@johnpoz Ok I will try give a second NIC
many thanks

@johnpoz said in Only getting half speed:

@swemattias that is not a valid test to be honest.. Pfsense not meant to be a client/server sending data - its firewall/router - it routes traffic..

Because of this:

in official docs directly point that Speedtest/Fast/Librespeed/iperf3 test need to be done ON SETUP PHASE, not on the top of normal workloads; in official docs put step-by-step instructions how to test with each of above instruments; provide pre-installed tools(in pfSense’s terms “Services” or “Diagnostic tools”) to testing bandwidth of uplinks and site-site connection, VPN connection;

There have been countless threads about this ;)

Not saying such a test might not have some value - but its not a good test for throughput.. Test through pfsense, not from pfsense.

Only knows what is uplink bandwidth, possible to go forward to measure “through pfSense”.
That’s RIGHT logic !

Why fighting with a hundreds of thousands of users?
Much better to give them instruments and instructions and questions about this “why my speed is so slow” on this forum decrease on 30-40%.

@johnpoz said in link-local addresses flooding logs - Plex on Synology:

setup a rule not to log it..

That is what I did.. I have a dummy switch between NAS and pfSense, so that is the only way to go.

31f13245-871f-4166-b30d-70cef63a50dd-image.png

@stephenw10
OK, done at https://redmine.pfsense.org/issues/15326

@santheerdas yes, Prometheus Node Exporter will be the service you need for all machine related stats, including running services etc.

Ok, thanks to all for answering

That sounds like something in the browser or some browser plugin. It's not something pfSense would show.

Yup I see it. Unfortunately the backtrace isn't particularly revealing:

db:0:kdb.enter.default> bt Tracing pid 1 tid 100002 td 0xfffffe0012117ac0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe00109b4820 vpanic() at vpanic+0x163/frame 0xfffffe00109b4950 panic() at panic+0x43/frame 0xfffffe00109b49b0 vm_fault() at vm_fault+0x15c5/frame 0xfffffe00109b4ac0 vm_fault_trap() at vm_fault_trap+0xb0/frame 0xfffffe00109b4b10 trap_pfault() at trap_pfault+0x1d9/frame 0xfffffe00109b4b70 calltrap() at calltrap+0x8/frame 0xfffffe00109b4b70 --- trap 0xc, rip = 0xffffffff836cd170, rsp = 0xfffffe00109b4c48, rbp = 0xfffffe00109b4db0 --- _end() at 0xffffffff836cd170/frame 0xfffffe00109b4db0 sys_reboot() at sys_reboot+0x29c/frame 0xfffffe00109b4e00 amd64_syscall() at amd64_syscall+0x109/frame 0xfffffe00109b4f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00109b4f30 --- syscall (55, FreeBSD ELF64, reboot), rip = 0x27291a, rsp = 0x820ec2408, rbp = 0x820ec2830 ---

However it looks like it panicked when it tried to make some change after shutdown was initiated:

<118>pfSense is now shutting down ... <118> <118>net.inet.carp.allow: 0 -> 0 <6>pflog0: promiscuous mode disabled Trying to mount root from ufs:/dev/ufsid/65b7583531b4716a [rw,noatime]... panic: vm_fault_lookup: fault on nofault entry, addr: 0xffffffff836cd000 cpuid = 2 time = 1706519642 KDB: enter: panic

Unclear why it did that but it you clear the crash report and reboot and it doesn't do that every time it's likely a quirk of having just run the initial setup.

You are still running 2.7.1. You should upgrade to 2.7.2 when you can.

Steve

After updating to recent version Netgate pfSense Plus 23.09-RELEASE (amd64) there were several weeks of stability. Nothing in the mean time has been changed in the config of this PF.

Recently again the machine had similar issue and behavior showing ' SIOCGIFGROUP: Device not configured ' message again along with some other messages.

The PF machine exhibited very similar behavior again and was no longer smoothly pushing packets through, it was significantly dropping packets and the sshing into the pf over wan or accessing the webgui over wan was extremely difficult. After logging into webgui the notifications greeted with the following (date and time removed):

I also made a post in another thread because of the other error messages displayed match the OP of that thread:
https://forum.netgate.com/topic/185386/there-were-error-s-loading-the-rules-pfctl-diocaddrulenv-device-busy/18?_=1709874330173

It's a privilege you can assign to a user or group:
https://docs.netgate.com/pfsense/en/latest/usermanager/privileges.html

Screenshot from 2024-03-07 15-18-07.png

I created a boot usb drive. Once I turned the 5100 on with that in, I was able to re-install with zfs and eventually apply my config xml.

Thanks again!

Yes it would only be triggered if the OpenVAS scanning process attempts to login to the firewall with bad credentials.
If you don't have Snort or Suricata running it's unlikely to be blocked by the firewall. Perhaps something upstream is blocking it? Do you see traffic arriving at the pfSense WAN?

@johnpoz Thank you!!

@AndyM-TB said in Using restic with pfSense AWS virtual appliance:

https://restic.readthedocs.io/en/latest/080_examples.html#setting-up-restic-with-amazon-s3

You might be able to make that work. I'd look at the methods described here first though:
https://docs.netgate.com/pfsense/en/latest/backup/remote-backup.html

Steve

Not uncommon if you have VLANs, for example, for each tennant in a building.

@johnpoz No joke. I started using pfSense when 2.6 was current, pretty soon after its release, and I was getting concerned that no updates came out for like a year. It was a relief when 2.7 arrived and the two point releases that followed.

@Gblenn said in WAN not getting IP address from 192.168.0.x:

Why would you not be "allowed" to change things on the LAN side of your router?? That is "your zone" and not something the ISP should have a say about. Are they claiming they will not support you if you do?

If I was an ISP, I would consider doing just that !
No more need to support (financially) an expensive help desk !

They could post a web site with just a one line help text :

When you received our router, after connecting it, it worked fine.
So : here is the help : don't change anything anymore.

😊

edit : the real question is : why would you even call these guys to subscribe with them ^^

@stephenw10 said in WAN Link Down causes pfSense to stop responding on LAN?:

@jhg said in WAN Link Down causes pfSense to stop responding on LAN?:

OK, I installed the most recent kmod driver for FreeBSD 14

You have to use a module built against the actual kernel in pfSense. The realtek-kmod pkg is in our repo to provide that. So remove that pkg from FreeBSD and just 'pkg install' it from our repo.

Got it (finally :-) I should have realized pfSense would have its own repos in the list. kldstat now shows the module loaded. We'll see if the problem goes away.
Thanks

Ah, yup almost certainly that bug then.

@murdof said in Restart WAN PPPoE interface:

Thanks - that worked!

You're welcome!