Ah, didn’t realize pfSense is the OS, not something that runs on linux. My command examples won’t work for you.

So my first question is how can it be that my little mini J1900 Celeron (2 GHz) with 4 GB RAM cannot handle this bandwith?

• check ethtool for link speed: sudo ethtool enp2s0 | egrep 'Speed|Duplex' Your device name may be different from enp2s0. use ip link to see all devices. if it’s not

Speed: 1000Mb/s
Duplex: Full

then that’s probably a bad sign.

• that is a 10 year old celeron processor. celeron were the budget (a.k.a. cheapest, slowest) class processor at the time. it’s quite likely that it cannot keep up.
• If you still think it’s not CPU directly, use iotop to see if you have I/O bottleneck.

dmesg | less should allow you to scroll the output. You should use forward slash in less to search for the devices (hit enter), see if the modules are being loaded or if there some errors.

check lsmod before and after see what kernel modules are changing.

also look at dmesg for interesting kernel messages as you attempt to use / not use the offending hardware.

tcpdump, wireshark can capture packets.

haproxy can be a proxy of many networking protocols

mitmproxy can help see encrypted traffic by acting as a literal man in the middle.

ssh with certain parameters can become a SOCKS5 proxy to encrypt and tunnel traffic out of a hostile network

There, their its are not it’s they’re its. It’s as simple as “its”, as it’s the its it’s.