By upgrade to pfSense, I assume you inserted a piece of hardware running it into the network.  If so, then yeah latency will increase, as the packets have to pass through the hardware.  Don't forget, that packet has to be received, processed and transmitted by pfSense, so it all adds up.  Also, if you're still using that Linksys as a router, don't bother.  Just use it as an access point & switch.  That will remove the latency of the router portion.  See what the latency is when passing only through pfSense

Good catch Derelict - yeah "OUTSIDE address of my ISP" never going to work that way ;)

Yes, I tried with and without ECN.

An update…

Opened a ticket with Netgate but do not expect any updates from them now until Tuesday.

I have discovered that I can ssh into device (via VPN) and issue a ifconfig down / up on the LAN interface and connectivity is restored. So to keep this thing working until I can get on site or Netgate finds an issue I have added a crontab entry to run the ifconfig command every 5 minutes.

I also checked netstat when connectivity is down and here is the output:

[2.4.2-RELEASE][admin@shelter.applegate.privatedns.org]/root: netstat -i|grep cpsw1
Name    Mtu Network      Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
cpsw1  1500 <link#2>7c:38:66:26:ba:30  6412951    0    0  5694350    0    0
cpsw1    - fe80::%cpsw1/ fe80::7e38:66ff:f        0    -    -        1    -    -
cpsw1    - 192.168.1.0/2 shelter              5536    -    -    2488    -    -

[2.4.2-RELEASE][admin@shelter.applegate.privatedns.org]/root: netstat -i | grep cpsw1
Name    Mtu Network      Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
cpsw1  1500 <link#2>7c:38:66:26:ba:30  6412963    0    0  5694356    0    0
cpsw1    - fe80::%cpsw1/ fe80::7e38:66ff:f        0    -    -        1    -    -
cpsw1    - 192.168.1.0/2 shelter              5542    -    -    2488    -    -

[2.4.2-RELEASE][admin@shelter.applegate.privatedns.org]/root: netstat -i | grep cpsw1
Name    Mtu Network      Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
cpsw1  1500 <link#2>7c:38:66:26:ba:30  6412984    0    0  5694367    0    0
cpsw1    - fe80::%cpsw1/ fe80::7e38:66ff:f        0    -    -        1    -    -
cpsw1    - 192.168.1.0/2 shelter              5547    -    -    2488    -    -

There are no output packets for IPV4…</link#2></link#2></link#2>

The book is only $24.70. See .sig

@johnpoz:

PCIe is HUGE difference… old at 2.0 and x1 but still 500MB/s. way better than your pci bus..

Well there goes my Friday. Thanks for all the help!  :D

@kaysersosa:

With the proxy confirmed off and the Chrome extensions disabled, the site works.  Cache was cleared and confirmed a couple of times.
With the proxy confirmed off and the Chrome extensions enabled, the site works.  Cache was cleared and confirmed a couple of times.

With the proxy confirmed on and the Chrome extensions enabled, the site does not work.  Cache was cleared and confirmed a couple of times.  So the issue appears to be related to the proxy.

On the Proxy Filter (PackageProxy filter SquidGuard: Common Access Control List (ACL)Common ACL) I have the following:
own personal Whitelist - whitelist
–-only thing on it is the swsheets.com which is on the domain list
[blk_BL_adv] - deny
[blk_BL_spyware] - deny
[blk_BL_tracker] - deny

The list is downloaded from <http: www.shallalist.de="" downloads="" shallalist.tar.gz="">.

Even with them set to allow the denied ones, the site still will not work correctly.  Thoughts?</http:>

Surely based on the following post you can correlate what's missing from the whitelist?

@kaysersosa:

I have confirmed with the site owner that it uses CSS and Javascript. Most CSS and Javascript is hosted on swsheets.com itself, but some CSS is loaded from googleapis.com and some JS from maxcdn.com.

I'd add the following to the whitelist maybe?

googleapis.com
maxcdn.com

Just a suggestion, I'm new here so don't know if this will fix your issue, but it sounds logical.

Regards,

MATT (infiniti25)

Yeah, you need to change the standard location for the hard disk cache, since you have placed /var in your ramdisk.

thank for explaining,

i did with noip.com created host and configure with one of my pfsense server, it show green ip and same ip on pfsense and on inside web account of noip.com.

how can i access the by noip.com host name..

@JKnott:

It seems to me you should work on fixing your network, rather than trying to make things work in a way they weren't intended.  Get the PBX and phones on the same network and you'll solve your problem.

Actually, I'm still satisfy with current network which work with captive portal for LAN and WiFi. Put all in same range may not what I looking for, at least for now.

thanks for the fast reply. got some research to do know about nic's now.

@Unpleasant:

I see the pattern here, I haven't set up IP's for the other interfaces except LAN and they work correctly.

Well it's much easier to help people if they don't mask the important data in the screenshots. Good luck with the switch, when it comes to performance it's always the better choice.

@Vaibhav1:

Trying to block the IP using FauxAPI.

Your best bet is to talk to the author of it, as this isn't an official package.

Im not sure I know what you want to do, at least you could provide more details.

Using MySQL with Radius is a convenient and fairly easy method to handle users (I handle around 250 users that way).

Neither MySQL nor Radius generally requires a very powerful CPU (compared to more CPU intensive tasks), since I/O performance is often more important.

Not sure if this is helping or not.

I go on to my modem and forward all traffic using DMZ to my pfsense WAN IP.  This then allows pfsense as your firewall and your router / modem just passes information through.

Mat

We noticed that some of the CARP interfaces on the secondary firewall were showing up blank on the status page.  On the dashboard page they showed the correct icon for "backup" but were simply blank.

We ended up rebooting the secondary device and so far the warnings have not showed up again on the primary device.

There have been a number of odd issues with the secondary device and we're starting to suspect a hardware issue (RAM, or disk potentially).  I'll post any updates here in case somebody runs into a similar issue.