Slow throughput on WAN through PFSense
-
Are you running any packages on your system? Do you see high cpu load when doing the tests?
-
No packages. I see the rdgraph for CPU run up to about 80 at some points but is generally lower. The high CPU could be from changes I'm making in the GUI as well.
Thank you again for your prompt replies!
-
You are welcome but I'm almost out of ideas. Did you try to change the cables already? Some pretty short cables can cause funny issues sometimes.
-
the general internet is VERY slow.
When i looked at that i thought it "might" be the DNS resolving. (i just encoutered something like that).
Are you sure you have ticked the "Allow DNS server list to be overridden by DHCP/PPP on WAN" box on "General Setup".
Can you test if is faster if you enter 208.67.220.220 and 208.67.220.222 as DNS Servers on a Client statically?
-
I don't think its a DNS issue, because it seems to resolve DNS queries fairly quickly. Also, override is set to allow. I just tried abandoning the old hardware in favor of a new machine. The new machine has a Linksys NIC and an integrated Intel? NIC. The same problems persist on the new machine. Completely new hardware. Even have tried bypassing the Cisco switch again, but no luck. Speed tests are running 250ish if they run at all. In Wireshark I'm getting a lot of incorrect checksum errors. Could this be causing the speed issues due to retransmitting packets?
The new machine is a older Dell Optiplex w/ 667mhz processor and 384 RAM. I took out the opt1 NIC just to eliminate some variables.
Update: Moved it to a 933mhz machine with 384 of ram. Fresh install of PFSense.
-
Another update:
I disabled Hardware Checksum Offloading in the System > Advanced page. This seemed to help out quite a bit because I can get speed tests at 6000k sometimes, but most of the time it runs around 500k. When I run it through an elcheapo Linksys router, I can get stable 6000k. The CPU (933mhz) shows around 20% utilization most of the time. Seems like the only time the CPU pegs is when I change something from the GUI. There are no firewall rules except the default pass all.
Thanks again!
-
I would change your NICS out and use genuine Intel NICS.
-
I've tried 3Com, Linksys, and put the LAN on an old Intel NIC, but they all seem about the same. My current config has three Linksys NICs. Is that something that would really kill the bandwidth that much? Also, do you think the problem persists across all three of the vendors I've tried? If it is the NICs it won't be hard to go find a decent NIC on eBay.
-
I would use ALL intel Nics, not mixing and matching. And yes, I would not personally trust linksys NICS under FreeBSD.
-
Are there any other ideas before I pull these NICs and order off ebay? Also, any recommendation for specific NICs from Intel? I'm not looking for huge throughput. Just about 30 (not all on all the time) machines connecting to a 7mbps cable modem and a few VPN clients connecting to a DSL.
-
Intel(R) PRO/1000
-
Does the Intel Pro/100 S give significant gain for IPSec VPN encryption? Also, would it be okay to run one Pro/100 S say for the VPN connection and a couple regular desktop NICs for the LAN and regular WAN?
-
I would use matched NICS, really. And no, the nics will not add throughput to your VPN other than being a cleaner "nic" for FreeBSD.
-
The Server NIC has onboard IPSec encryption offloading.
-
The Server NIC has onboard IPSec encryption offloading.
I don't think that is supported, sorry.
-
I appreciate all of your guy's help. I had heard that the support forum for PFSense is one of its greatest features. I heard right! I'll try a few new cards and report back with the results.
-
I would still check your speed/duplex, try forcing it to 100/full or auto, or even 10/full. It looks like your problem is just that. If not, try and get your hand on some intel cards. We use all netgear NICS in all our setups, with management being onboard/intel and they all work fine for us. We use different Nortel switches with no problems.
-
Forgot about this thread. I put in four Intel cards from ebay and haven't seen a problem since!
Thanks for all of your help!
