@keyser said in Poor 10gbps WAN throughput:

@Gblenn Did you knwo you can do this:
https://answers.microsoft.com/en-us/windows/forum/all/how-can-i-prevent-automatic-updating-a-specific/9967b1cf-dc6f-495d-82be-4ab3f3207ff1

Thanks for the tip but that is not the issue, and it didn't help. Every time after a shut down and start of the PC I cap out at 2-2.5 in speedtest (only download however).

What is interesting however, is that I now tested with iperf and get the full 9.44 Gbit... so what is it that speedtest does differently, or fast.com for that matter?

@zaibi12345 said in configure unifi with pfsense:

1 unifi dream machine pro controller with 20 access points connected with it, In lab if more than 400 users get connect, it got crashed all connected users faced disconnectivity. 1200 users is actual limit as advised by unifi support team.
actually we need to connect more than 2000 users at a time and 5 controllers is not a solution

I use a self hosted controller https://help.ui.com/hc/en-us/articles/360012282453-Self-Hosting-a-UniFi-Network-Server

Easily installed via this script https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776

Which I run on a Debian VM under Proxmox on a Mini PC also running pfsense as a VM.
For your application, being more generous with the hardware would be sensible. https://lazyadmin.nl/home-network/unifi-controller/ and https://techspecs.ui.com/unifi/cloud-keys-gateways/cloud-key-enterprise

And that nmap error was triggered in that time period?

@stephenw10 Thanks so much for all your time and patience, but I finally admitted defeat and gave up. I canceled the Verizon service today and will be returning the gateway device shortly.
I'd love to track down the gremlins and eventually switch away from my horrible DSL provider, but the trial I was on was about to expire, and I was out of time to screw with it for now.
Maybe one day I'll try it again, possibly with T-Mobile home internet, which I think it also in my area. I've heard they will be making it easier to 'bridge' their gateway device soon, so that might be an option.
I really do appreciate all your help, sorry we couldn't come up with a real solution!

You don't have to set .1 as the gateway. It still has to be the real gateway IP. The subnet simply has to contain both the host and gateway IPs.

The next Installer version should be very soon.

pfSense is the router at the main house?

What's the other end of the OpenVPN tunnel?

You shouldn't need any port forwards if routing between the two ends of the tunnel is working.

@ajaypatel26 said in Port forwarding for Synology on Openvpn address:

I can connect the backup nas to my home router and get 192.168.10.10 I can work ok but the backup task not working.

What exactly is working OK there?

Steve

@rsicard said in SG-1100 package manager, search for available no work:

Now how much is this going to cost me to upgrade?

Nothing. There is no cost involved here. All Netgate hardware includes Plus upgrades for the life of the device.

Hmm, possibly you changed the IPSec filtering mode? That can hide tabs for VTI or IPSec interfaces.

Hmm, nothing terribly exciting there. Sure seems like it must be OpenVPN doing something. 🤔

@johnpoz said in Firewall log TCP -S:

curious let see if you get any hits on those ;)

Probably depends on what types of clients are behind the firewall. I'd certainly expect some hits on some of those.

@Antibiotic Ok , finally I think found correct settings with VPN interfaces. Waveform measuring looks like incorrectly upload speed, Ookla speed test show me correct
1GB upload speed and 1GB download. Have A+))) , without Limiters have B or C. Tested grade on all inerfaces with VPN and without VPN only clear WAN. All looks good grade A+ tested also with a proxy squid also A+. This my final settings Limiters as from official docs and floating rule as below:

Screenshot_4-6-2024_151052_192.168.10.1.jpeg

No it shouldn't lock up the system entirely. You might end up blocking all ICMP traffic depending on how the limiter is configured. That could potentially block gateway monitoring etc.

@Greg2100 said in trouble adding LAN2 & LAN3 interfaces (assignments):

Not very intuitive!!!

For people inexperienced with managed switches, then yeah there is a bit of a learning curve.

@stephenw10,

I would need something to force a status change. Maybe unplug the UPS so that NUT complains.
I have Edge and FireFox I can try on it.

Phizix

Indeed TFTP is, deliberately, very simple. It can be dramatically affected by any latency. You could test a tftp transfer directly and see what speeds you get. If it's bad though there's no much you can do other than use a local server instead.

Yes I would try it. First check the boot logs where is shows the output from the driver when it attaches (or fails to).

Hmm, probably not since that workaround exploited a bug that is now fixed: https://redmine.pfsense.org/issues/14756

So the particular issue you see in an HA setup is that the pfSync Interface is directly connected and hence is link cycled. Yet despite both ends being statically configured and most services not listening to that everything is restarted?

That does seem like something that could be excluded. 🤔

@mauro-tridici create an alias with your country or countries you want to allow, and or any other IPs

allow.jpg

This is the alias that is allowed to talk to my plex server. See I allow US Ips, also Morocco because I have a family member currently living there. Then some other IPs that are used to check if my plex server is up and if not warn me.

The reason for the other lists is because some of those IPs are not always from the US.. Many monitoring services use IPs from all over the planet to make sure your service is up.

That one labeled PlexRemoteCheck is list plex puts out for their IPs that validate your server is available remote - and it can be IPs outside the US as well.

@Yet_learningPFSense said in When installing PFSense, I am asked to connect to the internet:

@anthonys Thanks. I will try again according to the URL you gave me.

Or just download good old offline installation image from here.