said them it's pfSense or any incompatible router, but they couldn't reject the issue with just switch.

    @stephenw10:

    At layer 3, yes (probably). At layer 2, maybe. At layer 1, nope.

    The reason it's a good test to put an unmanaged switch between your WAN interface and modem is because it can show up issues exactly like this.

    If your modem is set to 100Mb full duplex rather than auto the switch will likely connect to that fine and will also connect to the WAN interface that is set top auto negotiation fine. But without it you get a default connection which is often 10Mb half duplex, horrible speeds and huge error rate.

    Ethernet hardware should all conform to the specs and be compatible but that is not 100% true. Some cards will refuse to establish a link or continually flap up and down for no good reason. I have a Realtek card here that behaves exactly like that but only when connected to one switch I have.  ::)

    What is the NIC in the Win7 PC?

    Can you see the link speed/duplex on the switch in each of these cases?

    Steve

    Thanks for the info. Yes, they seem to implement things a bit differently. My Realtek NIC refused to see that broken connection at all, while Broadcom's one somehow worked fine on that… Also that Realtek only accepts it's hw mac, while Broadcom don't care.

  • URL Alias WildCard for Windows Updates

    2
    0 Votes
    2 Posts
    1k Views
    DerelictD

    Can't be done. There is no way to obtain a list of IP addresses for a wildcard domain. You would have to resolve every possible hostname which would be infeasible if not impossible.

    One of the other packages, such as pfblockerng might have a pre-compiled list you can use. Not sure.

  • MOVED: Monthly traffic reports?

    Locked
    1
    0 Votes
    1 Posts
    258 Views
    No one has replied
  • Internal routing of external address for calendar

    8
    0 Votes
    8 Posts
    717 Views
    D

    Yes, but it would send everything to the NAS.  I use that hostname with other ports to do other things…....  :-\

    (edit) If NAT Reflection doesn't work, might have to get another hostname just for the calendars.

  • Help with Remote Access OpenVPN with multiple satellite offices

    7
    0 Votes
    7 Posts
    750 Views
    D

    @viragomann:

    Have you also added the vpn tunnel networks to the site-to-site settings as suggested?

    This was the key. Users are able to access all branch offices now through the Remote Access VPN.

    Thank you for the help!

  • WAN interface loses .static when VPN fails at high traffic

    2
    0 Votes
    2 Posts
    633 Views
    T

    with mssfix 1400, 20MB/sec was stable. A few errors but no loss of connection.

    22MB/sec gave a couple of errors but did not disconnect me

    Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10253565 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

    24MB/sec started to spam errors and I lowered speed before it broke.

    I guess it must just be latancy related when at high speeds over UDP, but my connection to the server and ping are solid outside of the tunnel from what I can tell.

    Solved by… cheated really
    Anyway, switched to TCP and reached 36MB/sec which isn't to far from my max without VPN.

    The other issue with the routing table and the pppoe connection that shouldnt of been caused by openvpn failing shouldnt happen now as openvpn is stable.

  • Reboot required if internet goes down

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG

    Hi,

    Start to collect easy facts :
    Stop using a VM, use a dedicated device.
    Swap LAN and WAN.
    What kind of brands, your NIC's ?
    When you put in place another router/firewall, the problem disappears  ?

  • Download Speed from console 2x what clients see

    5
    0 Votes
    5 Posts
    419 Views
    johnpozJ

    ESXI 4.1?

    Why?  Dude freebsd 10.x not support until esxi 6.0u2 at min..

    Also where is your lan side of psfsense.. You running vlan top of the vnic you installed in pfsense?  Why add another vnic on your pfsense vm and connect to proper vswitch or portgroup on vswitch to connect it to your lan network?

  • Legally use PFsense in a company

    9
    0 Votes
    9 Posts
    1k Views
    K

    There are zero legal problems with what you're doing now, the objections from the seasoned users here are only practical in nature. It is counterproductive to produce yet another set of documentation that is going to be riddled with errors and inconsistencies and will lag behind the existing better quality official documentation.

  • High latency on the WAN port

    1
    0 Votes
    1 Posts
    329 Views
    No one has replied
  • Need help gigabit performance

    19
    0 Votes
    19 Posts
    2k Views
    stephenw10S

    No probably not. The overhead from running virtual should not be that large if the hypervisor is setup correctly. And on your hardware you shouldn't be getting even close to any limit at 180Mbps. Assuming you meant bps.

    Steve

  • Need help to configure with three NIC

    1
    0 Votes
    1 Posts
    268 Views
    No one has replied
  • Last seen IP

    8
    0 Votes
    8 Posts
    1k Views
    NogBadTheBadN

    It is only 5 devices :D

  • Gateway keep going offline after one minute

    5
    0 Votes
    5 Posts
    726 Views
    JKnottJ

    As impossible as it should be, I've seen 2 NICs with the same MAC.

    While supposedly unique, some manufactures have been known to recycle MAC addresses.  There's also the possibility of locally assigned MACs and many consumer routers can clone a MAC.  However, as long as they're not on the same local network, duplicate MACs are not a problem.

  • What's the point?

    4
    0 Votes
    4 Posts
    641 Views
    DerelictD

    Though, for the home user, the time spent installing, configuring, tuning, and maintaining snort would probably be better spent educating the family on what not to do. That will benefit them for life on every network they encounter.

  • Email notifications Office365

    9
    0 Votes
    9 Posts
    2k Views
    M

    Thanks everyone this now works  :) :) :)

  • Pfsense testing against Brute force

    2
    0 Votes
    2 Posts
    864 Views
    KOMK

    http://forums.kali.org/

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.