Slow upload on Android devices (edit: all devices)
-
Are those all the same wireless device? All those entries within the same second?
At the very least you may want to increase the re-keying interval. I have Key Rotation at 3600 and Master Key Regeneration at 7200, though I originally set that because earlier pfSense versions did not separate the wireless logs and it was spamming the system log. It didn't actually affect wifi performance at all.
In my logs I see, for example, this when a device first comes out of standby and connects:Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: pairwise key handshake completed (RSN) Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** RADIUS: starting accounting session 52BEED1F-0000035D Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** IEEE 802.1X: authorizing port Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: received EAPOL-Key frame (4/4 Pairwise) Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: sending 3/4 msg of 4-Way Handshake Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: received EAPOL-Key frame (2/4 Pairwise) Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: sending 1/4 msg of 4-Way Handshake Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** IEEE 802.1X: unauthorizing port Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: start authentication Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** WPA: event 1 notification Mar 16 15:21:41 hostapd: ath0_wlan0: STA 10:bf:48:**:**:** IEEE 802.11: associatedThen nothing until it times out sometime later, usually having gone back into standby. The only other thing that appears is the WPA rekeying at 3600s (1h) intervals.
Your logs show a lot of handshake failing.
Steve
-
That would have been several devices.
I changed the Key Rotation and Master Key Regeneration this morning. I got similar handshake messages to you, once per device, after I looked after changing the key values.
But still it's slow. Like dialup slow or slower for the initial connection. And e.g. it's even slow to connect to pfSense GUI, to the point of timing out frequently. Just viewing system log pages and firewall aliases, not doing any config changes etc. My pfSense is via https, but not on port 443.
Sometimes it's better, like last night it behaved like a "normal" broadband connection should. And then this morning, timing out and slow connections but reasonable, not great download speeds once a connection is made.
I had to leave but will continue to investigate when it goes bad.
-
You have good signal strength? Multiple antennas? Did you set the antenna connector numbers correctly?
Steve
-
Single TP-Link ANT2408C antenna. It's a big one. Good signal strength, devices mostly used in the same room as the antenna. I will check the connector numbers but like I say, signal strength is good and the problem persists.
-
Ah, well definitely check the antenna selection then. I belive the default setting is to use one connector for Tx and the other for Rx. If you have only the Tx antenna connected you may well see great signal strength at the wireless device end but almost nothing being received back. Not sure how that would affect usage. It usually ramps down the connection speed until it sees consistent traffic but if it's seing a huge signal coming in perhaps it keeps trying to move back to a faster rate.
I only have one antenna and setting the Tx and Rx to use the correct connector (and diversity disabled) gave a huge improvement.
Steve
-
Maybe that's it- I thought it was a choice of 1 antenna connected to either jack or 2 if you wanted a 1x1 vs. 2x2 and the Atheros card would auto-config.
So I should connect a second cable and antenna? Easily doable for about $30. I avoided a second cable because it would mean drilling holes in my case, which is short on space anyway. No big deal though.
The antenna is giving me about 46-53dBm on channel 1 (both tx and rx) and 60dBm on channel 2 according to a wifi analyser app.
-
Diversity is gone from 2.1? I couldn't find it.
-
I have an older Atheros wifi card but it's there in the settings for 2.1 on my home box.
Steve
 -
Hmm, it's not there in my GUI. 2.1-RELEASE amd64 build.
-
Hmm, interesting. I'm running 32bit Nano but I wouldn't expect that to make any odds. Perhaps your card doesn't support that setting so the screen doesn't show it. As long as you have tx and rx set the same I can't imagine it makes much difference. Clearly from your test it's important to choose the correct antenna.
Steve
-
One thing I found interesting - despite WEP being disabled, the android wifi analyser app that I installed detects and reports my regular WPA2 network but also detects an unnamed WEP network from the same MAC. I wonder why/how that is being broadcast.
I also wonder what the point is of checking the hide SSSID option when all these wifi analyser tools can see it anyway.
-
Do you have the sysctls:
[2.1-RELEASE][root@pfsense.fire.box]/root(3): sysctl -a|grep antenna dev.ath.0.txantenna: 1 dev.ath.0.rxantenna: 1 [2.1-RELEASE][root@pfsense.fire.box]/root(4): sysctl -a | grep diver dev.ath.0.diversity: 0Steve
-
I guess that means I need to change my rx antenna. I presume that the 0-offset sysctl numbers map to the 1-offset pfSense GUI …
In case it differs between configs (like the missing 'Diversity' setting), my pfSense antenna options for both tx and rx are:
Default
Auto
#1
#2 -
Quick google pointed me to this. A skim read indicates that I should look further into why my pfSense gui values differ from the sysctl values before I go setting things. There are also other values I have that differ from some of the values in that thread, so I will look into those too.
-
I had a look at man ath4 debugging and it pointed me towards an installed pfSense tool athstats. My output is:
I'm not sure what I should expect, but it seems like an awfully high rate of failures for various statistics.
-
This page might offer some suggestions. I'm wondering why as I mentioned earlier, the wifi sniffer app I installed finds an anonymous WEP access point broadcasting from my wifi card. I have WEP disabled in pfSense. I'm using channel 9. No other networks nearby are close. I think 6 and 12 are the closest channels and they are in the next houses. But the network rx graphs show an overlay of my named WPA2 network on channel 9 with the anonymous WEP network on the same channel, essentially mirroring each others' signal strengths. How can I diagnose/find/see/disable this network from pfSense? There is nothing shown by ifconfig. My config.xml files show tags but nothing between.
Here's the output of the wifi sniffer:
The red is my WPA2 network, the blue is the anonymous WEP network the sniffer sees.
-
I installed four other wifi analyser/sniffer apps. All but one detected the hidden WEP network.
I rebooted my pfSense box, hoping there would be some interface to the AR9280 in the bios where I could disable WEP but nothing.
As I said, there is nothing in pfSense's config.xml.
I wish all the wifi sniffers were wrong, but it would be a convenient explanation to my lost and delayed traffic. As you can see from the graph (and all the other graphs from the other tools) the WEP network signal strength is consistently stronger than my WPA2 network so it makes sense that WEP could be interfering.
-
I also have this hangover from when I first started messing around with a Nano build of pfSense. In file /etc/loader.conf.local
autoboot_delay="1"
if_ath_load="YES"
if_ath_pci_load="YES"I suspect none of that is required any more and I doubt it has an effect but you never know.
-
Ooo, interesting stuff. Here's my output from athstats:
[2.1-RELEASE][root@pfsense.fire.box]/root(1): athstats athstats: ath0: Invalid argument athstats: ath0: Invalid argument 44570515 data frames received 23809533 data frames transmit 157053 tx frames with an alternate rate 17847009 long on-chip tx retries 3848293 tx failed 'cuz too many retries 40 stuck beacon conditions 54M current transmit rate 105752 tx stopped 'cuz no xmit buffer 7489 tx failed 'cuz dma buffer allocation failed 131452 tx frames with no ack marked 18653355 tx frames with short preamble 2453819 rx failed 'cuz of bad CRC 1 rx failed 'cuz decryption 18237535 rx failed 'cuz frame too short 118055 rx failed 'cuz of PHY err 2752 transmit override receive 11756 OFDM restart 103547 CCK restart 67353936 beacons transmitted 229918 periodic calibrations -0/+0 TDMA slot adjust (usecs, smoothed) 33 rssi of last ack 20 avg recv rssi -96 rx noise floor 5024844 tx frames through raw api 7489 raw tx failed 'cuz interface/hw down 18 rx failed 'cuz frame too large 51625 cabq frames transmitted 21221 cabq xmit overflowed beacon interval 1 switched default/rx antenna Antenna profile: [1] tx 19961028 rx 44570515Also loads of failures but that's over some time (~80 days) and quite a lot of data. I also see errors in Status: Interfaces:
WIFI1 interface (ath0) Status up MAC address 00:11:f5:**:**:** IPv4 address 192.168.10.1 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::211:f5ff:fe**:****%ath0_wlan0 Media autoselect mode 11g <hostap> Channel 8 SSID ******** BSSID b8:3e:**:**:**:** Rate 54M RSSI 15.0 In/out packets 11078538/18599609 (1.24 GB/21.94 GB) In/out packets (pass) 11078538/18599609 (1.24 GB/21.94 GB) In/out packets (block) 41613/1 (7.23 MB/48 bytes) In/out errors 1497/3638 Collisions 0</hostap>Interesting that my 'antenna profile' lists only [1] out of what I assume is 0,1 or 2 even though I have connector 0 selected.
Edit: Also interesting is my ratio of Tx_retries vs total transmit frames. It looks like I have a very large number of retries which is probably because I'm in an area with many many other wifi networks.
Steve
-
I'd be interested if a wifi sniffer also indicates a WEP being broadcast from your card.
My antenna profile after rebooting still shows TX on [0] and RX on [1], despite my [1], [1] pfSense GUI wifi interface settings.
I emailed Adrian Chadd to ask his opinion. I'm not sure how interested he will be in an 8.3-based OS but he would probably have some insight that's beyond my random guesses.
