Did you try the official documentation at https://doc.pfsense.org/index.php/L2TP/IPsec ?

What version of Windows do you use? Is your client behind a NAT?

install the traffic total package.  Or install darkstat or bandwidthd

If your just looking for total traffic summary is prob what your looking for.  Just select say monthly or daily and get totals, or you can even see hourly, etc.

Sorry for bringing this old post back again. I, too, trying to remove F1 prompt but I'm using GMirror and wanted to ask what's gonna be the device for me? This is what I have:

[2.4.3-RELEASE][admin@pfs17]/root: df -h Filesystem                      Size    Used  Avail Capacity  Mounted on /dev/mirror/pfSenseMirrors1a    129G    960M    118G    1%    / devfs                          1.0K    1.0K      0B  100%    /dev /dev/md0                        3.4M    164K    3.0M    5%    /var/run devfs                          1.0K    1.0K      0B  100%    /var/dhcpd/dev procfs                          4.0K    4.0K      0B  100%    /proc

fdisk -B pfSenseMirror doesn't look very right to me. There are two underlaying SSD drives working as ada0 and ada2 - how do I do it?

-San

Yes, more information required!  :)

Steve

@scotty562:

I don't ever want to be short again :).

I'm not really proposing a solution for your v4 problem, but, when you have some time, take a look what v6 /64 can do for you  ;D

Ok, thanks for your suggestion will give that a try.

@BLiNX:

Currently the internet served by a standard router with some UAPs, which doesn't have good firewall. As long as the internet connection fast & stable, security is not really important here. Mainly for entertainment/streaming purpose only.

@jahonix:

… Stay away from those cheap switches with "108E" in its name (TP-Link, Netgear).

I will avoid those SG105E & 108E, although they're support 802.1q. Just want to know why should I?

They leak traffic from the native LAN to the VLAN.  My TP-Link access point does the same thing, which makes it useless for having multiple SSIDs and VLANs.

In case anyone else has this problem the workaround is to run mc -u

https://forums.freebsd.org/threads/misc-mc-problem.55627/

Hi Clint,

Here are some helpful threads and resources on network tuning to get your started.  There are some other parameters you can tweak as well beyond the ones that you have already adjusted:

https://forum.pfsense.org/index.php?topic=113496.0
https://forum.pfsense.org/index.php?topic=132345

https://calomel.org/freebsd_network_tuning.html

For further troubleshooting, please also see the "Where is the bottleneck ?" section here:
https://bsdrp.net/documentation/technical_docs/performance

Hope this helps - please let us know if you have more questions.

@kfkehua:

Is that a general rule? 1 year after the release of the new version?

No

Only in this case because the 2.3.x branch is the last 32Bit version available. Netgate promised to maintain it for roughly a year after the 2.4 branch release.
Usually a version is deprecated with a new version released and users are urged to upgrade. I don't know of any pfSense LTS if that's what you're after.

@Gertjan:

Or check here https://forum.pfsense.org/index.php?board=14.0

Bookmarked.

pfblockerNG has a Sync tab for XMLRPC Sync between hosts

I can't give any better technical over what is applied above but I can give my experiences which, in and of themselves, show why you should do it right.

I use OpenHab and buy a lot of tat from China via AliExpress, BangGood etc - anyone who will post to the UK :)
For the most part I try flash my own or other Open Source firmware on it. There is more of a chance of prying eyes then. I have near-full automation from heating to all lights, presence and motion detection, wifi location tracking etc. All these features require one or many little things which I obtained from China / Ebay / AliExpress etc.

My setup is a VLAN - both on wired and wifi - for IoT stuff. This is blocked to the internet other than specific devices which I allow out. Said devices are the OH controller, Alexa and, urm, nothing else :)
Inter-VLAN routing is managed by pfSense and only specific clients can route between the two.

I bought a cheap tablet as a wall-mount-dashboard from China. £50 for a 10.1 inch Android jobbie recently.
I was looking at the logs a few days ago trying to work something out and noticed a large amount of hits on my deny-all rule. The tablet is constantly trying to phone-home. There are bursts of traffic to an IP in China. The traffic is over https so I cannot - for now - see what it is. I will try using ssl-strip one of these days when I get some time.
A few of the LED controllers also call home constantly.

All in all, you need to separate everything off from your main network.

Use a propper controller such as OpenHAB, HomeAssisant, Domotix etc to controll the smart home. Do not rely on each item because you cannot truly own them

Try, where possible, to use items which you can flash your own firmware on. Often this adds a large feature set and is maintained.

Do think Security-First

Of course, none of the above is as bad as having a Samsung Android table - they're the worse culprits :(

Is that a single firewall or an HA cluster?

Was it working OK and then suddenly stopped?

Is it reachable locally on LAN or a management interface, or completely disconnected?

You could try a completely fresh reinstall with pfSense 2.4.3 rather than 2.4.2. Even if you don't have a backup, the installer can recover the configuration from the hard drive using the recovery option on the first screen of the installer.

keep in mind it does not prefetch everything every queried.  It just renews a record that is queried if the ttl is 10% of life or left.

You prob want to turn on the serve ttl 0 option as well if your having delays with resolving.

Problem found!
The issue turned out to be with the upstream firewall.
It had the 12.x network with DHCP on a vlan that apparently these were aware of, and they were using WAN rules.
Removing the vlan and rebooting fixed it!
Thanks!

@Gertjan thanks for reply!

@Gertjan:

Now, the other part : what comes back ?

That's interesting and how would you check that ?

@Gertjan:

Start be removing things that tend to block things on the incoming side, like …. you have them both : Squid and Snort.

I tried that, wonder after disabling something, would you expect that to take immidiate effect or you need to do something else? (delete stats maybe?)