Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 8 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cool_CoronaC
      Cool_Corona @itwerks
      last edited by

      @itwerks Speed is horrible on 2.6.0 compared to 2.5.2.

      And it was slower than 2.4.5p1.

      So "nudging" clients towards TNSR or the + version by gradually slowing things down despite peoples bandwith and hardware goes up a notch.

      I have a 2.2.6 version running full 10gbit speeds and on the same hardware I hardly get 3,5gbit on the latest stable 2.5.2

      I 1 Reply Last reply Reply Quote 0
      • B
        bPsdTZpW @itwerks
        last edited by

        @itwerks said in Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade:

        Bare metal install, after upgrading my downstream bandwidth seems capped at ~ 10% of what it was before upgrading. Prior to upgrading 60-65MB/s, after upgrading 6.5MB/s. I see there are threads about an issue with 2.6 running virtualized but I don't see any references to this issue on bare metal installations.

        Is anyone else having similar issues after upgrading?

        No. I get ~500Mb/s up/down over OpenVPN on 2.6CE on a 1Gb/s fiber line using Celeron 3865U-based hardware. I haven't tested the non-VPN speed, but it's clearly >> 500Mb/s. Possibly you're having a NIC issue? FreeBSD seems to do well with Intel NICs, but maybe not others.

        I T 2 Replies Last reply Reply Quote 0
        • JKnottJ
          JKnott @itwerks
          last edited by

          @itwerks said in Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade:

          Is anyone else having similar issues after upgrading?

          I'm still getting over 700 Mb (sometimes well over) on my 500/20 connection.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • I
            itwerks @bPsdTZpW
            last edited by

            @bpsdtzpw I'm running Intel pcie nics for both wan and lan, I've got a Netgear USB nic serving my dmz but I'm not even concerned about it at the moment. I'd rollback if I could find an official image and a backup would restore my certs and OpenVPN config.

            S 1 Reply Last reply Reply Quote 0
            • I
              itwerks @Cool_Corona
              last edited by

              @cool_corona what hardware are you running on?

              Cool_CoronaC 1 Reply Last reply Reply Quote 0
              • I
                itwerks
                last edited by

                Update: FALSE ALARM... I double checked overall network health and discovered the machine I was having issues with had a nic that had fallen-back to 100Mbit... Switched ports on my switch and downloads are back to expected speeds.

                Thanks for the replies, appreciate the engagement.

                1 Reply Last reply Reply Quote 1
                • T
                  thiasaef @bPsdTZpW
                  last edited by thiasaef

                  @bpsdtzpw said in Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade:

                  No. I get ~500Mb/s up/down over OpenVPN on 2.6CE on a 1Gb/s fiber line using Celeron 3865U-based hardware. I haven't tested the non-VPN speed, but it's clearly >> 500Mb/s. Possibly you're having a NIC issue? FreeBSD seems to do well with Intel NICs, but maybe not others.

                  Lol, I get 60 MBit/s on a Celeron 3867U and 350 Mbit/s on a Threadripper 3970X, and I spent 2 days trying to improve the performance with no luck.

                  And by the way, on 2.4.5-p1 I got 350 Mbit/s on the 3867U, last time I tried. ^^

                  stephenw10S 1 Reply Last reply Reply Quote 0
                  • Cool_CoronaC
                    Cool_Corona @itwerks
                    last edited by

                    @itwerks 9ac82a73-1c43-4384-bbf5-ff14b440e1e8-billede.png

                    Test rig.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator @thiasaef
                      last edited by

                      @thiasaef said in Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade:

                      Lol, I get 60 MBit/s on a Celeron 3867U

                      That's worse than you can get with the lowliest Atom. Something pretty seriously wrong in that setup if that's all it can pass. That or it's massively overloaded in some part of the path.

                      Steve

                      T 1 Reply Last reply Reply Quote 1
                      • T
                        thiasaef @stephenw10
                        last edited by

                        @stephenw10, yes, there is obviously something wrong. The symptoms are that the CPU load is relatively low (~ 16 %) and that there is no speed improvement when I disable the encryption entirely.

                        Here are some more details: https://forum.netgate.com/topic/154665/openvpn-slow-local-network-test/38?_=1646583954636

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Oh, OK so you're only seeing those speeds over OpenVPN?

                          I misread that then. 60Mbps is still pretty bad though, assuming the latency over the tunnel allows more of course.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • M
                            michmoor LAYER 8 Rebel Alliance
                            last edited by michmoor

                            I also want to chime in here and say there is definitely something wrong with the codebase in 2.6. I have posted here and on Reddit with decent advice from the community but untimely still having a problem.

                            Site 2 Site VPN. Previously both firewalls on each side were OPNsense. iPerf test I would get great speeds. 100/100Mbps. I changed one site to Pfsense. The best I can do is 20Mbps. This isn't an MTU issue. Moved the device back to OPNsense and speeds are back up to 100Mbps during iPerf test. This is a vanilla IPsec turn-up. I tested throughput with IPsec and Wireguard and the results are the same. Low throughput. The problem is 100% on PFsense but no indication as to why. CPU util is very low. Memory util is very low. Basically, this system is oversized for this site. Was working without issue on OPNsense.

                            edit: Let me also be clear that this is for some reason only with Site 2 Site VPN. If I do Remote Access VPNs on a mobile client then I get very high throughput. A normal speedtest to the Internet at both sites reveal good throughput. Im not sure why but my low throughput is only affected when its a site2site set up either through IPsec or Wireguard.

                            Firewall: NetGate,Palo Alto-VM,Juniper SRX
                            Routing: Juniper, Arista, Cisco
                            Switching: Juniper, Arista, Cisco
                            Wireless: Unifi, Aruba IAP
                            JNCIP,CCNP Enterprise

                            1 Reply Last reply Reply Quote 2
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              And you don't see that if you use 2.5.2 at one end instead?

                              What did you do to determine it's not an MTU issue?

                              You have a link to a thread I can review?

                              Steve

                              M 1 Reply Last reply Reply Quote 0
                              • M
                                michmoor LAYER 8 Rebel Alliance @stephenw10
                                last edited by michmoor

                                @stephenw10
                                Its not MTU for these reasons;

                                1. Its not present with the OPNsense implementation with the MTU set for 1400 which is by default.
                                2. Changing MTU values from 1300 to 1400 make no difference on the pfsense side.
                                  -edit-
                                3. Testing MTU with icmp pings, I cam able to send up to 1472 bytes before the DF bit hits me and packets dropped. Tried on both Linux and Windows clients.

                                I did not try 2.5.2 prior to this. This is a clean install to 2.6. There were no previous configuration to restore.

                                https://www.reddit.com/r/PFSENSE/comments/sso59f/wireguard_throughput/

                                Im fully open to a Zoom tshooting session at this point.

                                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                Routing: Juniper, Arista, Cisco
                                Switching: Juniper, Arista, Cisco
                                Wireless: Unifi, Aruba IAP
                                JNCIP,CCNP Enterprise

                                1 Reply Last reply Reply Quote 1
                                • S
                                  SteveITS Galactic Empire @itwerks
                                  last edited by

                                  @itwerks said in Extremely poor speeds after 2.5.2 CE to 2.6 CE upgrade:

                                  find an official image

                                  Just for reference, https://www.pfsense.org/download/, don't select an Architecture, and click Download, it will pull up a mirror with several versions.

                                  backup would restore my certs and OpenVPN config

                                  You probably can't restore to an earlier release but if you had a backup from before the upgrade (hint) just restore that.

                                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                  Upvote 👍 helpful posts!

                                  I 1 Reply Last reply Reply Quote 2
                                  • I
                                    itwerks @SteveITS
                                    last edited by

                                    @steveits thanks for the tip re old releases. Lesson learned.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.