Can anybody help me? Please

@kps1234 I expect that would be a FreeBSD limit, not pfsense. Also, when I read your question I wasn't sure if you were referring to VPNs. IIRC, OpenVPN uses only a single thread, but IPSec uses multiple threads. But again, that would be a FreeBSD issue. Pfsense is mainly a graphical interface for a firewall/router running on FreeBSD. Most of it's function is provided by the underlying FreeBSD.

@johnpoz Thank you, issue resolved. It had to do with my VMware setup. Its all good now.

@runevn Here's what I have to keep my guest WiFi from reaching the rest of my network. As you can see, the rules are placed on the network where they originate. [image: 1620264915561-3272d242-8882-4049-8fcf-caf2cb481b52-image.png]

What you might want to do is a sniff, packet capture which you can do on pfsense directly via the diagnostic menu. You can then open those packet capture in wireshark and get some details of what is going on.

@houseofdreams said in Possible to block ip range "attack"?: but for this kind of scanning, fail2ban is useless ? Basic rule : this is not 'Microsoft'. You are the limiting factor, not the tools. You make (setup) the tools/rules/laws. Example : root@ns311465:/etc/fail2ban/filter.d# grep 'has no reverse' * grep: ignorecommands: Is a directory kerio.conf: ^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$ This means that a pre build config called "kerio.conf" already contains a rule that would block such hosts. I don't know what "kerio" is (it's probably a mail server) - I am a postfix user myself. You could use that kerio.conf 'as is' or adapt it to your needs. Btw : sure : hosts with an IP that do not have a valid DNS (that point back to that IP) should have only 1 try. And blocked right away.

@dinu said in Transfer files between DMZ and LAN Network is too slow: I hope it is clear now.. No ;) For all I know this VM host is has a hamster for a cpu and he is tired.. You copy files between vms on the same vlan and you get 30mbps? Yeah that is horrible!! And zero to do with pfsense routing traffic. What are the hardware specs of this vm host? VM workstation version X?? What virtual nic did you use for your VMs.. Unless you were trying to do some sort of shaping, or routing traffic out some gateway in you rules. I take it you did a any any rule? This isn't pfsense problem.. This is your VM problem.. There is no magic button to press.. Its a simple L3 firewall - the traffic is either allowed or its not.. If your only seeing 30mbps when moving files between VMs on the same vlan - something is horrible wrong with your VM host, or its just not up to what your wanting to do with it.. How do you have your networks setup in the VM? Are they bridged, are they natted, are they host only?

@johnpoz I really appreciate the insides you gave me here. You need to write a guides or something :) I'll have to sit down and read more in order to create my own aliases, rules and the required logging as well. The practical point of view says that I am not a pro and pfsense is just working for me. But there is another strong point - I am thereby curious and willing to learn, even though I know it going to be a lot of time/research. Best, NG

I allow ping on my wan - on purpose ;) It a very useful function.. Its not going to stop someone from finding you because it doesn't answer ping ;) Do you really think all the bots looking for ports XYZ that are open, try ping first - well no answer there, must not be any other ports open either ;) hehehe I have a couple different services that ping my wan IP - and let me know when it doesn't answer. So I know via text and emails that my internet is down.. status cake and uptime robot are free - and this is a great service to leverage.

@johnpoz OK, I understand. I was sure that at work he told me that all traffic must pass through the firewall, even on the same network segment and VLAN. Maybe this is a stormshield specialty? In any case, thank you for having lit my lanterns!

@gertjan said in Problem DynDNS pfsense: @themac said in Problem DynDNS pfsense: Finally I was able to speak with strato technical support and it was resolved :) Ok, fine And because this is a forum not only with questions but also : the answers : what was - short story - the solution ? Regarding the pfsense configuration, everything was fine. I received a call from strato technical support informing me that an intervention had been carried out on the service contracted with them and that they would test whether the problem had been resolved. Thanks for your interesting help ...

Also, this should not be possible, right? [image: 1619711315131-b59dd3a3-ac9d-4c42-89f7-6bf3dbd29f62-image.png] 172.17.1.27 is a Server on the IPsec-Side, not an OVPN-client. Why did this appear as src on the ovpns1 Interface...

Found the issue. Apparently STUN service UDP 3478 was being blocked. Found it in the firewall logs. I unblocked it and now both Ms teams and WhatsApp is working.

@themac I never needed bind to that. The default pfSense settings - two lines to edit, did that for me : [image: 1619695368684-a076c41b-fe60-4fd7-93cf-9f3df057119d-image.png] And bang, now the entire network knows it's part of the domain name (see image). And pfSense knows it's called pfSense. Let's check : [image: 1619695882056-677d863c-f0f6-409c-9dc1-78220815c2a5-image.png] More checks : [image: 1619695942263-ad0a06d3-8a8d-4799-953b-e1ba601a8c90-image.png] I used a magic trick : Didn't had to change anything on the Resolver setting page neither. Use the default and you're good. I tend to say : " don't break things if toy want it to work. " Because I own (== I rent) this domain name, and because I do my own domain name server handling on a dedicated server some where on the Internet I can now do click-click install acme and hoppa, real trusted certs for me. Free Dynds for all my devices with some more clicks. ( DNSSEC while you're at it - but this time the mouse will abandon you, a head, some brains and a keyboard are needed) The name server uses bind ,of course. But why role out the tank if you can wipe the bug with a bug wiper ?

And even: [image: 1619628802887-60da49bd-fb9c-40be-b94a-a7f982851a0c-image-resized.png]