Problem resolved : https://redmine.pfsense.org/issues/12834

You can install the System Patches package and then apply this patch directly from the built-in Recommended Patches list.

The patch is available in the System Patches package version 2.0_4 or later, no need to create a manual entry.

@stephenw10 appreciate you Stephen. Thanks for all the support !

You can't NAT on an IPSec tunnel like that. If you need to NATyou have to use the BI-NAT field in the Phase 2 setup.

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html

Assuming this is a policy based tunnel (not VTI).

Steve

@stephenw10 Thanks a lot Steve!!!!

Nice work!

It's probably because of the latency difference. With local transfers the latency is so low you can see the full bandwidth with a single TCP connection. SMB is notoriously latency sensitive. It looks like multichannel works around that to some extent.

Steve

ive personally have issues with bandwidthd not reporting data on top talkers.
https://forum.netgate.com/topic/177849/bandwidthd-not-capturing-any-toptalkers

ntopng always works but its hard on the ssd with lots of flows happening.

@qcezwadxs said in 10 Mbps DL (from 980 Mbps) after upgrade to Netgate 6100:

@plawlor What is the make/model of the SPF+ 10G RJ45 modules?

Please and Thank You.

10Gtek ASF-10G-T

Forwarded it from where to where?

If you're testing from a VM behind pfSense and that VM is using pfSense for DNS then adding host override there will work.

@bmeeks Thank you very much for your help, you mentioned the points I needed to hear. I will investigate and work on the matter. Regards.

It uses the SSH key. See: https://forum.netgate.com/topic/150789/update-ssh-public-key

You can open a Correction in pfSense Docs in the redmine.

Or open something marked as new content.

Steve

Depending on how the remote router is configured you might be able to use the hostname to access the 1100 OpenVPN interface. it would need to be setup to resolve OpenVPN clients.

You can always setup multiple port forwards with different incoming ports if you need to access several hosts behind the 1100.

Steve

@cool_corona Try installing the bandwidthd package.

"BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization.
Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each IP address's utilization can be logged out in CDF format, or to a backend database server.
HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded."

@artooro It seems that you are correct...learned something new today...thank you for sharing.

"Yes, a domain can have multiple A records. This is known as "round-robin DNS" and it allows multiple IP addresses to be associated with a single domain name. When a client requests the IP address for the domain name, the DNS server will rotate through the list of IP addresses in the A records and return a different IP address each time. This can be used to distribute traffic across multiple servers or to provide failover in the event that one server becomes unavailable."

@stephenw10

Heh at least I am not only one that think it is odd.

Yes, clarifying when I do the VPS -> VM transfer I port forward port 8080 on my firewall to the open internet then use netcat to raw transfer the bytes from the VPS to the VM via the port forward.

I appreciate the new angles of attack, when I am at work tomorrow I will try these and report back.

@stephenw10
@johnpoz
ah ok

well reason i also have multiple cards too for Cameras and IOT devices is
i have like 100 IOT Devices.. i plan to get 30 cameras for my property i at 5..
my unraid server is my File Server, VM Servers, Plex Server, webserver, all on my gigbit onboard network connection so i figured also having multiple cards will also not bog things down later.. but i not expert i just guessing

and like i orginalyl thought if i had a ip on HA 3 different network interfaces and pfsense had all the ips it would work... would it have worked different if i used a 4 card port in Pfsense and ran them all into the network switch and skip Vlans does that work better and let the switch create the vlans?

i guess the big companies figure all that multihome asymmetrical stuff you been dealing with for years.. they probably run different software that deals with all that stuff i bet

so i guess ill try removing my 192.168.0.12 lan port for HA and go with 192.168.20.12 as it will have 100 IOTs

now i did find for some reason i can ping 192.168.10.1 but i cant ping 192.168.10.2 or 12 or any of the cameras from the lan side.. but ill play with it... probably some check mark or so lol
i appreciate the help so far... so far i learned its not plug and play like if it was on the LAN side lol

No I don't. As far as I know it doesn't stop services before taking the snaps.

It's a boot environment not an instance snapshot like you might do for VM. When you roll back it reboots into it complete with all the usual boot scripts that start the services etc.

The desktop app exists to hide all communication so that's what it does. pfSense and pfBlocker cannot see it inside the tunnel.

But, yes, you can easily just policy route single clients over the VPN rather than the full subnet.

Steve

@jknott that i don't know.

I arrived at 1472 by plugging my win10 laptop directly into the modem and pinging with the flag set at whatever it was and working my way down until it stopped fragmenting. i didn't realize that the 28bits for the header were to be added onto the mtu size once the fragmentation limit was found. it's all fine, works great without any issue. just thought you'd all like to know about my experience.

It seems to be working. Thanks