What happens if you run /usr/local/bin/vnstat from the cli and have you got Status_Traffic_Totals installed ?

[2.4.2-RELEASE][admin@pfsense]/root: /usr/local/bin/vnstat

rx      /      tx      /    total    /  estimated
WAN (pppoe0):
      Mar '18    41.81 GiB  /    2.57 GiB  /  44.38 GiB  /  70.08 GiB
    yesterday      2.44 GiB  /  131.85 MiB  /    2.57 GiB
        today      1.40 GiB  /  103.39 MiB  /    1.50 GiB  /    2.38 GiB

LAN (igb0):
      Mar '18      8.63 GiB  /  48.17 GiB  /  56.80 GiB  /  89.70 GiB
    yesterday      6.28 GiB  /    8.63 GiB  /  14.92 GiB
        today    165.54 MiB  /    1.46 GiB  /    1.62 GiB  /    2.58 GiB

USER (igb0.2):
      Mar '18      4.83 GiB  /  36.86 GiB  /  41.69 GiB  /  65.84 GiB
    yesterday      3.43 GiB  /    5.18 GiB  /    8.61 GiB
        today    108.51 MiB  /    1.36 GiB  /    1.47 GiB  /    2.33 GiB

GUEST (igb0.3):
      Mar '18    10.70 MiB  /  16.83 MiB  /  27.52 MiB  /  40.00 MiB
    yesterday      1.21 MiB  /    1.89 MiB  /    3.10 MiB
        today      777 KiB  /    1.19 MiB  /    1.95 MiB  /      –

IOT (igb0.4):
      Mar '18    344.16 MiB  /    7.13 GiB  /    7.46 GiB  /  11.78 GiB
    yesterday    26.21 MiB  /  647.64 MiB  /  673.85 MiB
        today    10.36 MiB  /  39.67 MiB  /  50.03 MiB  /      77 MiB

DMZ (igb0.5):
      Mar '18      2.72 GiB  /    2.70 GiB  /    5.42 GiB  /    8.56 GiB
    yesterday      2.71 GiB  /    2.69 GiB  /    5.40 GiB
        today      854 KiB  /    1.26 MiB  /    2.10 MiB  /      --

VOICE (igb0.6):
      Mar '18    76.94 MiB  /  111.22 MiB  /  188.17 MiB  /  295.00 MiB
    yesterday      6.77 MiB  /    7.30 MiB  /  14.07 MiB
        today      4.27 MiB  /    4.60 MiB  /    8.87 MiB  /      12 MiB

TEST (igb0.7):
      Mar '18    58.24 MiB  /  53.63 MiB  /  111.88 MiB  /  174.00 MiB
    yesterday      1.43 MiB  /    2.10 MiB  /    3.52 MiB
        today      939 KiB  /    1.34 MiB  /    2.25 MiB  /      --

IPsec (enc0):
      Mar '18    31.54 MiB  /  946.15 MiB  /  977.68 MiB  /    1.51 GiB
    yesterday        0 KiB  /      0 KiB  /      0 KiB
        today        0 KiB  /      0 KiB  /      0 KiB  /      --

The traffic isn't right for my LAN interface as I think it puts the parent interface into promiscuous mode, my LAN interface is just used for switch & Wi-Fi management no way the total is 56.80 GiB.

[2.4.2-RELEASE][admin@pfsense]/root: /usr/local/bin/vnstat –longhelp
vnStat 1.15 by Teemu Toivola <tst at="" iki="" dot="" fi="">Query:
        -q, --query          query database
        -h, --hours          show hours
        -d, --days            show days
        -m, --months          show months
        -w, --weeks          show weeks
        -t, --top10          show top 10 days
        -s, --short          use short output
        -ru, --rateunit      swap configured rate unit
        --oneline            show simple parseable format
        --exportdb            dump database in text format
        --importdb            import previously exported database
        --json                show database in json format
        --xml                show database in xml format
  Modify:
        --create              create database
        --delete              delete database
        -u, --update          update database
        -r, --reset          reset interface counters
        --sync                sync interface counters
        --enable              enable interface
        --disable            disable interface
        --nick                set a nickname for interface
        --cleartop            clear the top 10
        --rebuildtotal        rebuild total transfers from months
  Misc:
        -i,  --iface          select interface (default: eth0)
        -?,  --help          short help
        -D,  --debug          show some additional debug information
        -v,  --version        show version
        -tr, --traffic        calculate traffic
        -l,  --live          show transfer rate in real time
        --style              select output style (0-4)
        --iflist              show list of available interfaces
        --dbdir              select database directory
        --locale              set locale
        --config              select config file
        --savemerged          save merged database to current directory
        --showconfig          dump config file with current settings
        --testkernel          check if the kernel is broken
        --longhelp            display this help

See also "man vnstat".</tst>

Access Point What's the point of doing it?

Ok. Thanks for the response. I will try it.

@SammyWoo:

@H20FRKS:

SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?

Just the opposite.

Great thanks! I will continue my efforts to understand pfSense better and work on building a server.

Hi Steve,

I fully support your statement. Do not upload files to your firewalls from an unknown sources.

The driver was compiled on freeBSD 11.1 amd64 release.

Kind Regards,
Nick

I was able to get back into the router after setting my static IP address (and then unsetting it afterwards).  I was able to restore my router using a backup to the point BEFORE I tried to implement OpneVPN.

This issue is resolved.  Thank you all for your help.

Reflashed the BIOS to 4.0.12.

Ran a memtest for a week, 0 errors.

Stopped the memtest this morning. Let PFSENSE boot, withing 5 minutes it crashed. Below is the log in the pastebin link.

https://pastebin.com/hHSnpnmg

@stephenw10:

If you have Gold membershiop or Book access then:
https://portal.pfsense.org/docs/book/usermanager/external-authentication-examples.html#active-directory-ldap-example

Otherwise there's troubleshooting tips here: https://doc.pfsense.org/index.php/LDAP_Troubleshooting

Steve

Yes i Have , i found it

Many Thanks Steve

USB Ethernet is notoriously variable. Usually not too much we can do about that other than swap it out.

Try increasing the number of available php processes. In System > Advanced > Admin Access set 'Max Processes' to 4.

That may resolve it if it's something temporarily using resources or it may just increase the time between issues.

Steve

Hi,

the modem isn't the source of the problem. Since it doesn't handle the pppoe session the settings for MTU are greyed out.

Here's a snippet of my pfsense config file:

        <ppps><ppp><ptpid>0</ptpid>                         <type>pppoe</type>                         <if>pppoe0</if>                         <username>myusername@netaachen.de</username>                         <password>youwontbelieveit</password>                         <provider>netaachen</provider>                         <idletimeout>0</idletimeout></ppp>                 <ppp><ptpid>1</ptpid>                         <type>pppoe</type>                         <if>pppoe1</if>                         <ports>vtnet0</ports>                         <username>myusername@netaachen.de</username>                         <password>youwontbelieveit</password>                         <provider>netac</provider></ppp></ppps>         <interfaces><wan><enable></enable>                         <if>pppoe1</if>                         <spoofmac></spoofmac>                         <ipaddr>pppoe</ipaddr>                         <ipaddrv6>dhcp6</ipaddrv6>                         <dhcp6-ia-pd-len>16</dhcp6-ia-pd-len>                         <dhcp6usev4iface></dhcp6usev4iface>                         <mtu>1492</mtu></wan> [...]</interfaces>

What's REALLY weird is that the password I find in the config is different to the one I find in my tcpdump/wireshark recordings. WTF? How can that be?
Session is coming up fine though.
What I haven't found is some RFC explanation about how MTU is being negotiated.

This is what my interface is saying btw:

pppoe1: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1442</up,pointopoint,running,noarp,simplex,multicast>

Ping6 seems to verify that, since 1442 - 40 (IPv6) - 8 (ICMP6) are actually 1394 which is the maximum packet size I can ping6.
Confusion starts to grow. :-\

Edit:
I took a closer look at the tcpdump and what I found is that the Router Advertisement is saying 1442. Why would the provider want to do this? It looks like a faulty setup Router Advertiser to me.

wireshark_pppoe.png
wireshark_pppoe.png_thumb

I asked about this just recently..  https://forum.pfsense.org/index.php?topic=145261.0

and using openvpn seems like something people would expect you to use from home-to-work. (but that is already setup by our sysadmin)

So I'm guessing your asking how to setup this - because you do not have this feature today.

Check out this: https://www.ceos3c.com/2017/04/10/configure-openvpn-for-pfsense-2-3-step-by-step/

Well, you have no choice but to VLAN from something to get the Wireless AP behavior you desire. But that does not have to be done on pfSense. A switch could do it. pfSense would have two physical interfaces to two untagged ports on the different VLANs in that case. But why not just VLAN it?

If you don't want to mix tagged and untagged traffic on a physical interface, don't. Just leave the untagged interface unassigned.

Thank you for your response. I will try and keep notes on when it occurs throughout the day tomorrow and see if anything odd is in the system logs.

@viragomann:

ping and traceroute maybe do well. ICMP is a stateless protocol. The problems with that come if you establish a stateful connection.

So I'd try one of the suggestions.

OK, thanks for bearing with me! That one got through, I can just about picture how that makes a difference with how things are flying around.

@muppet:

I would check with your ISP and see if they have hard-set your port to 100/Full
Maybe the pfSense is trying auto and, seeing nothing, not bringing up the port.
And the switch, not seeing auto frame either, might be defaulting to 100M half-duplex, thus causing all the frame drops/problems.

This really sounds like an Ethrnet problem, nothing to do with pfsense itself.

PfSense works just fine, so it's not the problem.  The problem will be your Ethernet card, the drivers or similar.
Try and do some diagnosis to see what speed and duplex the port is coming up at, especially when connected to your laptop (is auto-neg being used or not?)

Thank you!
It really was something wrong with ISP's port. It was set to auto, but still didn't work correctly, so my connection was regularly jumping through different modes-speeds and getting big error rate. They just changed the port, and now everyhing is perfect.

They would never do anything if I said them it's pfSense or any incompatible router, but they couldn't reject the issue with just switch.

@stephenw10:

At layer 3, yes (probably). At layer 2, maybe. At layer 1, nope.

The reason it's a good test to put an unmanaged switch between your WAN interface and modem is because it can show up issues exactly like this.

If your modem is set to 100Mb full duplex rather than auto the switch will likely connect to that fine and will also connect to the WAN interface that is set top auto negotiation fine. But without it you get a default connection which is often 10Mb half duplex, horrible speeds and huge error rate.

Ethernet hardware should all conform to the specs and be compatible but that is not 100% true. Some cards will refuse to establish a link or continually flap up and down for no good reason. I have a Realtek card here that behaves exactly like that but only when connected to one switch I have.  ::)

What is the NIC in the Win7 PC?

Can you see the link speed/duplex on the switch in each of these cases?

Steve

Thanks for the info. Yes, they seem to implement things a bit differently. My Realtek NIC refused to see that broken connection at all, while Broadcom's one somehow worked fine on that… Also that Realtek only accepts it's hw mac, while Broadcom don't care.