WAN is pegged
-
Hello,
I'm new to pfSense so I'm not yet comfortable troubleshooting potential issues. Frequently today, our WAN1 interface has been pegged at 1.52 Mbps. I can capture packets but that does not tell me much. NTOP in pfSense is not that helpful, but I'll admit I really am no expert with the application.
The WAN interface is used for 4 of our remote, IPsec VPN tunnels. There is a separate interface for Internet traffic. There is nothing, seemingly, happening at the remote sites that would cause such a bandwidth anomaly.
The circuit is pegged mainly inbound.
What can I do to find out what is using the circuit and how much bandwidth is being used?
-
For bandwidth monitoring, say per IP on your LAN, take a look at the bandwidthd package. Graphs and classifies traffic per IP; classifications are http, vpn, p2p, tcp, udp and icmp. Works great for me.
For deeper insight you might look into suricata or snort. Those take a higher toll on CPU.
-
I'm looking at bandwidthd now. Thanks. I really think this is what I am looking for. Also, I actually have NTOP working correctly now; things like Network Throughput, Top Talkers and App Protocols are actually returning data.
Thanks for the input.
-
Status->Traffic Graph might give you enough info now to get you looking in the right place without installing other packages..