WiFi is slower with pfsense vs Untangle. Any thoughts?

Cool_Corona

@bokolobs I see the same with VPN. Pfsense is unusable using SMB working on 20+ ms latency connections.

If I work via RDP it superfast. Connection is 4ms without pfsense in between. With pfsense and VPN it adds 22ms of latency and I bet thats what you see.

Something has happened with releases since 2.4.5 that has a performance hit.

bokolobs

Just to add, here's my wired speedtest.net results.

pfsense, bottom 3 without shaping, top 3 with shaping (650 Mbps both ways). I tried configurations from the Netgate documentation, Tom from Lawrence Systems, and SANS Internet Storm Center. They give similar results.

Untangle results, bottom two without QoS, top 3 with QoS.

I'm thinking it's related to my WiFi issue. Could it be driver and/or CPU related? Also, correction: I have a 800 Mb/1 Gb connection not 1/1 Gb.

Thanks to all who replied.

RobbieTT

@bokolobs
I'd ignore all data with QoS enabled as Untangle and pfSense use FQ_CoDel in subtly different ways.

Looking at the unfettered data the bandwidth delivery over copper looks pretty much identical, even with ToD changes, which is nice.

Over wifi the results are comparable with upload bandwidth and within normal run-to-run variance, especially with the significant ToD changes. Wifi is a shared medium and the AP and client have to wait their turn if there are other neighbouring wifi users sharing the same channels. Pretty-much all phones have only 2 streams available, limiting their co-channel options as well as the total physical bandwidth, no matter what the AP is physically capable of.

In real-world conditions we don't tend to focus at all on wifi download bandwidth as interference, co-channel systems and (increasingly) more than one BSSIDs in use even on home AP equipment. As well as additional BSSIDs, beacons, frame spacing, packet wrapping et al, we also have the 'issue' of UDP packets requiring 'acks' when they traverse a wifi segment. Testing on upload-only reduces the effect of these as the bottlenecks move closer to the device under test. [Clearly this is not how we test devices on a chamber run.]

To gain more insight you could run Wireshark / pcap on the wifi side of the network, to see if there are an unusual amount of failures and/or retransmits or increased fragmentation between the 2 different router OS's, but this would probably be more for curiosity than anything else. In either case you are getting reasonably high throughput on both setups in a short-range single-client test. In reality wifi tends to be used for multiple clients at more intermediate or longer ranges, where air-time limitations dominate over simple single-client bandwidth tests.

️

stephenw10

@bokolobs said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

Could it be related to the bios setup?

Very unlikely. There's nothing there that could affect it like this.

Really there's nothing pfSense can do to that would affect the wifi connection. It sees that connection exactly the same as a wired connection.

So I agree I would be trying to check the wired connection between pfSense and the AP.

And I would double check the latency between the various setups because that can make a significant difference to throughput and it is something pfSense could influence.

Steve

bokolobs

@robbiett @stephenw10
Thank you for your insights.

In real-world conditions we don't tend to focus at all on wifi download bandwidth as interference,...
Very unlikely. There's nothing there that could affect it like this.

Really there's nothing pfSense can do to that would affect the wifi connection. It sees that connection exactly the same as a wired connection.

I get this. And I hope really that this was the case for me. But it's the consistent difference in the test results between Untangle and pfSense (single AP, single client) that I want to understand.

To gain more insight you could run Wireshark / pcap on the wifi side of the network,...

Yeah, this is the next step. I had the house to myself last weekend so I was able to do these tests. But...

In either case you are getting reasonably high throughput on both setups in a short-range single-client test. In reality wifi tends to be used for multiple clients at more intermediate or longer ranges, where air-time limitations dominate over simple single-client bandwidth tests.

You're right about this. My wife and kids didn't notice any difference between one year of Untangle, followed by months of pfSense, followed by one week of Untangle, followed by one week of pfSense, etc. It's me who is bothered by that marginal difference. I also notice a lower latency when I play online in my Playstation when using pfSense. The rest of my vanilla network set up is pretty much the same between the two OS's (Wireguard, DNS/IP blocking, VPN client).

SteveITS

@cool_corona SMB is its own thing...pretty sure I've seen a thread or two this year about SMB over Internet but am not finding it in a quick search. Typical things to check are the RSC setting and SMB version. Also this thread is only about Wi-Fi speeds not wired which are apparently just fine for OP.

Just for fun, in our data center:
PING google.com (142.250.190.46) 56(84) bytes of data.
64 bytes from ord37s33-in-f14.1e100.net (142.250.190.46): icmp_seq=1 ttl=121 time=1.41 ms
64 bytes from ord37s33-in-f14.1e100.net (142.250.190.46): icmp_seq=2 ttl=121 time=1.33 ms

stephenw10

@bokolobs said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

I also notice a lower latency when I play online in my Playstation when using pfSense

Hmm, interesting. Is that wifi connected?

When looking at wifi vs wired connections what I might expect to see it increased latency and packet loss. Both of which would affect maximum throughput significantly. Any additional latency pfSense might introduce could affect it further and potentially more than you might expect. More than it would over the very low latency on a wired connection.

johnpoz

@steveits said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

SMB over Internet

I think this is answer to wrong thread? @Cool_Corona hasn't posted in this thread - and smb over the internet is not the topic of this thread ;) hehehe

RobbieTT

@johnpoz said

I think this is answer to wrong thread? @Cool_Corona hasn't posted in this thread - and smb over the internet is not the topic of this thread ;) hehehe

Well, apart from when he did.

️

stephenw10

Yeah I will say that smb is a good indicator of latency! smb v3 less so but still...

bokolobs

@stephenw10

Hmm, interesting. Is that wifi connected?

Playstation is wired. By lower latency, I mean I get 30 ms ping when playing using pfSense compared to ~35 ms when in Untangle. I also noticed that when I do the network test, NAT Type 2 gets recognized quicker in pfSense than in Untangle.

I'm sorry if we're veering off topic. I view these things as related as everything is the same except the OS of the router appliance. It may be possible that I have not been using the optimized setting for my particular box. I will try pfSense again this weekend and post my settings here.

Thanks again!

Dobby_

@bokolobs

I'm using 4-port Intel I225-V(3) in a Qotom N5105 device with 128 GB M.2 NVME and 8 GB RAM.

And on that hardware, you where installing both OS?
I mean Untangle and pfSense, were both installed
bare metal on that hardware? Sorry for the
question but this was clear to me.

Don´t get me wrong here at this point, but if
untangle is based on Linux it is more near codec to the
hardware and so it runs a bit more liquid and smooth,
not even but often then BSD based systems. It is nothing
wrong with BSD based systems, they are offering often more hints and "tune ables" then given by Linux, but
BSD based systems need a bit more let us call it horse power from the point of view from the hardware.

So I would not really surprised if you are trying out OpenWRT against pfSense and Untangle it present
once more other numbers to you.

bokolobs

@dobby_

Hi! I’m using it bare metal, no virtualization. I wish I knew what the tune-ables are so that I can get the same performance as I’m getting from Untangle. I also wish someone else would test it just to make sure I’m not crazy.

Dobby_

@bokolobs said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

Hi! I’m using it bare metal, no virtualization.

Oh that was not clear to me.

I wish I knew what the tune-ables are so that

This was only an example

I can get the same performance as I’m getting from Untangle.

If may have a stronger hardware I would say you see the
and reach the same numbers as with pfSensen too.

I also wish someone else would test it just to make
sure I’m not crazy.

You aren´t and if you give let us say OpenWRT an chance you may be see better numbers or the same as with any
other Linux based platform, it is not new and it is also often not recognized by users that BSD based system
are also near to the hardware acting and mostly
offering more capabilities, but on the other side BSD
needs some more horse power from the hardware.

SteveITS

@bokolobs said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

Yes, there is an Omada PoE switch between the router and the AP. I tested the wired connection to the iMac two ways: directly connected to the router (router as server: ~2.35Gbps -R: ~2.20Gpbs); connected to the Omada switch (940/920 Mbps).

Maybe I'm missing it but somewhere in this thread did you test:

iMac - switch - AP - wireless client

? Then the router is not involved. I realize it's probably a pain to be reinstalling pfSense/Untangle all the time, unless you have a spare drive. Which at today's speeds might not be faster to swap. (ya know, there was at least some benefit to running m0n0wall off a CD...)

bokolobs

@steveits
Hi.

iMac - switch - AP - wireless client

Nope, I didn't do this. I tested using iperf package in pfsense
router -> iMac (2.35/2.20 Gbps)
router -> switch -> iMac (940/920 Mbps)
router -> switch -> AP -> wireless client (~600/~500 Mbps)

I can't compare directly with Untangle. I don't know how to setup an iperf server in Untangle.

Thanks again.

Patch

@bokolobs while you are using iperf in pfsense your results are meaningless

bokolobs

@patch Oh? Why is that?

Gertjan

@bokolobs That hasn't been said in this thread yet.
(can somebody cut and paste that one here please ? )

Let me pick one reason : because the apps you use don't run on pfSense, they are on some device connected on a LAN port.
The traffic speed that you want to know is the traffic that flows through pfSense, not emitted from, or received by pfSense as an endpoint.

You can, of course, run speedtest on pfSense.

Patch

@bokolobs said in WiFi is slower with pfsense vs Untangle. Any thoughts?:

Oh? Why is that?

Two reasons.

1. pfsense is not optimised to work that way. It is optimised for throughput.

2. Iperf is an extra application running on the router, reducing resources available for pfsense