Home lab 2.2-ALPHA (amd64) built on Fri Apr 4 19:11:47 CDT 2014



  • Hi

    Some Feedback/Problems in a real home environment.

    System:
      2.2-ALPHA (amd64)
      built on Fri Apr 4 19:11:47 CDT 2014

    Cpu: Celeron(R) CPU E1200 | MotherBoard: Wolfdale1333-D667

    NIC's: Internal old realtek (no use but enabled) and Intel® PRO/1000 PT Dual Port Server Adapter (WAN/LAN= PPPoE(em0)/Static-IPv4(em1))

    Some problems:
      - Can't have DNS ips from provider in WAN (PPPoE in em0 ). Have to use google DNS or OpenDNS in System-> General Setup -> DNS Servers
      - DNS Resolver - can't delete Host Overrides or Domain Overrides
      - Can't start IPSec, is Stopped (i think you know that ).
      - IPSEC tab (VPN-> IPsec): Saving phase 1 gateway creates new gateway.

    Some feedback.
      - I don't know what is changed but i like it .I will keep this version (2.2) because of this and to give some feedback of course. I have a very slow connection 2048/512kbs (1780/420) and with 2.2 i can keep my "no real time connection" more close at the maximum and have a good performance in the real time stuff. Or maybe is some else.
      - 8%-9% (2GB ram) memory usage less than in 2.11, very stable, but without ipsec service ruining. I don't remember memory usage in 2.1(2.11) but always have more than 10%.

    Request/discussion:
    Parameter to choose queue to anti-lookout rule with minimum specs (packets or/and bandwidth ) when LAN traffic shaping enabled.

    Whay?. The wizard create a qLink with 500 packets/s, this is ok but unknown protocols from the wan end in this queue and kill my slow connection. If i put a minimum bandwidth i have a controlled download internet connection but a slow pfsense access and interfere with wan downloads when i access pfsense because anti-lockoute rule is always in the default queue. Put endless floating rules doesn't seem a good idea.

    So i disable anti-lockout rule, create a qLocal and a qDefault (default queue), create rule (LAN interface or group with local interfaces) to put Lan-Net to  Lan-Net with qLocal. Of course i have to be careful to not lock myself  to pfsense. Happens, one time, because i put qLink with 2 packets and my goal is to put priority with 2 and the anti-lockout rule don't save me, 2 packets don't do well whatever protocol, my fault. Maybe i can create some floating rules to solve this, but one more time, to much floating rules is not good in my point of view.

    Tree of My LAN Traffic Shaping, only to see my objective, better, i hope:

    LAN (HFSC) 800Mbps
      qInternet (1700kbs)
        qRealTime
          qACK
          qVoIP
          qMax (top priority service, the motive i enable traffic shaping, very very latency dependent, same on WAN interface, no need much bandwidth 70-80 kbps max)
          qGames
        qNoRealTime
          qDefault (Default. I want unknown connections to live here to prevent create endless float rules to a controlled queue )
          qP2P
          qOthersHigh
          qOthersLow
      qLocal (700Mbs) (Local net to Local net, pfsense access, etc… and i like anti-lockout be here )

    Thanks for attention and cya



  • @mais_um:

    • DNS Resolver - can't delete Host Overrides or Domain Overrides

    That is fixed now amongst some other things as well.



  • You can set a queue for your anti lockout by floating rules with Queue action.



  • @wagonza:

    @mais_um:

    • DNS Resolver - can't delete Host Overrides or Domain Overrides

    That is fixed now amongst some other things as well.

    I want to try but snapshots does't get out, only full and 512mb (amd64) seems ok by the size of the files I need 1GB vga.

    Edit: Someones from 28 are ok like pfSense-2.2-DEVELOPMENT-1g-amd64-nanobsd-vga-up..> 28-Apr-2014 05:59      83363092

    @erma - l i try using floating rules with and without quick (i wait loooooong time ,  maybe i should restart the box).

    Is IPsec working? i whant to try windows phone 8.1 VPN, use iKEv2, needs strongSwan. Last i test (24 Apr 2014) service does't start.

    /dev/cuaU0.x (Huawei e392) does't appear in ppp Edit -  Link interface(s) seems fine in dmesg, i will compare with 2.1

    Thanks, cya