Incorrect bandwidth monitor values

MindlessMavis

This post is deleted!

stephenw10

Do you expect to see more Out than In there? How does it compare with vmx0?

It calculates the rates based on how much has passed in the last minute. It looks like the total counts are correct so for some reason it's seems to be miscalculating it... hard to see how though.

MindlessMavis

This post is deleted!

MindlessMavis

This post is deleted!

stephenw10

Hmm, if you unassign the OpenVPN client does it show traffic correctly on WAN?

Unless somehow that VPN client is not running on WAN I would expect to see the encrypted traffic there.

It would not surprise me to find a 3rd party VPB provider passing all the traffic though. Pretty much all setup guides will have you set the VPN as the default route. Where is that upload traffic going to? How can you be sure it's not going over the VPN?

MindlessMavis

This post is deleted!

stephenw10

Well either the values reported by pf are incorrect or RRD is pulling data from the wrong sources.

Check: /var/db/rrd/updaterrd.sh

That will show you where RRD is pulling data from for WAN out.

Steve

MindlessMavis

This post is deleted!

stephenw10

Well first off all does the data coming from pfctl look correct to you? I have no way to know if you have reset the interfaces etc.
If not then we can try to dig into that. I've never seen that come back incorrectly though.

Do you have any rules on WAN that are passing without logging perhaps or somehow passing without creating a state even? Hard to imagine you would but...

Steve

MindlessMavis

This post is deleted!

stephenw10

Is the last cleared date you're seeing there when pfSense was last rebooted?

MindlessMavis

This post is deleted!

stephenw10

Hmm, do you see an outbound state for the openvpn traffic on vmx1?

MindlessMavis

This post is deleted!

stephenw10

Hmm, you could try something more radical like importing the config into a new VM and seeing if it's still replicated.

MindlessMavis

This post is deleted!

stephenw10

Mmm, I mean it looks like some values have been switched somehow such that pf is referencing the wrong interface(s). But if that was the case I would expect the policy routing and firewall rules to also be wrong. Also I've never seen that happen before and really I have no idea how it could!

I could imagine the interfaces becomes switched, for example ovpnc2 is no longer the tunnel you think it is. Or the interfaces are re-ordered in vmware. But that would not account for traffic switching from vmx to ovpn.

MindlessMavis

This post is deleted!

stephenw10

You could create a new NIC on the same vswitch and then reassign WAN to that, vmx2 for example.

pf has an interface for all OpenVPN traffic that is uses for firewall rules on unassigned interfaces. I wonder if somehow the ovpnc8 graph is pulling data from that. Though that would still include data from ovpnc9.

For anything like that to happen it would have to very low level. I assume ifconfig still reports the correct number of interfaces with the correct names?

Steve

MindlessMavis

This post is deleted!