Slow download speed
-
No loss
208.123.73.209 ping statistics ---
23 packets transmitted, 23 received, 0% packet loss, time 22029ms
rtt min/avg/max/mdev = 140.357/147.701/152.623/5.680 ms -
Mtr, HE is really bad...
My traceroute [v0.94] as.rasca.local (10.10.0.82) -> 208.123.73.209 2025-08-13T21:27:40+0200 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. _gateway 0.0% 7 0.3 0.3 0.2 0.4 0.15 2. 77-38-56-1.dynamic.telemach.net 0.0% 7 2.3 4.4 1.9 13.3 4.24 3. 185-66-148-89.static.telemach.net 0.0% 7 2.2 3.4 1.9 11.3 3.5 4. 100ge0-36.core1.lju1.he.net 0.0% 7 14.5 8.7 7.3 14.5 2.68 5. 0.4-66.core2.vie1.he.net 28.6% 7 10.0 7.8 7.1 10.0 1.2 6. 100ge0-63.core2.par2.he.net 71.4% 7 26.2 26.2 26.2 26.2 0.0 7. port-channel11.core2.nyc4.he.net 66.7% 7 96.8 96.8 96.7 96.7 0.08 8. port-channel11.core1.ash1.he.net 66.7% 7 101.6 101.7 101.6 101.9 0.2 9. port-channel1.core3.ash1.he.net 50.0% 7 102.8 102.9 102.8 102.9 0.1 10. twc-7843-bb-as7843.e0-33.switch1.ash1.he.net 0.0% 7 104.4 101.8 100.9 104.4 1.2 11. lag-310.asbnva1611w-bcr00.netops.charter.com 0.0% 7 128.8 129.5 128.8 130.7 0.8 12. lag-407.atlngamq46w-bcr00.netops.charter.com 42.9% 7 134.8 132.9 128.4 140.2 5.78. 13. lag-405.hstqtx0209w-bcr00.netops.charter.com 0.0% 7 127.5 127.8 127.5 128.1 6.9 14. lag-1-10.rcr01hstqtx02.netops.charter.com 0.0% 7 126.6 126.6 126.4 126.6 0.17 15. lag-9.mcr02hstqtx02.netops.charter.com 0.0% 7 128.8 128.8 128.6 129.0 0.21 16. lag-102.mcr02snavtxuu.netops.charter.com 0.0% 6 141.1 141.2 141.1 141.3 0.1 17. lag-101.mcr02snantxvy.netops.charter.com 0.0% 6 140.1 140.5 139.5 144.7 2.16 18. 1ag-102.mcr02ausdtxir.netops.charter.com 0.0% 6 140.2 140.2 139.6 142.6 1.27 19. syn-076-058-033-033.biz.spectrum.com 0.0% 6 141.4 140.9 140.6 141.0 0.24 20 syn-024-073-241-243.biz.spectrum.com 0.0% 6 142.0 141.1 140.5 142.0 0.64 21. syn-097-105-026-206.biz.spectrum.com 0.0% 6 156.9 152.3 151.2 156.9 2.36 22. 2t66-219-34-194.static-customer.corenap.com 0.0% 6 151.5 143.0 141.0 151.5 4.2 23. fw1-zcolo.netgate.com 0.0% 6 152.5 147.3 141.3 153.1 6.1 24. 208.123.73.209 0.0% 6 169.9 149.5 140.2 169.9 11.7Edit: Fixed up that MTR output.
-
That MTR output is actually OK. It's normal to see some hops in the route the don't respond to pings or drop packets. The important thing is that there is no loss at thge last few hops. If there was general packet loss in the route everything beyond a bad router would see at least that same level of loss.
That packet capture sure looks like it's just missing traffic though.
-
What can I do?
-
You could try pinging with large packets to determine any MTU restriction in the path. Setting MSS to 1200 should have eliminated that unless it's very restricted.
In the screenshot of the pcap we can see large packets arriving from the pkg servers but none going the other way.
Though the fact that pfSense is continually sending duplicate ACKs seems to imply that it's not seeing the incoming packets from the server even though they are reaching the NIC.
I assume you are not seeing traffic blocked in the firewall log? Do you have custom block rules that might block that without logging?
Do you have more than one WAN? Is it possible traffic is using both?
Something else could be dropping traffic on the WAN like traffic shaping or Snort.
-
@stephenw10
No, one wan.2 locations, same ISP....
Happens same on both locations even if I try to use installer for new install so no snort or whatever..
-
@maverick_slo Are you running WAN IPv4 only or with dualstack (IPv6), too?
I've seen quite a few installs from us with dual stack where especially v6 was slow as hell. Disabling v6 (setting v6 gateway to none to force it to run via v4) was way faster. As sad as that is...
Just an idea.
-
@JeGr nop
No ipv6 at all..Also no firewall rules that would block anything...
-
Are you able to upload that pcap (or one like it) so we can look at it? That looks so catastrophic it should show something where it first fails.
-
@stephenw10
Hi.
Upliaded to your and mine NextcloudHope u see something..
-
Hmm, unfortunately that doesn't include the initial part of the connection where it first fails. Are you able to get a pcap including that? If you just run
pkg updatefor example.Was is that running on? The MAC addresses for pfSense and it's gateway are unusual.
-
@stephenw10
Uploaded: telemach_netgate_PKG_UPDATE.pcapBut it`s just 9KB...
-
@stephenw10 pkg_install_start.pcap uploaded.
It replicates behaviour and I started packet capture before trying to install freeradius package...MAC addresses are Hyper-V, my firewall is virtual machine...
-
Hmm, something weird going on there. The packets are arriving out of order at the WAN. You can see in that pkg_install_start pcap where it first fails at packets 24-26. Packets 24 and 25 are reversed.
Do you have any hardware off-loading enabled?
If there any sort of proxy involved here? Something set in Hyper-V?
Can you test a bare metal install from the same location?
-
@stephenw10
Bare metal same issue.
No proxy at all2 locations, same ISP
- Has Sonicwall firewall
- Has pfsense firewall
So common thing is download from netgate and ISP...
-
Im testing with file on my phone...
http://pfsense-plus-pkg00.atx.netgate.com/beta/packages/pfSense_plus-master_amd64-core/All/pfSense-kernel-debug-pfSense-23.01.b.20230106.0600.pkg
On my isp, slow dl speed on wifi.
I have then 2 sims, 2 different isps...
On both those isps speed is ok.
-
Oh so you still see this even without pfSense involved at all? It must be a problem in the route then. Like something at your ISP routing packets via multiple routes perhaps.
What happens if you route traffic over a VPN to somewhere else so you bypass anything the ISP is doing?
