• Performance – Throughput / Speed Issues

    10
    0 Votes
    10 Posts
    1k Views
    T

    Hi Clint,

    Here are some helpful threads and resources on network tuning to get your started.  There are some other parameters you can tweak as well beyond the ones that you have already adjusted:

    https://forum.pfsense.org/index.php?topic=113496.0
    https://forum.pfsense.org/index.php?topic=132345

    https://calomel.org/freebsd_network_tuning.html

    For further troubleshooting, please also see the "Where is the bottleneck ?" section here:
    https://bsdrp.net/documentation/technical_docs/performance

    Hope this helps - please let us know if you have more questions.

  • PFSense Lifecylcle

    5
    0 Votes
    5 Posts
    643 Views
    jahonixJ

    @kfkehua:

    Is that a general rule? 1 year after the release of the new version?

    No

    Only in this case because the 2.3.x branch is the last 32Bit version available. Netgate promised to maintain it for roughly a year after the 2.4 branch release.
    Usually a version is deprecated with a new version released and users are urged to upgrade. I don't know of any pfSense LTS if that's what you're after.

  • Notification of updates

    16
    0 Votes
    16 Posts
    2k Views
    S

    @Gertjan:

    Or check here https://forum.pfsense.org/index.php?board=14.0

    Bookmarked.

  • PfBlocker backup

    2
    0 Votes
    2 Posts
    606 Views
    RonpfSR

    pfblockerNG has a Sync tab for XMLRPC Sync between hosts

  • Squid and selective VPN routing

    1
    0 Votes
    1 Posts
    227 Views
    No one has replied
  • Smart home….

    7
    0 Votes
    7 Posts
    2k Views
    F

    I can't give any better technical over what is applied above but I can give my experiences which, in and of themselves, show why you should do it right.

    I use OpenHab and buy a lot of tat from China via AliExpress, BangGood etc - anyone who will post to the UK :)
    For the most part I try flash my own or other Open Source firmware on it. There is more of a chance of prying eyes then. I have near-full automation from heating to all lights, presence and motion detection, wifi location tracking etc. All these features require one or many little things which I obtained from China / Ebay / AliExpress etc.

    My setup is a VLAN - both on wired and wifi - for IoT stuff. This is blocked to the internet other than specific devices which I allow out. Said devices are the OH controller, Alexa and, urm, nothing else :)
    Inter-VLAN routing is managed by pfSense and only specific clients can route between the two.

    I bought a cheap tablet as a wall-mount-dashboard from China. £50 for a 10.1 inch Android jobbie recently.
    I was looking at the logs a few days ago trying to work something out and noticed a large amount of hits on my deny-all rule. The tablet is constantly trying to phone-home. There are bursts of traffic to an IP in China. The traffic is over https so I cannot - for now - see what it is. I will try using ssl-strip one of these days when I get some time.
    A few of the LED controllers also call home constantly.

    All in all, you need to separate everything off from your main network.

    Use a propper controller such as OpenHAB, HomeAssisant, Domotix etc to controll the smart home. Do not rely on each item because you cannot truly own them

    Try, where possible, to use items which you can flash your own firmware on. Often this adds a large feature set and is maintained.

    Do think Security-First

    Of course, none of the above is as bad as having a Samsung Android table - they're the worse culprits :(

  • Error: pfr update stats: assertion failed

    2
    0 Votes
    2 Posts
    470 Views
    jimpJ

    Is that a single firewall or an HA cluster?

    Was it working OK and then suddenly stopped?

    Is it reachable locally on LAN or a management interface, or completely disconnected?

    You could try a completely fresh reinstall with pfSense 2.4.3 rather than 2.4.2. Even if you don't have a backup, the installer can recover the configuration from the hard drive using the recovery option on the first screen of the installer.

  • Drive Encryption

    Locked
    18
    0 Votes
    18 Posts
    2k Views
    johnpozJ

    ^ great points Harvy66

    So yeah it all boils down to if you ain't got physical security you ain't got shit ;) hehehehe

    Even a small ma an pop shop should have some sort of closet it could be locked up in.  Even in the example where it sat in a cube.. You still have physical security to the point only people that work in the office would have access.. And ok the cleaning crew, and the building security and management ;)

    But not like its sitting on a table in starbucks ;)

  • DNS Resolver vs. DNS Forwarder

    12
    0 Votes
    12 Posts
    4k Views
    johnpozJ

    keep in mind it does not prefetch everything every queried.  It just renews a record that is queried if the ttl is 10% of life or left.

    You prob want to turn on the serve ttl 0 option as well if your having delays with resolving.

  • Multi-site Link.

    8
    0 Votes
    8 Posts
    1k Views
    O

    Problem found!
    The issue turned out to be with the upstream firewall.
    It had the 12.x network with DHCP on a vlan that apparently these were aware of, and they were using WAN rules.
    Removing the vlan and rebooting fixed it!
    Thanks!

  • Tips how troubleshoop pfSense, smart people wanted !

    8
    0 Votes
    8 Posts
    605 Views
    chudakC

    @Gertjan thanks for reply!

    @Gertjan:

    Now, the other part : what comes back ?

    That's interesting and how would you check that ?

    @Gertjan:

    Start be removing things that tend to block things on the incoming side, like …. you have them both : Squid and Snort.

    I tried that, wonder after disabling something, would you expect that to take immidiate effect or you need to do something else? (delete stats maybe?)

  • Unknown Error please help

    2
    0 Votes
    2 Posts
    398 Views
    DerelictD

    https://forum.pfsense.org/index.php?topic=145990

    Set firewall max table entries to 400000

  • Qmi, mbim, ncm, rndis protocols

    12
    0 Votes
    12 Posts
    7k Views
    A

    Here is an example of devd.conf: https://forum.pfsense.org/index.php?topic=86064.msg727823#msg727823

    how to automatically run usb_modeswitch either on boot

    That was explained in the last example I referred to!
    look for "shellcmd" in the post I mentioned earlier: https://forum.pfsense.org/index.php?topic=111787.msg622688#msg622688

  • New install VERY slow speeds

    4
    0 Votes
    4 Posts
    388 Views
    DerelictD

    Yeah if both sides say full-duplex that should not be an issue.

    What happens is the full-duplex side transmits and the half-duplex side logs an error because it can't receive while transmitting. You end up with very low throughput in one direction - from the full- to the half-duplex port. The other way generally works fine because the full-duplex side can always receive without issue. It's possible to drop ACKs but in general it appears to be a one-way problem.

    This is generally only an issue when one side is hard-set and the other side is set to autonegotiate.

  • Proportionate increase in bandwidth usage and ping

    7
    0 Votes
    7 Posts
    615 Views
    H

    I think it's "180 no scope". Memories.

  • Authenticate against Ubuntu 16.04 active directory

    1
    0 Votes
    1 Posts
    241 Views
    No one has replied
  • Route specific website through VPN?

    2
    0 Votes
    2 Posts
    271 Views
    D

    Hi I following this tutorial https://www.youtube.com/watch?v=ov-xddVpxhc&index=2&list=FLrcgeSlhWx6u2OSVmULNtGw&t=498s I just want to set up my pc going through ISP instead VPN but not working.Can someone please check my settings and tell me what I doing wrong?

    ![pfSense localdomain Interfaces PIA_OVPN.png](/public/imported_attachments/1/pfSense localdomain Interfaces PIA_OVPN.png)
    ![pfSense localdomain Interfaces PIA_OVPN.png_thumb](/public/imported_attachments/1/pfSense localdomain Interfaces PIA_OVPN.png_thumb)
    ![pfSense localdomain VPN OpenVPN Clients Edit.png](/public/imported_attachments/1/pfSense localdomain VPN OpenVPN Clients Edit.png)
    ![pfSense localdomain VPN OpenVPN Clients Edit.png_thumb](/public/imported_attachments/1/pfSense localdomain VPN OpenVPN Clients Edit.png_thumb)
    ![pfSense localdomain Firewall NAT Outbound.png](/public/imported_attachments/1/pfSense localdomain Firewall NAT Outbound.png)
    ![pfSense localdomain Firewall NAT Outbound.png_thumb](/public/imported_attachments/1/pfSense localdomain Firewall NAT Outbound.png_thumb)
    ![pfSense localdomain Firewall Rules LAN.png](/public/imported_attachments/1/pfSense localdomain Firewall Rules LAN.png)
    ![pfSense localdomain Firewall Rules LAN.png_thumb](/public/imported_attachments/1/pfSense localdomain Firewall Rules LAN.png_thumb)

  • Link Alias to existing table

    7
    0 Votes
    7 Posts
    595 Views
    stephenw10S

    But I assume you want new resolved IPs to be added to the list as they are seen right?

    Or are you OK adding the IPs manually via pfctl?

    Steve

  • Issues in fresh 2.4.3

    2
    0 Votes
    2 Posts
    410 Views
    chrismacmahonC

    Both of these are Known bugs:

    Table size:
    https://redmine.pfsense.org/issues/8417

    And OpenVPN:
    https://redmine.pfsense.org/issues/8391

    Chris

  • Install pfsense on a server

    18
    0 Votes
    18 Posts
    1k Views
    B

    I've got a whole box of punch cards  :-[

    They were very handy for levelling the billiard table.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.