PFSense with Squid Proxy = Slow speedtest.net Download on Comcast Only
-
We have four offices that each have a pfsense firewall setup (version 2.1.3 amd64) .
Two offices have Comcast for internet connectivity, the other two have Windstream and CenturyLink DSL.
What is strange is that I have every office setup with identical configurations for the basic (stable release) squid package. Using speedtest.net at the offices with Comcast, when bypassing the proxy I can get about 18Mb down and 2.5Mb up (full speed), using the Squid proxy I only get 2.8Mb down and 2.5Mb up.
Now, at the sites using non-Comcast connections, there is only a small hit to upload speed when using the squid proxy.For squid, we are using default configurations, the only alteration I have made was from this guide:
https://doc.pfsense.org/index.php/Squid_Package_Tuning
'Change kern.ipc.nmbclusters="0" to kern.ipc.nmbclusters="32768"'
Thats it. I did try with the default setting 'kern.ipc.nmbclusters="0"' and can see no difference.
I/O errors are 0/0
Perhaps something needs to be tweaked for Comcast? If so I have no idea what would need to change, and thats why I am here.
Every office is running pfSense in a VM on ESXi 5.1. Hardware is same across the board too: Dell 2950 w/3.0ghz, 32GB Ram, 6 x 146GB 15k in RAID 10.
Any help would be much appreciated. Thanks!
-
OK, well now im getting speed tests that are 90% of the time capped at 3Mb then sometimes jump to 18Mb or so. Same thing at both locations. Cant make any sense of it all. Only happening on Comcast internet connections.
-
Hello.
I wonder if both our issues could be somehow connected…
https://forum.pfsense.org/index.php?topic=76564.0
We're not on the same ISP, though.
Do you feel slowlyness on vLAN to vLAN too?
Cheers -
Possibly. There seems to be a hard cap at 3Mb and about 2-2.5 on upload. I dont have vLans setup though, but I too cannot find anything in the logs that would give a clue as to where the restriction is. Its very odd… I am not running the proxy in transparent mode as I have a .pac file that points systems to the proxy. I have tried running in transparent mode by manually setting a client PC to pfsense as the gateway, and the problem goes away. Since I will eventually replace my original firewalls with the pfsense ones, this will be a non-issue soon.