Excellent speed, except on pfSense itself

Foxi352

I googled and searched the forum a lot. There are many reports of slow speeds BEHIND pfSense box.
But my problem is a bit different. I'm running pfSense for some years now. I have 7 VLAN's and have fantastic speeds everywhere. Except on the pfSense VM itself.

pfSense is running in vmWare ESXi 6.5 and has 7 virtual NIC's in different VLAN's.
WAN is a Draytek VDSL modem (bridge) with pfSense doing the PPPoE part.

Everything runs really smooth and stable. Fantastic speed and full IPv4 and IPv6 on all VLAN's. The only problem i face, and that for years and multiple pfSense versions, is that internet on pfSense itself is very very very slow. I mean really slow. Think of upgrading a package takes 10-15 minutes. Most of the time it even tells me that it can't load the list of packages ...

If i am in bash on pfSense i can't find any problem. DNS is running fine, ping to internet is working, no apparent problem except incredibly slow speed.

Has anyone a pointer to where i can start debugging ? Upgrading a pfSense version takes half a day, if it doesn't abort meanwhile ...

Cheers,

S.

Grimson

Does IPv6 work on the pfSense itself, try to turn on "Prefer IPv4 over IPv6" in System -> Advanced -> Networking and see if it improves the speed.

Foxi352

Oh my god. I can't understand i didn't think of this myself before ... a ping6 www.google.lu indeed showed that ipv6 is not working on the pfSense itself. Your workaround did the trick.

Now comes the next challenge: Why does IPv6 work on all VLAN's except pfSense itself ....

stephenw10

Is it set to prefix delegation only? If it has an IP on the LAN side only it may not be using it. Check the v6 routing table has a default route.

Steve

JKnott

@stephenw10 said in Excellent speed, except on pfSense itself:

Is it set to prefix delegation only? If it has an IP on the LAN side only it may not be using it. Check the v6 routing table has a default route.

On IPv6, the link local address is normally used for routing, not an assigned public address. It's entirely possible it would work without a routeable address on the WAN side.

Here's what mine shows:

Internet6:
Destination Gateway Flags Netif Expire
default fe80::217:10ff:fe9 UGS re0

As long as the OP has something similar, he has a default route.

stephenw10

Indeed I have something very similar to that but I cannot use that as a source address. Obviously, it's link-local.

I would not expect the OP to be using that as source for a pkg update though.

Steve