ang masakit lang kasi sa youtube is CDN based sya so hindi mo sya ma lil-limit (technically you can but it will be very messy) with just pfsense only alone (no package reliance).
one thing you can do to limit it is using squid proxy (no need for caching, just a regular proxy server). marami naman guide sa google how to bandwidth limit youtube using squid.
-- edited by polka on Nov 11 2016, 07:51 AM
Forum Topic
Unified PFSense Users
-
my recent experience with pfsense
scenario: setup a local home network router using the spare parts that my client had
* Intel D510MO Pinetrail based ATOM board
* 4GB od DDR2 RAM
* a slick case and pico PSU (all bought from lazada as my client said)
* a 8GB USB Stick full install pfsense (with logging written on ram only and basic stock config, no proxy caching)
* U.Fl to RP-SMA WiFi antenna adapter (bought from lazada as well, meron available locally pero sobrang mahal, 450 each wag na oi compating to lazada listing which is cheapest is 320pesos per pair).
* Atheros 9285 mini pcie wireless card
* Intel PRO 1000MT Dual port PCI land card
- Assembled it within 10minutes all went good until I bump to these issues:
* For some reason built-in realtek card doesnt work (even with system tunables that I set and disable TCP offloading), I also noticed that the card is not linking to gigabit link speed (randomly stuck at 10 or 100mbps link speed)
Fix: I remembered with someone who said here in TPC that he was having issues with same motherboard with onboard LAN or vice versa? doesnt work on pfsense and setting the Storage controller from IDE to AHCI fixed it immediately. (who ever you are thanks!)
* using the builtin mini PCI-e wireless card slot to fit in the Atheros wireless card, installed the antenna cables and whatsnot and encountered with a bunch of issues. 1 is some wifi devices cant connect through it and some do, I adjust the Key setting I think to Pre-Shared key or something and that fix the issue, 2 I get a lots of ath_wlan0 warning about ( ath0_wlan0: discard frame w/o leading ethernet header (len 6 pkt len 6)) 8 of this errors in syslog per 3-4 minutes, the fix is set the regulatory and country to default. (meh I just want to follow the Philippines regulation regarding wifi but this prevents me from doing it so meh).
After that, all went smooth na.
- Set up the Wireless card to have 2 SSID one for Private use and one for public use with captive portal. So lahat ng gustong maki gamit ng wifi nila kailangan nilang bumili ng coupon code sa kanila.
- Average power consumption of the unit is 18watts at idle 24watts at full load. :) - Post deleted #11810657
-
normal ba na tumaas ang latency both LAN IP at Router IP pag may naka traffic shaping?
-
nope, traffic shaping #1 goal is to minimize latency packet loss between gateway and services, or maybe the ICMP is not in high priority kaya tumataas yung ping peero kung yung ping mo is mismog local LAN IP ng pfsense dapat <1ms lang yan unless naka wifi ka which is norm na yung 1-15ms with high jumps of 200-1k+ms.
-
nope, traffic shaping #1 goal is to minimize latency packet loss between gateway and services, or maybe the ICMP is not in high priority kaya tumataas yung ping peero kung yung ping mo is mismog local LAN IP ng pfsense dapat <1ms lang yan unless naka wifi ka which is norm na yung 1-15ms with high jumps of 200-1k+ms.
un nga pinag tataka ko,
tumataas yung ping ng local ip ni pfsense kasabay ng wan ip nya, kapag nag i internet,
try ko i adjust yung ICMP nya,
eto yung ping ko, 1ms idle lang yan, pero pag nag browse/download na nag iiba na.
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=411ms TTL=64
Reply from 192.168.1.1: bytes=32 time=64ms TTL=64
Reply from 192.168.1.1: bytes=32 time=348ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=99ms TTL=64
Reply from 192.168.1.1: bytes=32 time=494ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=467ms TTL=64
Reply from 192.168.1.1: bytes=32 time=484ms TTL=64
Reply from 192.168.1.1: bytes=32 time=233ms TTL=64
Reply from 192.168.1.1: bytes=32 time=665ms TTL=64
Reply from 192.168.1.1: bytes=32 time=483ms TTL=64
Reply from 192.168.1.1: bytes=32 time=484ms TTL=64
Reply from 192.168.1.1: bytes=32 time=489ms TTL=64
Reply from 192.168.1.1: bytes=32 time=472ms TTL=64
Reply from 192.168.1.1: bytes=32 time=12ms TTL=64
Reply from 192.168.1.1: bytes=32 time=470ms TTL=64
Reply from 192.168.1.1: bytes=32 time=317ms TTL=64
Reply from 192.168.1.1: bytes=32 time=451ms TTL=64
Reply from 192.168.1.1: bytes=32 time=114ms TTL=64
-- edited by dawinsm on Nov 21 2016, 07:08 PM -
pag ganyan na its either driver issue yan ng freebsd or defective NIC.
-
pag ganyan na its either driver issue yan ng freebsd or defective NIC.
try ko palitan yung NIC, kinuha ko lang kasi yon sa mga spare parts
pero yung system ko, base naman sa dashboard kayang kaya naman nya.
<click here for link>
Intel D945GCLF2 Essential Series Mini-ITX DDR2 667 Intel Graphics Integrated Atom Processor Desktop Board
Mini-ITX /micro-ATX compatible (6.75 inches by 6.75 inches)
Integrated dual-core Intel Atom processor 330 with a 533 MHz system bus
One 240-pin DDR2 SDRAM Dual Inline Memory Module (DIMM) sockets
Intel 945GC Express Chipset and Intel I/O Controller Hub 7 (ICH7)
Intel Graphics Media Accelerator 950 & S-video output support
-- edited by dawinsm on Nov 22 2016, 10:30 AM -
guys good am to all. sino po user ng openvpn. Ask ko lang if ever connected kayo via vpn nakakapag-browse pa din kayo sa internet?
-
^saan ba naka setup yung openvpn? sa mga client pc/gadgets ba or sa mismong pfsense firewall.
pag sa mga pc/gadgets, yes openvpn still works as expected, and I dont see why it wont work, unless there a firewall rule that specifically block that kind of traffic.
pag sa firewall mismo (pfsense) then it depends but by default, lets assume you sucessfully connected to a OpenVPN conenction, this doesnt mean routed na lahat automatically yung traffic mo sa vpn, all traffic is still routed to your wan, to reroute the traffic of your lan network to openvpn or maybe specific devices lang ang dadaan sa openvpn ,etc.... you need to create a rule for that under LAN tab or on a network you want it to implement to.
-- edited by polka on Nov 23 2016, 12:12 PM -
pfsense 2.3.2 at openvpn client sa pc...
-
^if youre connected to VPN at bigla nawalang ng connection sa internet yung computer mo, wala na kinalaman yung pfsense dyan since ang nakikita lang ng pfsense is connected ka sa vpn connection mo.
saka ko lang iisipin na pfsense ang issue kung hindi ka talaga maka connect sa VPN, but in your case your connected pero wala kang internet connection after you get connected to your VPN.
with that case contact mo yung VPN provider mo since they were the one who is responsible for that kind of thing. -
Sino po nag one on one tututorial dito pa pm naman. for net shop and captive portal. paki delete nalang po admin if bawal.
-
@polka
nadali din boss.. meron pala option dun sa openvpn na block dns.
ayun gumana na din... -
Good day!
Sino dito may hands on experience sa pag setup ng OpenVPN using PFsence na napagana??
paturo naman, thanks! -
question mga sir, for dual wan, ano magandang setup, fail over o load balance
giving this 2 scenario
1. parehas unli yung pldt at globe
2. unlimited si PLDT at with capping naman si Globe.
thanks -
Good day!
Sino dito may hands on experience sa pag setup ng OpenVPN using PFsence na napagana??
paturo naman, thanks! -
question mga sir, for dual wan, ano magandang setup, fail over o load balance
giving this 2 scenario
1. parehas unli yung pldt at globe
2. unlimited si PLDT at with capping naman si Globe.
thanks
loadbalance muna, since naka loadbalance naman siguro naman hindi aabutin yung data cap ni globe. -
hi mga sir
tanung ko lang ganito kasi gusto kung setup ng network namin using pfsense
192.168.10.2- 60 lahat all access tapos the rest are block fb,youtube,lazada etc.TIA sa magrereply -
successfully added openvpn in a network and nagkita naman yung 2 pfsense
so what's next? -
uestion mga sir, for dual wan, ano magandang setup, fail over o load balance
giving this 2 scenario
1. parehas unli yung pldt at globe
load balance, or assigned kung anong endpoints kay pldt, ano kay globe, basta sabay ginagamit para utilized ang resources.
2. unlimited si PLDT at with capping naman si Globe.
load balance, or assigned basta sabay, pero pwedeng gawin na ang windows update ay kay pldt lang. or pati youtube, torr3*ts, kay pldt lang.
rest of the traffic, dalawa isp gamit. -
mga master patulong naman po pag configure ng LAG/ LACP ...I have 4 LAN ports in my system. 2 built-in realtek gigabit lan and 2 dual ports pci intel.
re0- WAN (bulit-in) 192.168.100.x
re1- LAN (bulit-in) 192.168.1.1
em0, em1---configured and member of LAG
I created already em0 and em1 for LAG (Team_LAN) sa interfaces and may static IP address na naka assigned at DHCP
LAGG0-- 172.16.16.1
1.Ang problem ko po kapag kinabit ko na sa HP switch ko na naka configured din yung LAG sa port 23 and 24 di ako maka kuha ng DHCP in this interfaces..walang IP..
2. Created rules in Firewall for LAG interfaces wala pa din..
3. Even I removed the LAG and I used em0 and em1 for additional LAN (opt) interfaces..kapag mag connect ako dito walang IP ako nakukuha..But, kapag sa simula eto ang na configure ko na default LAN ok naman..so hindi sira ang lan card ko.
Hoping someone help me to solve my issue. TIA. and Happy New year!!!
-- edited by mhugsy on Dec 31 2016, 02:28 AM -
^firewall rule issue malamang. go to firewall and set it to allow all traffic. see if you can lease a DHCP after that, if you can lease a IP from local DHCP server from pfsense, then internet connection may also pass through, you can also add additional rules like avoiding communication with other subnet by adding a block rule from the destiation side under LAN Network with source as your LAGG network. make sure that the block rule is above the default allow rule and youre golden.
-
Thanks po sa comment Sir polka..eto po yung firewall rules ko..ginawa ko yung tulad ng nasa defualt pero wala pa din po eh..
[/URL] -
^weird 0bytes pa rin yung states nya. double check mo yung config mo sa lagg, i-set mo yung lagg protoco (if I see it correctly on screenshot naka set sa NONE yung sayo)l na supported ng switch mo, usually LACP is supported so set that on your LAGG interface and as well set that in your managed switch.
technically it should work after that, but havent tried this yet since wala pa akong real world case scenario that link aggregate a two NICs for a firewall, since usually a 1GigE is enough for most of my implementation because PH internetz. Alhough I use redundancy using CARP so just in case that shit happens, my backup router can failover to it. -
@polka, Sir ok na working na po..thanks sa help.. Happy New Year!!!
-
Weird yung problem ko..I'm trying to re install uli si pfsense ko ..configured again some settings...pero ganun n naman hindi ako makakuha ng IP from DHCP from LAG port..Di ko lang na backup yung last config ko.. nakakapag taka gumana na sya last night ok na..Pero now nawala n naman after ko ire-format at re config..haissstt..ano kaya problem nito.
kapag nag static ip address ako sa LAN2(LAG Port) ko..ok naman..may palo ng internet..pero kapag inalis ko na..wala hindi makakuha ng DHCP..ano po kaya problem nito? TIA
-- edited by mhugsy on Jan 02 2017, 01:53 AM -
happy new year to all!
tanong lang po sa mga firewall users:
looking on the other side of the coin,
ano ang mga disadvantages ni pfsense, at mga dahilan bakit hindi sya pwedeng gamitin sa corporate set up.
ano ano ang mga negative nyong experiences sa pag gamit ng pfsense?
ano anong mga features ang wala sa kanya compared sa mga branded na firewalls. -
pfsense di kaya mag block ng ransomware Sir..saka sa mga latest na proxy sites..medyos hirap mag block..if using ng community edition..Di ko lang sure sa gold subscriptions nila..
I compare pfsense community edition sa sophos home xg, mas ok ang sophos pagdating sa security features..
nagustuhan ko sa pfsense...panalo yung captive portal services..madali lang i-configure at i-customized...
-- edited by mhugsy on Jan 04 2017, 06:53 PM -
sa homebase internet cafe namin gamit si pfsense, flexibility talaga ang na gustohan namin sa kanya, as of now loadbalance, bandwidth management at captive portal ang pinaka use namin sa kanya.