WAN is pegged

  • Hello,

    I'm new to pfSense so I'm not yet comfortable troubleshooting potential issues.  Frequently today, our WAN1 interface has been pegged at 1.52 Mbps.  I can capture packets but that does not tell me much.  NTOP in pfSense is not that helpful, but I'll admit I really am no expert with the application.

    The WAN interface is used for 4 of our remote, IPsec VPN tunnels.  There is a separate interface for Internet traffic.  There is nothing, seemingly, happening at the remote sites that would cause such a bandwidth anomaly.

    The circuit is pegged mainly inbound.

    What can I do to find out what is using the circuit and how much bandwidth is being used?

  • For bandwidth monitoring, say per IP on your LAN, take a look at the bandwidthd package.  Graphs and classifies traffic per IP; classifications are http, vpn, p2p, tcp, udp and icmp.  Works great for me.

    For deeper insight you might look into suricata or snort.  Those take a higher toll on CPU.

  • I'm looking at bandwidthd now.  Thanks.  I really think this is what I am looking for.  Also, I actually have NTOP working correctly now; things like Network Throughput, Top Talkers and App Protocols are actually returning data.

    Thanks for the input.

  • LAYER 8 Netgate

    Status->Traffic Graph might give you enough info now to get you looking in the right place without installing other packages..

Log in to reply