What I set up for a client that is on FTTN is a Draytek Vigor 130 (i think) in bridge mode and a pfsense box. Their modem/router with the phone connection is connected to the pfsense box and goes out to the internet all by itself. All the other internal network runs off the pfsense box. FTTN ^ Draytek ^ pfsense box----------------> Old modem/router with ATA built in | |-----------------------------> Rest of network Hope that helps.

@sven72 The controller can just run on a VM.. Or a docker even - I run mine as a vm on my nas. You get a better AP, you get a better switch to be honest and more ports. While the UDM and the PRO and what the SE do have market I suppose. They have a new budget one coming out its in EA I think right now that is only 79$ that could be a good seller for them. I am just really not a fan of all in one boxes.. For big one where that box would go is rarely the correct place for an AP.. 4 ports pretty useless and would need a switch anyway ;) Once you put all that stuff into one box you limit yourself on features and functions, etc. While you can get a $40 smart switch.. You could also spend way more than that if you want more features at the switch level, etc. AP you can spend way more as well - but the U6 lite is better than the wifi that comes with that udm I do believe. If you really want to make it work - it can be done, it would end of being a bit of a mess in how has to be configured to be honest. Just a normal AP or even APs, a switch and your router makes for a clean setup with lots of options for expansion and configuration to really do whatever you would want to do.. There is a market for the UDMs even if your past your return window and want to get your money back. But if you don't want to use it as they intended a all in one box setup, its a pain trying to force it into your network and just use the functions you want.

@stephenw10 said in AWS pfSense VPC DNS: Start a ping to it. Check the state table. Where is the ping going? Where is that subnet actually available if you haven't created it yet? Steve Steve, once again many thanks for giving your time to help me. I've got is working. I had DNS resolution enabled on the VPC, but not DNS hostnames. My EC2 still has XXX.XXX,0.2 as its dns server and I don't have a XXX.XXX.0.0 subnet. But its working now.

You can see that to a certain extent just using the traffic graphs: [image: 1640215014521-screenshot-from-2021-12-22-23-16-09.png] Otherwise the options available are shown here: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html Steve

@stephenw10 Yeah, to be clear, I think this whole issue is mostly because my ISP suuuucks. lol If they had better documentation, or actual support personnel who knew the difference between a modem and a router (I mean this literally), then this probably wouldn't have even come up.

@stephenw10 I wondered if the 1 and 0's quotes not needed because they are simply enable/disable, yes, no, etc. Now to look at variables.

@stephenw10 Just to come back with a working solution. On the 4port intel card I've passthrough one NIC, problem solved immediately. So this is as far as i've seen a ESXi issue, either vmx driver nor vswitch stuff.

@stephenw10 After a couple of months I finally looked at the log. :) Some of those entries read in a way that I'm surprised anything is working.

Yup, sorry if you use the actual php shell directly you just need to run: playback generateguicert If you're at the command line you can invoke the shell with the full command: [22.01-BETA][root@pfSense.home.arpa]/root: pfSsh.php playback generateguicert Generating a new self-signed SSL/TLS certificate for the GUI...Done. Restarting webConfigurator...Done. Steve

That should be fine as long as it's not PPPoE, which I wouldn't expect it to be.

@stephenw10 Next time i add an interface/VLAN I will time it and let you know

@swansense said in NAT vpn if connection to a specific host.: Thanks again and happy holidays. No problem - and a happy holidays to you as well..

Problem solved. Thank you again for responding @mcury I have to create VLANs before assigning interfaces. I got confused by the Youtube video, where for some reason the person didn't have to create the VLANs before assigning. Thanks, Mike

@chpalmer said in Reefcam: @redhammer999 Is the "Gateway" address set properly on the camera? A good shout but yes it does :(

@patch said in Unable to update servers: @misinthe in a Proxmox console try systemctl restart networking Doing so also fixes Proxmox networking for me but corrupts reboot But if you have a physical console connected to Proxmox you can get and idea of what is happening and after reboot is done a few times it seams to settle down again until the next change to network configuration involving Proxmox. I was messing around on PfSense, trying the network to get the DNS server. And now I got a different error when trying the apt-get update. [image: 1639887912492-1de5c8de-f96d-42a6-8730-18bed340f523-image.png] I will try the restart networking in the morning. Appreciate all the help.

@aagaag said in DNS resolver host override, DNS server is not hosted by pfSense: WAN IP will be rotated by the provider. Is there any way to provision for that? This is what ddns is for, setup a ddns to point to whatever your public IP is..

Deleting the bond0 has left one interface intact with the correct IP address. So I was able to use the secondary interface to test speeds directly. It seems pretty clear that pfsense is not the problem at all. Getting the same speeds directly with a laptop directly connected to the NAS. [image: 1639855781501-test.png] Iperf3 test shows network is not the problem. From Laptop to NAS iperf 3.6 Linux nas 4.4.180+ #42218 SMP Mon Oct 18 19:16:01 CST 2021 aarch64 ----------------------------------------------------------- Server listening on 4444 ----------------------------------------------------------- Time: Sat, 18 Dec 2021 19:33:48 GMT Accepted connection from 10.15.1.8, port 13951 Cookie: DESKTOP-VPJHHOI.1639856027.395816.51 TCP MSS: 0 (default) [ 5] local 10.15.1.7 port 4444 connected to 10.15.1.8 port 13952 Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test, tos 0 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 106 MBytes 889 Mbits/sec [ 5] 1.00-2.00 sec 111 MBytes 929 Mbits/sec [ 5] 2.00-3.00 sec 110 MBytes 922 Mbits/sec [ 5] 3.00-4.00 sec 111 MBytes 930 Mbits/sec [ 5] 4.00-5.00 sec 111 MBytes 933 Mbits/sec [ 5] 5.00-6.00 sec 110 MBytes 924 Mbits/sec [ 5] 6.00-7.00 sec 109 MBytes 913 Mbits/sec [ 5] 7.00-8.00 sec 110 MBytes 924 Mbits/sec [ 5] 8.00-9.00 sec 109 MBytes 917 Mbits/sec [ 5] 9.00-10.00 sec 112 MBytes 936 Mbits/sec [ 5] 10.00-10.03 sec 3.90 MBytes 944 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate [ 5] (sender statistics not available) [ 5] 0.00-10.03 sec 1.08 GBytes 922 Mbits/sec receiver CPU Utilization: local/receiver 14.8% (0.6%u/14.1%s), remote/sender 0.0% (0.0%u/0.0%s) rcv_tcp_congestion cubic iperf 3.6 From NAS to Laptop iperf 3.6 Linux nas 4.4.180+ #42218 SMP Mon Oct 18 19:16:01 CST 2021 aarch64 Control connection MSS 1460 Time: Sat, 18 Dec 2021 19:35:02 GMT Connecting to host 10.15.1.8, port 4444 Cookie: yg6a4kxaczkaolqgasfxmaynim35ot3rbjro TCP MSS: 1460 (default) [ 5] local 10.15.1.7 port 32954 connected to 10.15.1.8 port 4444 Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test, tos 0 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 111 MBytes 934 Mbits/sec 0 211 KBytes [ 5] 1.00-2.00 sec 108 MBytes 903 Mbits/sec 0 211 KBytes [ 5] 2.00-3.00 sec 106 MBytes 887 Mbits/sec 0 211 KBytes [ 5] 3.00-4.00 sec 107 MBytes 900 Mbits/sec 0 211 KBytes [ 5] 4.00-5.00 sec 106 MBytes 891 Mbits/sec 0 211 KBytes [ 5] 5.00-6.00 sec 104 MBytes 870 Mbits/sec 0 211 KBytes [ 5] 6.00-7.00 sec 109 MBytes 911 Mbits/sec 0 211 KBytes [ 5] 7.00-8.00 sec 107 MBytes 895 Mbits/sec 0 211 KBytes [ 5] 8.00-9.00 sec 107 MBytes 901 Mbits/sec 0 211 KBytes [ 5] 9.00-10.00 sec 107 MBytes 900 Mbits/sec 0 211 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 1.05 GBytes 899 Mbits/sec 0 sender [ 5] 0.00-10.00 sec 1.05 GBytes 899 Mbits/sec receiver CPU Utilization: local/sender 5.7% (0.4%u/5.3%s), remote/receiver 13.4% (6.5%u/6.9%s) snd_tcp_congestion cubic iperf Done.

@patch Problem Solved. It was a problem with my MacBook. I created a new profile on my MacBook and that one works fine. So there is issue with the network setup on my other profile. Anyway, Thank you so much for everyones help and advice. It has only strengthened my feelings about PFSense being a good choice.

Hmm, well that's good news, it implies the TB 10G adapter is not the cause so probably can be made to work. Unless you have some traffic shaping set in pfSense it's hard to see what might cause that. Something in Windows guess though I'm not sure what. Steve

@jt40 said in Sky modem replacement - MK2 socket: this is one of the suggested as replacement which supports Sky MER: TP-Link AC2100 - Archer VR2100 That's also a router (with a built in modem) not a modem. An actual modem is something like the Draytek V130 or Huawei HG612. I am in the UK but, alas, not yet in a FTTH area. If you upgrade to FTTH you still need a modem of sorts. The connection is provided via GPON so you get an ONT box that converts that to Ethernet you can plug pfSense into. Steve