Humorous thread with an evil ISP, indeed.

I assume you only have one NIC in that device?

You can still leave LAN assigned as the parent interface directly and assign VLAN99 as an OPT interface.

Steve

Mmm, but you can set the default source to a non used port for example it won't ever log anything. Just use your custom source on the real port.
Or just use a non standard port to send traffic to your custom source.

Steve

@johnpoz
Hi Johnpoz

Thanks to you and all of the above for your replies.
I was seeing some very strange behavior which looked like some kind of corruption to me:-
Addresses were not being blocked even though they were clearly in a rule. Some addresses within an alias were being blocked while other were not. When I'd clicked on an alias it would open a different one to that clicked on. I tried a reboot to see if that cleared anything and during the pfsense startup my screen was just scrolling with errors of myriad description; file errors, device errors, api errors, version error and interface id errors ... ...
I have backups of my settings so I'm just going to do a rebuild and import, as currently I can't trust a thing I read. I'm guessing that was the issue all along and hopefully It will be cleared after the restore.

Thank for you help everyone.

https://redmine.pfsense.org/issues/12747

If you don't normally see that it implies something was causing one of the other logs to fill and be rotated more frequently that normal which could be a clue. Looks like every 3hrs which is not that fast for the default log size. A ddos attack would log far more for example.

Steve

@nogbadthebad Only the last octet is changing and mostly it is just 1-9 for me.

@stephenw10

You are a lifesaver, I was going crazy with this for the past 5 days (on & off) I disabled all of the RSC options on both the NICs & the virtual NICs in Hyper V, rebooted the server and the VM and when I ran the Speedtest it was able to complete the upload test without any error. I was also able to connect to PCs via TeamViewer and also send out emails.

Thank you so much!

@patch said in I am not reaching the required speed:

To do this you need more physical NIC than the 2 you have.

...and it still may not help because you're running Realtek NICs and PPPoE. ~680Mbps is about what I expect from that.

Confirm it by running top during a test to see the per core CPU usage. The receive NIC queue is probably at 100%.

Steve

Yeah seems OK so that starts to look like a DNS issue again. I assume DNS is failing on the client still?

Mmm, either uncheck 'DNS Server Override' and set 'DNS Resolution Behavior' to Use remote.

Or set a domain override for penguinpages.local in Unbound to use the AD server.

Steve

@luckman212 Ok, thank you for responding. I am now on 2.5.2 and happy for now, I will try this in due time.

Good result.
As an alternative you can just tune the monitoring settings to better match your line. Some WANs have far higher latency under load.
You might also try an FQ_CODEL setup instead of HFSC.

Steve

@penguinpages

On the Export page
Use : Other , instead of interface IP

8730e35b-5102-4431-a4d7-f0e2ab1a3456-image.png

@stephenw10 After replacing the SSD I have not seen any errors after 4 days of uptime, even with ntopng running, so problem was indeed the bad SSD.

Thank you so much for your help in troubleshooting my issue!

@stephenw10

Just wanted to respond with close on this issue.

DNS and setup of pfBlockerNG-devel plugin helped solve and the youtube videos on it also were help in learning more tuning.

AD Auth. Issue was first that I did not have groups named and decriptions matching in AD... which created a bit of rabbit hole.. Then when I just took time to recreate Auth type with AD recommended template, it worked. Thing to know is if you don't get groups respond on query, and can add/ change user group membership and see auth test track those changes.. STOP.. fix AD.. then move on to other things.

Good Return Example: AD group membership matches
9eeadbd7-30c2-4337-9634-47dc01004e60-image.png

Thanks for help and responses to this posting. As I learn more , hopefully I can help others

@stephenw10 thank you, this is reassuring to hear. Indeed an odd claim considering pfSense is already FreeBSD 12.3 based. I haven’t seen any such issues with pfSense, but I spent hours trying to diagnose the IPv6 dropping issue with opnsense before. I really wouldn’t want it to come to pfSense at some point.

@stephenw10
Did upgrade the driver.
As far as I can see, no additionnal error.
I shall let you know if it is definitely stable.

Thank you again for your help.

@stephenw10
thank you I try...

@stephenw10 ahhh you got it, I need to setup vlans in proxmox & pfsense... Been stuck on this for days, Thank you. You saved my home lab!