@ChrisJenk said in Netgate 6100 / 25.07 - any recipes / guidelines for optimising high speed LAN and WAN connections?: Speedtest program on the router itself No, I ran it on a Windows computer connected at 2.5Gb. I got full line speed up and down. I have since changed my internet to 1Gb so I only get 1.2Gb up and down now. A while back a friend and I were building and testing a VPN tunnel between us, a 7100 and a 6100, we found a noticeable speed difference if we used iperf on pfSense vs a computer on each end. We only get in the 700Mb/s range and still iperf on pfSense really added a load and skewed the results at least 10%.

If it's a paid subscription and you had to replace the hardware you should open a TAC ticket. We are not completely inflexible. Yes, it's tied to the hardware but if you are forced to change that we have options.

^^ yes - this. - and the syslogd fix in the works should resolve this.

@chudak said in Why do we need to pay for pfS + ????: How do you connect monitor to it? See for example https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/#how-to-guides In general Netgate makes sure new releases work on old Netgate hardware until it can’t.

@stephenw10 thanks for the feedback!

Mmm, you'll probably have to wait for it to fail and check what states are still there. I'd expect it to just re-connect if the states timed out and start to fail.

Sounds like they are getting redirected locally if they see a cert error. Check what cert they are being offered. The details there may indicate what is intercepting the traffic.

@akhuyna It's like I already said that. :)

@SteveITS Since the Netgate 2100 is at the Methodist local church and I support the firewall, this was a real user issue. They access the site monthly to do retirement account contributions for the church employees. Fortunately the login mechanism (once you can see it) requires two-factor authentication. Glad for that.

Like BIOS settings? Not really. It could be an ACPI bug that's exposed by the larger kernel in 25.07 taking up more space. But I'd expect a panic if that was the case.

@Bob.Dig No worries.

Thanks. I had the same issue, kept failing boot verification 43000 files in the config backup directory. After getting rid of those, it upgraded faster than I have ever encountered in the past., I had gotten used to upgrades taking 10+ minutes.

It should still have a default route of course.

2.8.1 beta is available as an upgrade or available to install directly from the Net Installer. https://docs.netgate.com/pfsense/en/latest/install/netinstaller.html

Yup more and better logging is coming. However it also looks like there is an issue with the negotiated MRU/MTU value so a fix for that is in the works.

All sorted. SUE..... Turns out ethernet doesn't work that well over a 300m long cable..... Interesting though, the RJ45 Cable Tester did work so that was a bit confusing. Anyhow, good to know for the future and all sorted now.

At that point it might prove helpful to configure a serial console output and hook up the serial port to another pc running some terminal software with a big scroll back buffer. It might give more insight than fans spinning at boot. p.s. Strange as it is, I do suspect power issues, its a good way to crash a system without leaving ANY traces apart from the new boot logs.

@jwright Which device do you have/are running pfSense? If it’s a netgate device, connect to the console with a serialport terminal like “putty”. If it’s a homebuilt pfSense CE, connect a monitor and keyboard. Then you will know if it boots as expected or something catastrophic has happened.

@guardian said in Anyone using pfSense with telMAX ISP (Canada)?: I don't trust my ability to secure it. Not much different than IPv4. You start out with everything blocked and only allow what you want. In fact, you can configure many rules to apply to both IPv4 & IPv6. Here's an example: [image: 1755915116010-9101928c-dd2d-4e58-abe2-d4a68923083d-image.png] The first rule blocks pings and the second allows other ICMP.