@stephenw10
I will do that, thanks for your help :)

@stephenw10

Wow Ok.

Well I never saw those kinds of speeds with the VPN on. I saw them on my WIFI with the VPN off. But via ethernet with the VPN on is new for me. I like though. I would very much like to replicate and make it the standard.

Yes the Tier 1 I created as a proof of Concept to see if it would give me access to some stuff, I am not able to access on my Tier 2. Hence why I want to make it my Tier 1. The only issue is that I suspect I may be limited by the internet speed available to the VPS. I have to contact the vendor to see what speeds should be expected on the VPS. So I don't know if I will get the same speeds as my Tier 2. However, 20Mbps is the minimum of my heaviest bandwidth services so if I can at least get double that at 40Mbps as a standard, I will be content.

I am new to creating your own VPN server, so I will now have to look into things such as throughput etc.

as it relates to the high latency, yes both gateways are over 2,000 Miles from me give or take.

Hmm, that seems more like something on the cable side.

You could try setting at the command line:
sysctl net.link.lagg.lacp.debug=1

That will give you a lot more LACP logs on the pfSense side which might show something.

Steve

^^^^ ---- DERP

i think i just found it...

Diagnostics/Packet Capture
-_-

If you increase the probe interval want to increase the other intervals shown there in proportion. Otherwise they start to be meaningless. The Alert interval must be more than the probe interval for example.

If you're using DNS server as monitoring targets those servers MUST be set to the same gateways in System > General setup. Each of those things sets a static route to that IP and they must agree.

You can check the Status > Monitoring Quality graphs to see what each link has been doing historically.

Steve

Did you get past this?

Seems like an actual DNS based on this and your other post. Are you using the default DNS settings?

Steve

This should already be solved on your other thread. Once you've added the gateways you can route one group via one public IP and the other via the other IP. Then OpenDNS can respond differently to each group if you need that.

But if one groups can be unfiltered you don't even need that. Just pass the OpenDNS IPs as DNS via DCP to the filtered group and allow everyone else to use pfSense (or some other DNS server) to get unfiltered results.

Steve

Oh and by the way, @jimp did a great hangout: https://www.netgate.com/resources/videos/server-load-balancing-on-pfsense-24.html :-)

-Rico

Do you see that same loss if you ping, for example, 8.8.8.8?

If not just edit the gateway and set the monitoring IP to that instead. Or some other external IP.

Do you have more than one WAN if not you can disable the monitoring action on the gateway. You will still get data but pfSense won't start reloading stuff if the loss goes over 20%.

It seems like maybe the Comcast gateway IP is just not good at responding to pings and it doesn't have to be. If they ping your modem from their end they won't necessarily see that loss.

Steve

Thanks everyone above, for helping.

Dude don't know what to tell you but pfsense blocks nothing out of the box...

How does the game fail? Does it give you an error, says can not connect to server what?

If your running blocking software be it IPS or Proxy - those for sure could be your problem.. But they would LOG it, etc..

Works some times, not works other times points to problem in your wifi network or possible dns issue?

If firewall blocking - it always blocks, it doesn't block sometimes and not others. Possible you have issue with connecting to a specific server in the CDN when it fails, etc.

Your going to have to give some info if you want help... You have told us nothing really other than it sometimes fails..

@stephenw10 Hey Stephen,

Thank you very much for all your attempts at helping me out. I DO appreciate it.

I resolved the issue by cancelling my subscription to the VPN service with the flaky client - I mean it won't even clean install ffs.

Anyways, I didn't want to leave the thread hanging so thats it - it's done. Problem resolved. I won't disable frag3 for a flaky client that would be ridiculous. The other VPN service I have has a client that works flawlessly and I am tired of banging my head against the wall with level one help-desk agents that have a "upgrade to the latest client" mantra and when that doesn't work wait 3-4 days with nothing on the ticket. PIA is being overwhelmed with customer tickets right now it says so on their ticketing system "unusual wait times" and all that type of language on their site. And this came as a direct result of their latest client release so....they must've pulled a Microsoft and released little better than alpha software as a full version production release. Whatever not my problem anymore.

Thanks once again for your efforts. They are appreciated.

@johnpoz Thanks for your help and sorry for the confusion. Have a good day.

hey buddy can you help me on how to set-up opt1 and opt2 and wan with the same gateway.

Yes. Logging to an external logging system is expected if you want more than basic debugging tools.

I have used many "enterprise" firewalls and we never depended on them to store anything but the most cursory of logs on the devices themselves. We always logged to something external if anything historical was desired.

@akuma1x
simply because you don't want to keep in memory what customers is using what addresses. It's a bit difficult when you get up to 400+ customers divided on 4 addresses, it's much easier installing some kind of load balancer dividing all traffic on several setups. but sure enough it would work, if you wouldn't mind a bit of hassle.

The SG-5100 is now at 699.00 vs 799.00: https://store.netgate.com/SG-5100.aspx