@johnpoz said in SG-3100 switch weird behavior (resolved):

once you put it up, I will give it a go via a VM maybe. I don't as of yet have a pi4 to play with.. Been looking for an excuse to get one hehe.. But they have been hard to find as well, I would prob go with the 8GB ram model as well.

Done, english is not my first language so I hope its okay.

https://forum.netgate.com/topic/175394/graylog-server-on-a-raspberry-pi

You can only choose a switch port on one interface as you found. If you leave unset it will use the actual VLAN status which takes it's state from the parent interface. In this case though that's the in internal port which is always UP.

No, there's no private VLAN type function. That would need to be on a switch where hosts are connected directly.

Steve

@steveits Thanks for your reply. I am aware of the changes. I was initially on 2.4.5, then went to 21.02-p1, and am currently on 21.02.2.

As mentioned, the issues started after the 'upgrade' from 2.4.5. But a few details that I will add since I was thinking back:

Very rarely, the speed on transfers does go up to the expected speed of around 40 MB/s and lasts a few minutes, but then returns to the around 8 MB/s. Unfortunately didn't catch the logs when this happened.

Also, the logs look normal, just the dashboard checking the IPsec status in the normal fashion.

CPU usage does rise when Async is turned off, but speeds stay basically the same regardless.

The issue is not like what is mostly mentioned by others, where the tunnel does not stay active. Mine does stay active, and is rather stable, its just that the speed is much slower than previous, with the same settings.

hi all can i ask if is that possible when you used ipsec vpn in pfsense . im using vmware workstation in my laptop. when i tried to connect to another pfsense which is located to another site it doesn't work for me please help

My laptop connect to isp then i installed vmware workstation at my laptop then setup pfsense server.

@mwc-0
Resolved. It turns out that there was a stbility issue with the packet stream from the modum. ROKU and Amazon Echos were not sensative enough for the issue to count. No SG 3100 problems once it was getting a decent packet stream.

Response from Netgate Support:
"Powering that device with the USB port should be fine."

Chris

Nice catch! Thanks for the follow up. 👍

Yeah moved, sure didn't belong in the TNSR section.

Post your Rules (Screenshots).

-Rico

@KOM said in Setting up DNS *correctly*:

enable resolver, disable forwarder, check DNS Query Forwarding and put 1.1.1.1 under System - General Setup - DNS Servers.

This is the exact configuration I went with. Thank you very much for the help!

Yes I know, AES-128-CBC was the maximum Speed for my SG-3100.

-Rico

Correct, the patches above are copies of the changes made in the repository that will be used to build pfSense 2.4.4-p1. So not "hacks" exactly.

If it's all working for you now then there shouldn't be anything to worry about. When you upgrade to 2.4.4-p1 the manually edited files will be replaced with the copies from the new release, which already contain these changes.