Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] pfSense (2.6.0 & 22.01 ) is very slow on Hyper-V

    Scheduled Pinned Locked Moved Virtualization
    187 Posts 36 Posters 103.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8
      last edited by Bob.Dig

      https://redmine.pfsense.org/issues/12873

      ⏩⏩Solved in pfSense Plus Version 22.05 and 2.7.0

      ⏩ Try disabling RSC, see here.

      After Upgrading my pfSense install from 2.5.2 to 2.6 (and later to 22.01) on Hyper-V I noticed that I couldn't copy any files from a SMB-Share in another VLAN anymore. Explorer is showing the content of the folder but the copy dialog is never beginning the copy-job. 😞

      Or to more precise, I tried to copy a file from a Windows Virtual machine, which is in a VLAN on an external Hyper-V switch, which is shared with the host, to another host on the real Switch in the default LAN, which is not a VLAN in pfSense.
      But also happens on inter VLAN-communication between VMs on the same host using the external switch.

      Restored the pfSense to before the upgrade and everything is working again.

      Edit: Problem also occurs when only updating to 2.6.0
      Speed is super slow.
      Capture.PNG

      Hyper-V on WinServer 2022.

      1 Reply Last reply Reply Quote 3
      • Bob.DigB Bob.Dig referenced this topic on
      • Bob.DigB Bob.Dig referenced this topic on
      • D
        DD
        last edited by DD

        We have problem on Hyper-V too. After upgrade from 2.5.2CE -> 2.6CE. Internet speed is very unstable and very slow. We are using Hyper-V 2019, pfSense VM is Gen2.
        After downgrade (restore from backup) to 2.5.2 everything is ok.

        Bob.DigB N 2 Replies Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8 @DD
          last edited by Bob.Dig

          @dd Internet speed was good here. But I do use a socks proxy in another vlan and with that the speed was also very slow.

          1 Reply Last reply Reply Quote 0
          • Bob.DigB Bob.Dig referenced this topic on
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Are you using VLANs on hn(4) directly? Either or both of you?

            Steve

            Bob.DigB D 2 Replies Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8 @stephenw10
              last edited by Bob.Dig

              @stephenw10 I do, because back in the day, pfSense didn't supported my intel NIC via DDA anymore.

              But I only have one NIC for LAN, that is why I only have one Subnet without VLAN.
              Internet speed is also good in the VLANs. So the problem might be not VLAN specific, but for all "LAN-routing". Can't tell for sure.


              Capture.PNG

              Capture.PNG

              1 Reply Last reply Reply Quote 0
              • D
                DD @stephenw10
                last edited by

                @stephenw10 We are using directly adapters. We have 50/50Mbit internet line and after upgrade to pfSense 2.6 upload speed was about 0.07Mbit/s only, download was ok. Sometimes ok and sometimes very slow. Now we have another customer that he have same problem. After downgrade everything is ok.

                stephenw10S 1 Reply Last reply Reply Quote 0
                • Bob.DigB Bob.Dig referenced this topic on
                • Bob.DigB Bob.Dig referenced this topic on
                • Bob.DigB Bob.Dig referenced this topic on
                • Bob.DigB Bob.Dig referenced this topic on
                • stephenw10S
                  stephenw10 Netgate Administrator @DD
                  last edited by

                  @dd said in After Upgrade inter VLAN communication very slow on Hyper-V:

                  We are using directly adapters.

                  Like pass-though hardware with the native drivers?

                  @bob-dig said in After Upgrade inter VLAN communication very slow on Hyper-V:

                  I do, because back in the day, pfSense didn't supported my intel NIC via DDA anymore.

                  Have you tried disabling AltQ support for hn in Sys > Adv > Networking?

                  This feels like some sort of hardware off-loading issue. It would be good to compare the ifconfig -vvv output for one of the hn NICs between 2.5.2 and 2.6.0.

                  Steve

                  Bob.DigB D M 3 Replies Last reply Reply Quote 0
                  • Bob.DigB
                    Bob.Dig LAYER 8 @stephenw10
                    last edited by Bob.Dig

                    @stephenw10 That is how it is looking for me all the time.

                    Capture.PNG

                    Could you please write out the complete command for a noob for comparison?

                    1 Reply Last reply Reply Quote 0
                    • D
                      DD @stephenw10
                      last edited by

                      @stephenw10 No pass-though adapters, I meant that I have virtual switches WAN, LAN, DMZ and VM has three adapters connected to these switches.

                      1 Reply Last reply Reply Quote 0
                      • M
                        mxkied2 @stephenw10
                        last edited by

                        @stephenw10 I am experiencing the same issue as others have mentioned, running pfsense in hyper-v and after the upgrade to 2.6 my wan speeds are about 10% of what they were before. I ran the ifconfig -vvv command you mentioned and then reverted to a snapshot just before the upgrade to 2.6 (so back to 2.5.2) and compared the results and they are exactly the same (via compare tool not just visual compare) with the only exception being the last line PID number which is expected.

                        I also tried the AltQ suggestion which mine was enabled, so I tried disabling it and the wan speeds are still 10% of expected. Hope this helps.

                        1 Reply Last reply Reply Quote 1
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          So like:

                          [22.01-RELEASE][admin@azure8.stevew.lan]/root: ifconfig -vvvm hn0
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:22:48:4a:f3:4a
	inet6 fe80::222:48ff:fe4a:f34a%hn0 prefixlen 64 scopeid 0x5
	inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

                          That from an Azure instance where there doesn't seem to be an issue.

                          Steve

                          M 1 Reply Last reply Reply Quote 1
                          • M
                            mxkied2 @stephenw10
                            last edited by

                            @stephenw10 Only difference I have other than the ether, inet6 and inet address lines (obviously) is the first line I have PROMISC

                            hn0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by stephenw10

                              Do you have VLANs? Snort/Suricata? Other packages? There are a few things that can put the interface in promiscuous mode. Not that it would expected to cause a problem.

                              There are a lot of Hyper-V users though and only a few of you seeming to hit this. You must have something set differently. Try to detail exactly how you have hyper-v setup to find some commonality.

                              Steve

                              M 1 Reply Last reply Reply Quote 0
                              • stephenw10S stephenw10 referenced this topic on
                              • stephenw10S stephenw10 referenced this topic on
                              • B
                                boelter
                                last edited by boelter

                                Same here -- some context. I've been troubleshooting this for about a day now. Using HPE/Broadcom LOMs I'm getting 2/1Mb (1000/200Mb connection) on 2.6. Switching to Intel x450-T2s I end up getting 90/90Mb... odd. Failing over to old watchguard h/w I get full speeds.

                                I have also installed from scratch taking all defaults and get the same results -- some correlation between Hyper-V and the NICs used.

                                Here's ifconfig -vvv on 2.6.0 (this one is a restore from 2.6 conf backup, not from scratch):

                                [2.6.0-RELEASE][admin@pfSense]/root: ifconfig -vvv
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
        groups: enc
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
        pfsync: syncdev: hn1 syncpeer: 192.168.1.2 maxupd: 128 defer: off
        syncok: 1
        groups: pfsync
hn0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0 prefixlen 64 scopeid 0x5
        inet 10.42.0.10 netmask 0xffff0000 broadcast 10.42.255.255
        inet 10.42.0.1 netmask 0xffff0000 broadcast 10.42.255.255 vhid 3
        carp: BACKUP vhid 3 advbase 1 advskew 254
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT1
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:07
        inet6 fe80::215:5dff:fe08:b07%hn1 prefixlen 64 scopeid 0x6
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:06
        inet6 fe80::215:5dff:fe08:b06%hn2 prefixlen 64 scopeid 0x7
        inet <pubIP> netmask 0xfffffe00 broadcast <pubIP>
        inet 10.43.0.1 netmask 0xffff0000 broadcast 10.43.255.255 vhid 1
        carp: BACKUP vhid 1 advbase 1 advskew 254
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=800000<>
        ether 00:00:00:00:00:00
        inet6 fe80::215:5dff:fe08:b05%lagg0 prefixlen 64 scopeid 0x8
        laggproto none lagghash l2,l3,l4
        lagg options:
                flags=0<>
                flowid_shift: 16
        lagg statistics:
                active ports: 0
                flapping: 0
        groups: lagg
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0.42: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: IOT
        options=80000<LINKSTATE>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0.42 prefixlen 64 scopeid 0x9
        inet 172.16.42.1 netmask 0xffffff00 broadcast 172.16.42.255
        groups: vlan
        vlan: 42 vlanpcp: 0 parent interface: hn0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0.88: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: CAMERAS
        options=80000<LINKSTATE>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0.88 prefixlen 64 scopeid 0xa
        inet 172.16.88.1 netmask 0xffffff00 broadcast 172.16.88.255
        groups: vlan
        vlan: 88 vlanpcp: 0 parent interface: hn0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::215:5dff:fe08:b05%ovpns1 prefixlen 64 scopeid 0xb
        inet 172.16.0.1 --> 172.16.0.2 netmask 0xffffff00
        groups: tun openvpn
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 14732
ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::215:5dff:fe08:b05%ovpns2 prefixlen 64 scopeid 0xc
        inet 172.16.1.1 --> 172.16.1.2 netmask 0xffffff00
        groups: tun openvpn
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 58751

                                And 2.5.2:

                                enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
        groups: enc
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
        pfsync: syncdev: hn1 syncpeer: 192.168.1.2 maxupd: 128 defer: off
        syncok: 1
        groups: pfsync
hn0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0 prefixlen 64 scopeid 0x5
        inet 10.42.0.10 netmask 0xffff0000 broadcast 10.42.255.255
        inet 10.42.0.1 netmask 0xffff0000 broadcast 10.42.255.255 vhid 3
        carp: MASTER vhid 3 advbase 1 advskew 0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT1
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:07
        inet6 fe80::215:5dff:fe08:b07%hn1 prefixlen 64 scopeid 0x6
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN
        options=48001b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,LINKSTATE,TXCSUM_IPV6>
        ether 00:15:5d:08:0b:06
        inet6 fe80::215:5dff:fe08:b06%hn2 prefixlen 64 scopeid 0x7
        inet <pubIP> netmask 0xfffffe00 broadcast <pubIP>
        inet 10.43.0.1 netmask 0xffff0000 broadcast 10.43.255.255 vhid 1
        carp: MASTER vhid 1 advbase 1 advskew 0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=800000<>
        ether 00:00:00:00:00:00
        inet6 fe80::215:5dff:fe08:b05%lagg0 prefixlen 64 scopeid 0x8
        laggproto none lagghash l2,l3,l4
        lagg options:
                flags=0<>
                flowid_shift: 16
        lagg statistics:
                active ports: 0
                flapping: 0
        groups: lagg
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0.42: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: IOT
        options=80000<LINKSTATE>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0.42 prefixlen 64 scopeid 0x9
        inet 172.16.42.1 netmask 0xffffff00 broadcast 172.16.42.255
        groups: vlan
        vlan: 42 vlanpcp: 0 parent interface: hn0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0.88: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: cameras
        options=80000<LINKSTATE>
        ether 00:15:5d:08:0b:05
        inet6 fe80::215:5dff:fe08:b05%hn0.88 prefixlen 64 scopeid 0xa
        inet 172.16.88.1 netmask 0xffffff00 broadcast 172.16.88.255
        groups: vlan
        vlan: 88 vlanpcp: 0 parent interface: hn0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::215:5dff:fe08:b05%ovpns1 prefixlen 64 scopeid 0xb
        inet 172.16.0.1 --> 172.16.0.2 netmask 0xffffff00
        groups: tun openvpn
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 83964
ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::215:5dff:fe08:b05%ovpns2 prefixlen 64 scopeid 0xc
        inet 172.16.1.1 --> 172.16.1.2 netmask 0xffffff00
        groups: tun openvpn
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 13964

                                Will gladly provide more details as needed!

                                disclaimer that there may be some 'wtf?' items in those confs... I tinker... poorly, sometimes.

                                1 Reply Last reply Reply Quote 1
                                • W
                                  wicked1
                                  last edited by

                                  Me too..
                                  Hyper-v. Intel i350-t4 nic. Everything fine in 2.5.2. In 2.6, I'm having issues w/ NAT reflection. Some banking type websites never load. And, everything is slow. About 1.7Mb, when it should be 400.

                                  For my internal things where nat reflection isn't working, and for the bank logins which never load, if I kill the states, parts of the sites show up. Then I can wait a while and kill the states again, and another section of the site loads.
                                  I think that's all I've got to add at the moment. I'm happy to test and get logs or whatever.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    DonZalmrol
                                    last edited by

                                    Same issues here on two sites. All worked well on v2.5.2 with normal speeds for my ISPs (+-300/30). Both virtualized on Hyper-V.

                                    Now the speeds are either very slow or very "wobbly"

                                    Specs of servers are almost the same:

                                    • HP DL380 Gen9
                                    • Intel Xeon E5-2650L V3
                                    • 192GB DDR4 ECC
                                    • Full flash SSD array
                                    • Server 2019
                                    • Gen2 machines
                                    • Each VLAN has its own network adapter from Hyper-V
                                    • Server A: (Mellanox) HP 10G 2-Port 546FLR SFP+ LOM in LACP with 10GB uplink
                                    • Server B: QLogic BCM578110-10GB in LACP with 2GB uplink

                                    Site A speed:
                                    c932056a-5056-4e14-bcff-95c9e60edcc3-image.png
                                    3f094147-f3d3-4fa2-97d1-8459f2cded40-image.png

                                    Site B speed:
                                    475639ce-75d8-406f-85cf-7491a1fdf983-image.png
                                    bb359176-c78e-4f23-aaa2-b3d0e29e495d-image.png
                                    Tested with enabling/disabling SR-IOV and VMQ, other hardware offloading is disabled per Netgates best-practices for Hyper-V.

                                    Tried also the suggested disabling of ALTQ and rebooted both firewalls = no real change in speeds.

                                    All NICs are horribly slow, inter-vlan traffic is so slow I cannot open certain programs that are hosted on another guest.

                                    HN0 output:
                                    9ae0933b-7cdc-4437-ab6a-3490071972db-image.png

                                    I noticed that when I do a ping test to one of my switches from my laptop via cable the reply time is quite high, the should be less then <1ms for healthy switches:
                                    74cd2648-1009-4f32-9999-3b1b879bd401-image.png

                                    Note 1: The upgrade to v2.6.0 took a very long time for both FWs

                                    Note 2: From what I find on the internet/forums/Reddit is that is seems to be "only" happening to MS Hyper-V FWs, perhaps a faulty driver in FreeBSD?

                                    Note 3: Site B firewall is now running on v2.7.0 as a test -> no improvement.

                                    At this point planning to do a rollback, never done it for PFSense, so need to research it.

                                    If the Netgate team needs more information/ testing, I'll happily provide it.

                                    W 1 Reply Last reply Reply Quote 2
                                    • D DonZalmrol referenced this topic on
                                    • W
                                      whiteshadow @DonZalmrol
                                      last edited by

                                      @donzalmrol : can you get a TCPDUMP and see if we have loss or other odd behavior's

                                      1 Reply Last reply Reply Quote 0
                                      • D DD referenced this topic on
                                      • D DD referenced this topic on
                                      • D DD referenced this topic on
                                      • D
                                        DonZalmrol
                                        last edited by DonZalmrol

                                        @whiteshadow

                                        The TCP dump returns a 503 error when running, so I pulled a states dump for you

                                        The are currently 9151 states on my FW, so I've provided a very short & minor redacted overview so you can see inter(v)lan/wan communication.

                                        Better than nothing:

                                        ![c053bd75-b8d8-49c2-8b9d-cba0721263ca-image.png]([[error:parse-error]]) code_text
Interface	Protocol	Source (original source) -> Destination (original destination)	State	Packets	Bytes
VOICE	udp	X.X.70.100:5060 -> X.X.10.3:5060	MULTIPLE:MULTIPLE	592 / 411	290 KiB / 210 KiB
CAMS	udp	X.X.80.20:17423 -> 34.250.216.38:6000	MULTIPLE:MULTIPLE	215 / 214	18 KiB / 15 KiB
DATA	tcp	X.X.90.70:27820 -> 151.236.217.85:443	ESTABLISHED:ESTABLISHED	544 / 544	29 KiB / 52 KiB
LAN	udp	X.X.65.101:54915 -> X.X.65.255:54915	NO_TRAFFIC:SINGLE	6.263 K / 0	1.74 MiB / 0 B
DATA	udp	X.X.90.70:60922 -> X.X.90.255:32412	NO_TRAFFIC:SINGLE	1.064 K / 0	51 KiB / 0 B
CAMS	udp	X.X.80.20:17423 -> 99.81.240.103:6000	MULTIPLE:MULTIPLE	215 / 214	18 KiB / 15 KiB
LAN	udp	X.X.65.101:65512 -> X.X.90.10:53	MULTIPLE:MULTIPLE	38 / 33	3 KiB / 5 KiB
WAN	udp	Site A IP:56833 -> 185.100.84.135:4431	MULTIPLE:MULTIPLE	109.301 K / 67.3 K	89.35 MiB / 8.50 MiB
DATA	udp	X.X.90.70:38558 -> X.X.90.255:32414	NO_TRAFFIC:SINGLE	1.064 K / 0	51 KiB / 0 B
WAN	tcp	Site A IP:44706 (X.X.90.70:27820) -> 151.236.217.85:443	ESTABLISHED:ESTABLISHED	543 / 544	29 KiB / 52 KiB
LAN	tcp	X.X.65.101:59454 -> 51.104.30.131:443	ESTABLISHED:ESTABLISHED	294 / 228	28 KiB / 22 KiB
WAN	tcp	Site A IP:36187 (X.X.65.101:59454) -> 51.104.30.131:443	ESTABLISHED:ESTABLISHED	294 / 228	28 KiB / 22 KiB
LAN	tcp	X.X.65.101:59456 -> 52.114.92.88:443	ESTABLISHED:ESTABLISHED	397 / 592	84 KiB / 366 KiB
VPNAC	icmp	openvpn..220.10:59534 -> openvpn..100.1:59534	0	10.368 K / 10.355 K	294 KiB / 293 KiB
WAN	tcp	Site A IP:38134 (X.X.65.101:59456) -> 52.114.92.88:443	ESTABLISHED:ESTABLISHED	397 / 592	84 KiB / 366 KiB
WAN	ipv6-icmp	IPV6 Address[58806] -> 2001:4860:4860::8888[58806]	NO_TRAFFIC:NO_TRAFFIC	10.366 K / 10.366 K	496 KiB / 496 KiB
WAN	icmp	Site A IP:59176 -> 8.8.8.8:59176	0	10.367 K / 10.367 K	294 KiB / 294 KiB
DATA	udp	X.X.90.70:50780 -> 239.255.255.250:1900	NO_TRAFFIC:SINGLE	533 / 0	67 KiB / 0 B
DATA	udp	X.X.90.4:1024 -> X.X.90.1:123	MULTIPLE:MULTIPLE	84 / 84	6 KiB / 6 KiB
LAN	tcp	X.X.65.101:59484 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	245 / 129	17 KiB / 30 KiB
WAN	tcp	Site A IP:35549 (X.X.65.101:59484) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	245 / 129	17 KiB / 30 KiB
IOT	udp	X.X.25.100:64149 -> X.X.25.1:53	MULTIPLE:MULTIPLE	60 / 60	4 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 109.68.160.220:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 188.165.224.178:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 87.233.197.123:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
WAN	udp	Site A IP:123 -> 185.159.125.100:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
DATA	udp	X.X.90.10:54826 -> X.X.65.99:161	NO_TRAFFIC:SINGLE	547 / 464	52 KiB / 57 KiB
LAN	udp	X.X.90.10:54826 -> X.X.65.99:161	SINGLE:NO_TRAFFIC	547 / 0	52 KiB / 0 B
WAN	udp	Site A IP:123 -> 45.83.233.8:123	MULTIPLE:MULTIPLE	66 / 56	5 KiB / 4 KiB
WAN	udp	Site A IP:123 -> 45.87.77.15:123	MULTIPLE:MULTIPLE	65 / 65	5 KiB / 5 KiB
DATA	udp	X.X.30.31:35453 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
WAN	esp	Site B IP -> Site A IP	MULTIPLE:MULTIPLE	66.862 K / 72.161 K	18.25 MiB / 33.13 MiB
DATA	udp	X.X.30.32:47631 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
LAN	tcp	X.X.65.101:49416 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	188 / 99	19 KiB / 23 KiB
WAN	tcp	Site A IP:32590 (X.X.65.101:49416) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	188 / 99	19 KiB / 23 KiB
LAN	tcp	X.X.65.101:59602 -> 217.146.21.137:5938	ESTABLISHED:ESTABLISHED	517 / 474	176 KiB / 271 KiB
IPsec	udp	X.X.30.32:47631 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
WAN	tcp	Site A IP:61981 (X.X.65.101:59602) -> 217.146.21.137:5938	ESTABLISHED:ESTABLISHED	517 / 474	176 KiB / 271 KiB
LAN	udp	X.X.65.1:52209 -> 239.255.255.250:1900	SINGLE:NO_TRAFFIC	3.916 K / 0	1.77 MiB / 0 B
LAN	tcp	X.X.65.101:59603 -> 35.83.91.138:443	ESTABLISHED:ESTABLISHED	40 / 52	4 KiB / 10 KiB
WAN	tcp	Site A IP:39983 (X.X.65.101:59603) -> 35.83.91.138:443	ESTABLISHED:ESTABLISHED	40 / 52	4 KiB / 10 KiB
IPsec	udp	X.X.30.31:35453 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
IPsec	udp	X.X.30.30:56690 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
IPsec	udp	X.X.10.3:5060 -> X.X.70.100:5060	MULTIPLE:MULTIPLE	411 / 587	210 KiB / 287 KiB
DATA	tcp	X.X.90.30:41948 -> 52.36.125.178:8883	ESTABLISHED:ESTABLISHED	373 / 212	28 KiB / 25 KiB
WAN	tcp	Site A IP:40143 (X.X.90.30:41948) -> 52.36.125.178:8883	ESTABLISHED:ESTABLISHED	373 / 212	28 KiB / 25 KiB
DATA	udp	X.X.30.30:56690 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 178	10 KiB / 15 KiB
DATA	udp	X.X.90.30:3478 -> X.X.30.33:35855	MULTIPLE:MULTIPLE	179 / 178	15 KiB / 10 KiB
IPsec	udp	X.X.90.30:3478 -> X.X.30.33:35855	MULTIPLE:MULTIPLE	179 / 178	15 KiB / 10 KiB
WAN	udp	Site A IP:40339 (X.X.80.20:17423) -> 99.81.240.103:6000	MULTIPLE:MULTIPLE	214 / 214	18 KiB / 15 KiB
WAN	udp	Site A IP:23739 (X.X.80.20:17423) -> 34.250.216.38:6000	MULTIPLE:MULTIPLE	214 / 214	18 KiB / 15 KiB
DATA	udp	X.X.90.30:1900 -> 239.255.255.250:1900	NO_TRAFFIC:SINGLE	267 / 0	77 KiB / 0 B
LAN	tcp	X.X.65.101:59614 -> 52.97.183.194:443	ESTABLISHED:ESTABLISHED	421 / 591	206 KiB / 257 KiB
WAN	tcp	Site A IP:13434 (X.X.65.101:59614) -> 52.97.183.194:443	ESTABLISHED:ESTABLISHED	421 / 591	206 KiB / 257 KiB
DATA	udp	X.X.65.101:65512 -> X.X.90.10:53	MULTIPLE:MULTIPLE	37 / 33	2 KiB / 5 KiB
IPsec	udp	X.X.30.35:49238 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 177	10 KiB / 15 KiB
VOICE	udp	X.X.70.100:5060 -> Site B IP:5060	NO_TRAFFIC:SINGLE	483 / 0	307 KiB / 0 B
WAN	udp	Site A IP:16751 (X.X.70.100:5060) -> Site B IP:5060	SINGLE:NO_TRAFFIC	483 / 0	307 KiB / 0 B
DATA	udp	X.X.30.35:49238 -> X.X.90.30:3478	MULTIPLE:MULTIPLE	178 / 177	10 KiB / 15 KiB
DATA	udp	X.X.90.50:60719 -> X.X.65.99:161	NO_TRAFFIC:SINGLE	348 / 281	37 KiB / 38 KiB
LAN	udp	X.X.90.50:60719 -> X.X.65.99:161	SINGLE:NO_TRAFFIC	348 / 0	37 KiB / 0 B
DATA	udp	X.X.90.65:51413 -> 93.158.213.92:1337	MULTIPLE:MULTIPLE	67 / 67	5 KiB / 10 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 93.158.213.92:1337	MULTIPLE:MULTIPLE	67 / 67	5 KiB / 10 KiB
DATA	udp	X.X.90.65:51413 -> 186.10.172.120:1337	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 7 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 186.10.172.120:1337	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 7 KiB
DATA	udp	X.X.90.65:51413 -> 185.181.60.155:80	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 6 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 185.181.60.155:80	MULTIPLE:MULTIPLE	57 / 57	4 KiB / 6 KiB
DATA	udp	X.X.90.65:51413 -> 45.152.209.49:63510	MULTIPLE:MULTIPLE	204 / 204	28 KiB / 38 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 45.152.209.49:63510	MULTIPLE:MULTIPLE	204 / 204	28 KiB / 38 KiB
DATA	udp	X.X.90.3:123 -> X.X.90.1:123	MULTIPLE:MULTIPLE	81 / 81	6 KiB / 6 KiB
DATA	udp	X.X.90.65:51413 -> 193.77.58.163:49486	MULTIPLE:MULTIPLE	442 / 369	42 KiB / 59 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 193.77.58.163:49486	MULTIPLE:MULTIPLE	442 / 369	42 KiB / 59 KiB
DATA	udp	X.X.90.65:51413 -> 208.83.20.20:6969	MULTIPLE:MULTIPLE	70 / 69	5 KiB / 9 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 208.83.20.20:6969	MULTIPLE:MULTIPLE	70 / 69	5 KiB / 9 KiB
IPsec	tcp	X.X.30.50:50774 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
IPsec	tcp	X.X.30.10:59464 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
DATA	udp	X.X.90.65:51413 -> 49.12.86.202:6888	MULTIPLE:MULTIPLE	33 / 32	4 KiB / 4 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 49.12.86.202:6888	MULTIPLE:MULTIPLE	33 / 32	4 KiB / 4 KiB
DATA	udp	X.X.90.65:51413 -> 192.184.193.177:53687	MULTIPLE:MULTIPLE	170 / 168	25 KiB / 27 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 192.184.193.177:53687	MULTIPLE:MULTIPLE	170 / 168	25 KiB / 27 KiB
DATA	tcp	X.X.30.10:59464 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
DATA	tcp	X.X.30.50:50774 -> X.X.90.50:389	ESTABLISHED:ESTABLISHED	179 / 90	28 KiB / 30 KiB
CAMS	tcp	X.X.80.20:51382 -> 3.249.4.57:31006	ESTABLISHED:ESTABLISHED	586 / 424	171 KiB / 17 KiB
WAN	tcp	Site A IP:1105 (X.X.80.20:51382) -> 3.249.4.57:31006	ESTABLISHED:ESTABLISHED	586 / 424	171 KiB / 17 KiB
CAMS	tcp	X.X.80.22:38743 -> 52.16.133.176:6800	ESTABLISHED:ESTABLISHED	156 / 152	37 KiB / 11 KiB
WAN	tcp	Site A IP:35184 (X.X.80.22:38743) -> 52.16.133.176:6800	ESTABLISHED:ESTABLISHED	156 / 152	37 KiB / 11 KiB
LAN	udp	X.X.65.101:51999 -> 52.114.88.86:3478	MULTIPLE:MULTIPLE	95 / 176	31 KiB / 29 KiB
WAN	udp	Site A IP:38817 (X.X.65.101:51999) -> 52.114.88.86:3478	MULTIPLE:MULTIPLE	95 / 176	31 KiB / 29 KiB
DATA	tcp	X.X.90.50:54785 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.50:54785 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.50:50789 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.10:59485 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.90.50:54789 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.50:54789 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.50:50789 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.50:50793 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.90.10:54915 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.10:54915 -> X.X.30.10:56896	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.10:59481 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	tcp	X.X.30.50:50793 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.10:59485 -> X.X.90.50:51553	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.30.10:59481 -> X.X.90.10:53367	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
DATA	udp	X.X.90.65:51413 -> 185.38.14.195:13709	MULTIPLE:MULTIPLE	137 / 136	17 KiB / 18 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 185.38.14.195:13709	MULTIPLE:MULTIPLE	137 / 136	17 KiB / 18 KiB
CAMS	tcp	X.X.80.21:56003 -> 52.17.254.178:6800	ESTABLISHED:ESTABLISHED	155 / 150	37 KiB / 11 KiB
WAN	tcp	Site A IP:57272 (X.X.80.21:56003) -> 52.17.254.178:6800	ESTABLISHED:ESTABLISHED	155 / 150	37 KiB / 11 KiB
DATA	tcp	X.X.90.10:54924 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
IPsec	tcp	X.X.90.10:54924 -> X.X.30.50:49751	ESTABLISHED:ESTABLISHED	23 / 22	4 KiB / 2 KiB
LAN	tcp	X.X.65.101:64367 -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	126 / 120	7 KiB / 13 KiB
WAN	tcp	Site A IP:60327 (X.X.65.101:64367) -> 20.54.37.73:443	ESTABLISHED:ESTABLISHED	126 / 120	7 KiB / 13 KiB
DATA	udp	X.X.90.65:51413 -> 85.224.212.37:22494	MULTIPLE:MULTIPLE	526 / 449	48 KiB / 82 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 85.224.212.37:22494	MULTIPLE:MULTIPLE	526 / 449	48 KiB / 82 KiB
DATA	udp	X.X.90.65:51413 -> 94.60.204.24:11126	MULTIPLE:MULTIPLE	171 / 171	24 KiB / 28 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 94.60.204.24:11126	MULTIPLE:MULTIPLE	171 / 171	24 KiB / 28 KiB
DATA	udp	X.X.90.65:51413 -> 111.201.55.100:23553	MULTIPLE:MULTIPLE	222 / 146	23 KiB / 23 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 111.201.55.100:23553	MULTIPLE:MULTIPLE	222 / 146	23 KiB / 23 KiB
LAN	tcp	X.X.65.100:58508 -> 17.57.146.162:5223	ESTABLISHED:ESTABLISHED	150 / 149	34 KiB / 32 KiB
WAN	tcp	Site A IP:13811 (X.X.65.100:58508) -> 17.57.146.162:5223	ESTABLISHED:ESTABLISHED	150 / 149	34 KiB / 32 KiB
WAN	tcp	5.100.32.41:63430 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	184 / 262	19 KiB / 211 KiB
WAN	tcp	5.100.32.41:63429 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	153 / 205	21 KiB / 134 KiB
WAN	tcp	5.100.32.41:63444 -> Site A IP:443	FIN_WAIT_2:ESTABLISHED	100 / 105	5 KiB / 12 KiB
LAN	udp	X.X.65.101:50005 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	80.818 K / 39.756 K	17.43 MiB / 5.91 MiB
WAN	udp	Site A IP:2006 (X.X.65.101:50005) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	80.818 K / 39.756 K	17.43 MiB / 5.91 MiB
LAN	udp	X.X.65.101:50021 -> 52.112.172.243:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
WAN	udp	Site A IP:51518 (X.X.65.101:50021) -> 52.112.172.243:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50045 -> 52.115.136.178:3481	MULTIPLE:MULTIPLE	60.36 K / 6.246 K	47.26 MiB / 1.12 MiB
WAN	udp	Site A IP:49178 (X.X.65.101:50045) -> 52.115.136.178:3481	MULTIPLE:MULTIPLE	60.36 K / 6.246 K	47.26 MiB / 1.12 MiB
DATA	udp	X.X.90.65:51413 -> 116.54.103.93:51413	MULTIPLE:MULTIPLE	143 / 141	17 KiB / 29 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 116.54.103.93:51413	MULTIPLE:MULTIPLE	143 / 141	17 KiB / 29 KiB
LAN	udp	X.X.65.101:50005 -> 52.112.175.13:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
WAN	udp	Site A IP:18532 (X.X.65.101:50005) -> 52.112.175.13:3478	MULTIPLE:MULTIPLE	153 / 153	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50042 -> 52.112.175.8:3478	MULTIPLE:MULTIPLE	153 / 152	37 KiB / 30 KiB
WAN	udp	Site A IP:52439 (X.X.65.101:50042) -> 52.112.175.8:3478	MULTIPLE:MULTIPLE	153 / 152	37 KiB / 30 KiB
LAN	udp	X.X.65.101:50042 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	3.445 K / 3.441 K	477 KiB / 352 KiB
WAN	udp	Site A IP:19557 (X.X.65.101:50042) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	3.445 K / 3.441 K	477 KiB / 352 KiB
LAN	udp	X.X.65.101:50021 -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	236.582 K / 893.433 K	179.50 MiB / 869.62 MiB
WAN	udp	Site A IP:29482 (X.X.65.101:50021) -> 52.115.136.178:3480	MULTIPLE:MULTIPLE	236.582 K / 893.433 K	179.50 MiB / 869.62 MiB
DATA	udp	X.X.90.65:51413 -> 132.147.100.36:63465	MULTIPLE:MULTIPLE	131 / 131	19 KiB / 21 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 132.147.100.36:63465	MULTIPLE:MULTIPLE	131 / 131	19 KiB / 21 KiB
DATA	udp	X.X.90.65:51413 -> 141.98.103.77:53831	MULTIPLE:MULTIPLE	340 / 351	31 KiB / 58 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 141.98.103.77:53831	MULTIPLE:MULTIPLE	340 / 351	31 KiB / 58 KiB
DATA	tcp	X.X.90.65:24224 -> 194.5.49.226:6881	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:24224 (X.X.90.65:24224) -> 194.5.49.226:6881	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:36064 -> 154.160.24.40:12285	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:36064 (X.X.90.65:36064) -> 154.160.24.40:12285	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:15684 -> 124.168.48.234:49767	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:15684 (X.X.90.65:15684) -> 124.168.48.234:49767	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10775 -> 197.185.98.220:45682	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10775 (X.X.90.65:10775) -> 197.185.98.220:45682	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10778 -> 169.1.247.231:13285	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10778 (X.X.90.65:10778) -> 169.1.247.231:13285	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10790 -> 216.131.84.117:10951	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10790 (X.X.90.65:10790) -> 216.131.84.117:10951	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10794 -> 185.159.158.108:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10794 (X.X.90.65:10794) -> 185.159.158.108:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10817 -> 188.155.251.19:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10817 (X.X.90.65:10817) -> 188.155.251.19:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10825 -> 41.13.82.160:40464	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10825 (X.X.90.65:10825) -> 41.13.82.160:40464	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10826 -> 5.29.16.216:24616	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10826 (X.X.90.65:10826) -> 5.29.16.216:24616	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10829 -> 77.137.78.115:24616	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10829 (X.X.90.65:10829) -> 77.137.78.115:24616	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10832 -> 14.200.21.147:58070	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10832 (X.X.90.65:10832) -> 14.200.21.147:58070	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10835 -> 117.20.67.130:60637	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10835 (X.X.90.65:10835) -> 117.20.67.130:60637	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10844 -> 154.70.58.233:53333	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10844 (X.X.90.65:10844) -> 154.70.58.233:53333	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	udp	X.X.90.65:51413 -> 146.70.61.139:20121	MULTIPLE:MULTIPLE	354 / 296	35 KiB / 43 KiB
VPNAC	udp	openvpn..220.10:51413 (X.X.90.65:51413) -> 146.70.61.139:20121	MULTIPLE:MULTIPLE	354 / 296	35 KiB / 43 KiB
DATA	tcp	X.X.90.65:10847 -> 37.120.131.189:16881	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10847 (X.X.90.65:10847) -> 37.120.131.189:16881	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10856 -> 109.202.196.152:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10856 (X.X.90.65:10856) -> 109.202.196.152:51413	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10860 -> 37.120.157.21:6882	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10860 (X.X.90.65:10860) -> 37.120.157.21:6882	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10796 -> 176.182.231.224:53033	CLOSED:SYN_SENT	1 / 0	60 B / 0 B
VPNAC	tcp	openvpn..220.10:10796 (X.X.90.65:10796) -> 176.182.231.224:53033	SYN_SENT:CLOSED	1 / 0	60 B / 0 B
DATA	tcp	X.X.90.65:10799 -> 119.18.2.241:51413	CLOSED:SYN_SENT	1 / 0	60 B / 0 B

                                        Update: was able to get a Wireshark capture of my WAN: https://cloud.gregoir.be/index.php/s/yf8awxHbDbpGDHm

                                        1 Reply Last reply Reply Quote 0
                                        • Bob.DigB
                                          Bob.Dig LAYER 8
                                          last edited by Bob.Dig

                                          Today tried changing settings wildly in Windows but nothing changed. Again, went back.

                                          2.5

hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8c:c0:1f
	inet6 fe80::215:5dff:fe8c:c01f%hn0 prefixlen 64 scopeid 0x5
	inet6 2003:da:a718:4300:215:5dff:fe8c:c01f prefixlen 128
	inet 172.25.0.2 netmask 0xffffff00 broadcast 172.25.0.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8a:c0:20
	inet6 fe80::215:5dff:fe8a:c020%hn1 prefixlen 64 scopeid 0x6
	inet6 fe80::1:1%hn1 prefixlen 64 scopeid 0x6
	inet6 2003:da:a718:43f0:215:5dff:fe8a:c020 prefixlen 64
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	groups: GroupNTP GroupDNS
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

2.6

hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8c:c0:1f
	inet6 fe80::215:5dff:fe8c:c01f%hn0 prefixlen 64 scopeid 0x5
	inet6 2003:da:a718:4300:215:5dff:fe8c:c01f prefixlen 64 autoconf
	inet 172.25.0.2 netmask 0xffffff00 broadcast 172.25.0.255
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
	capabilities=48071b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
	ether 00:15:5d:8a:c0:20
	inet6 fe80::215:5dff:fe8a:c020%hn1 prefixlen 64 scopeid 0x6
	inet6 fe80::1:1%hn1 prefixlen 64 scopeid 0x6
	inet6 2003:da:a718:43f0:215:5dff:fe8a:c020 prefixlen 64
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	groups: GroupNTP GroupDNS
	media: Ethernet autoselect (10Gbase-T <full-duplex>)
	status: active
	supported media:
		media autoselect
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Only thing I've seen so far is this post on reddit:
                                            https://www.reddit.com/r/PFSENSE/comments/ssabdz/pfsense_plus_version_2201_and_pfsense_ce_version/hwznlap/

                                            Which suggests it's an issue with the VMQ support that is now functioning in 2.6.
                                            However it looks like several of you have tried running SR-IOV or were already with no improvement?

                                            Steve

                                            D 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.