Webgui access from WAN is too slow
-
I don't know why. But I can connect to Webgui from Wan after omitting "TSO" option from em0 interface.
ifconfig em0 -tso
-
After omitting tso from em interface I can access to Webgui from Wan but it is still too slow. Some pages like firewall rule page cannot be opened completely.
I tested with pfSense-Full-Update-1.2.1-TESTING-SNAPSHOT-20080724-0426.tgz.Thank you.
-
Try disable checksums in System -> Advanced
-
1. First, I found that the "disable hardware checksum offloading" in system -> advanced deos not work. I did it and rebooted the box but rxcsum, txcsum and tso have not been disappeared from em interface option. I think some code change is needed in pfsense-utils.inc. I can disable hardware checksum offloading with some changes in this file like as```
function enable_hardware_offloading($interface) {
global $g, $config;if(stristr($interface,"lnc"))
return;
if(isset($config['system']['do_not_use_nic_microcode']))
return;if($g['booting']) {
/* translate wan, lan, opt -> real interface if needed */
$int = filter_translate_type_to_real_interface($interface);
if($int <> "") $interface = $int;
$int_family = preg_split("/[0-9]+/", $int);
$options = strtolower(/sbin/ifconfig {$interface} | grep options);
$supported_ints = array('fxp');
if (in_array($int_family, $supported_ints))
mwexec("/sbin/ifconfig {$interface} link0");if($config['system']['disablechecksumoffloading']) {
if(stristr($options, "rxcsum") == true)
mwexec("/sbin/ifconfig {$interface} -rxcsum 2>/dev/null");
if(stristr($options, "tso") == true)
mwexec("/sbin/ifconfig {$interface} -tso 2>/dev/null");
} else {
if(stristr($options, "txcsum") == true)
mwexec("/sbin/ifconfig {$interface} txcsum 2>/dev/null");
if(stristr($options, "rxcsum") == true)
mwexec("/sbin/ifconfig {$interface} rxcsum 2>/dev/null");
if(stristr($options, "polling") == true) {
mwexec("/sbin/ifconfig {$interface} polling 2>/dev/null");
} else {
mwexec("sysctl kern.polling.enable=0");
}
}
}
}2\. After disable hardware checksum offloading, there is no change. The opening webgui pages from Wan is still slower than from Lan. For testing, you can open any firewall rule edit page from Wan and Lan. Then you can see the difference of opening speed. I tested it with em, re and dc NIC. I used pfSense-Full-Update-1.2.1-TESTING-SNAPSHOT-20080724-2313.tgz. Thank you. -
Are you in the same subnet as WAN?
-
Yes, my pc is in the same subnet as Wan.
-
Well with a fix that went in 1.2.1 you will not be able to do that.
Place a router in-between and you can go full speed. -
Ooh, fallout from the reply-to changes. we'll need to accommodate same-subnet traffic differently on each WAN.
-
Same problem here with the snapshot of 31-08-2008 via the LAN all is working fine. But via the WAN it's very slow (almost not working) no traffic shaper issue the traffic shaper is off. Also working with Intel Gigabit Ethernet (onboard on a super micro server). When I connect via a ssh tunnel from a directly attached machine through the WAN it's working just as good as the LAN. Have done some test to make shore that this is not a resolving issue. Know that almost for shore now. Looks like this problem has something to do with MTU of MSS (know my mtu is 1500 from client to the WAN even with the don't fragment bit) somebody knows a solution for this?
Thanks in Advance.
-
yep confirmed its tso thats causing the issue on 1.2.1-RC1 built on Thu Sep 25 11:47:42 EDT 2008
Whats really odd is even though there are pass rules for the packets some are still hitting the default deny when tso is enabled so theres something really quite low level breaking badly. -
The issue reported was not a tso problem but it i fixed it and should not be a problem anymore.
The tso/rxsum/txsum or later offloadings that will come in later 10Gbps drivers even work or don't so there is no middle way with them.
I guess FreeBSD-release 7.1 has some more corrections on this side but for now recommended is that:
if you face problems disable it. -
When is issue is fixed? I've tested last week with the daily snapshot but still have the same problems.
Thanks
-
Hello,
I have the same problem with slowness in accessing webgui @ WAN. I created proxy connection into a server on the same switch as pfsense in order to be able to manage pfsense remotely.
Can we have this issue fixed soon? I applied snapshot on 092708 and still the same problem.
Regards,
TheT
-
Can you please describe the problems you have more throughly.
What type of WAN connection do you have, etc…?
-
Here is my setup:
All ports are Intel Nic: 1gig
ISP <-> Switch / Foundry <-> WAN PFsense (Dell server with 2 intel nics) (LAN) <-> Switch <-> Servers1…N
|
ServerAFrom ServerA I can access Pfsense webgui w/o any problem. The connection at ISP is 1Gig
From a computer at home using comcast and/or att - (DSL) - Connection to web gui at pfsense is very slow and not usable.
Regards,
TheT
-
This seems like a tcp mss problem probably it is at your end unless you have some kind of pppoe/pptp connection on the pfSense at work.
Another test would be to move the gui of pfSense to another port and try. -
Hi, My config is the same as the one of THeT, ISP -> pfsense wan, switch, server. from our office to the wan it's just to slow (more than a minute just to load one page) when I connect to the LAN (via a ssh tunnel from a server on the LAN it's fast as normal.
I've already tried another port for the WAN (from the onboard Intel to a port on the quad GE Intel card. problem just moves to the new port.I was also thinking of some mss issue (see my earlier posts) but not able to figure out what the problem is exactly.
If you like to login to our system for some testing this is fine, it's not in production just in test (because of the slow WAN).
-
I did a ifconfig em0 -tso and everything is working as it should now.
-
Is the WAN interface slowness fixed in the lastest build?