Am I in over my head?
-
Did you take a look see at the manual and how to do things on the device before purchase? Your going to be very disappointed if you think its easier than pfsense that is for damn sure. While it does have a gui - It is multiple steps to just get a single firewall rule in place. You have to create policy, then you have to attach the rule to the policy in the direction you want, etc..
While I can not say anything bad about it at the price point, and it does route and firewall packets at decent speeds.. Its just not simple to configure..
If your a cli guy, you can do things via that - which is a pfsense is limited in. Is that something your looking for? ;)
Good luck with it - let us know when your ready to come back to pfsense ;)
-
Oops, Sorry. Did not intend to troll about a competitor product. I figured that this forum was for the DIY'ers that didn't buy the support. I definitely want to get the pfsense box working, and if for nothing else, to learn.
It is still running here on my bench. I will start reading the manual but everyone here has said that the pfsense should just work pretty much with default setting. Since it doesn't, I'm afraid of wasting time chasing my tail with the possibility that the hardware that I have will never work.
I just wanted something better then the average Best Buy or Walmart router. I would not be able to spend $500 on a Netgate router plus the $400 support just to fool around at home.
I will read the manual. Also. Like I said at the beginning, Anyone who wants to try an make this setup I have work and show me how you did it, I will send you the hardware (you can keep it) I have two of them. Just let me know.
-
@stephenw10 said in Am I in over my head?:
better speed over a VPN
No. Let me clarify; the VPN being switched on and then off again created a weird anomaly with just the Microsoft Windows 10 ISO downloader. It was not reproducible and did not occur with any other test.
-
Why would you have to buy support? Paid support, while sure anyone can get it - is more geared towards the enterprise where something down cost money.. Do you think your going to get a phone number to call with your ER-X at $60 ;)
To play around, why not get the sg1100.. Or the 3100? All in with the price hike its only $400.. Just ordered our 4th one (sitting on desk waiting for setup). We don't have any support on them - being that I have been using pfsense for 10 some years doesn't really have anything to do with it ;) They are not currently used in a mission critical scenario... If went down for a day or so while it would suck.. Not going to hurt the business in any significant way. Kind of like your home setup.. If the pfsense does blow up, just throw any old $20 wifi router on til you can get it up and running again.
Not sure where are you having difficulties... Looks like you tested the hardware and were getting 900mbps... how can you complain at that with that old hardware?
If your seeing 900mbps through pfsense locally - and slowness on internet - I would look to isp what/how your connecting to your internet.. Duplex mismatch, isp throttling new mac? Did you try the mac clone idea?
-
I would still make sure all hardware off-loading is disabled. That's exactly the sort of thing that some Realtek NICs get very wrong!
Steve
-
If I plug my modem directly into my computer, I get my full service speed of 400 Mbps. (actually I get a bit more). If the pfsence box is in between the speed is between 0.03 and 3 Mbps. I can hardly even post to this forum at that rate.
The one anomaly that I found was downloading a game from Steam. which gave me almost 300 Mbps (I think Steam is throttling this because I get that same speed when I tried with a direct connection)
Everything else that I could think to test showed a severely crippled connection data rate. Could not download files or stream video with any acceptable speed (Netflix, Sling, YouTube etc... ) i.e. Yes the file would download (6 hours for an Nvidia driver) and video would play for 5 seconds and buffer for a 1 minute.
-
So your seeing wan connect on pfsense at gig? Your not seeing errors on the interface?
-
@stephenw10 said in Am I in over my head?:
make sure all hardware off-loading is disabled
Oh yes. I tried this many time and it made no difference. I have loaded system defaults about 6 or 7 times trying different suggestions that i have found thorough the manual and searching google for answers.
After trying stuff that i dont even understand (like command line tweaking in system tunables) and not getting results I just load the defaults and try again.
-
@johnpoz said in Am I in over my head?:
So your seeing wan connect on pfsense at gig? Your not seeing errors on the interface?
Not sure I understand but. I got 900 Mbps through the box on the bench with iperf. The dashboard interface status shows 0 errors and 0 collisions.
Does that answer? When the box is connected to my modem is when it goes bad.
Oh, and I just tried this. I put the pfsence box behind my old DD-WRT router and it works fine. (at the limit of that old router which is like 80 Mbps)
-
This should work out of the box.... If out of the box you see 900 mbps natting from wan to lan test with iperf... Why would you think it would be any different sending a few packets back and forth to your isp? That screams bad connection to whatever you wan is..
What connection speed is coming on the wan interface when you plug it into your isp? Your getting a public IP? Or do you have a overlap issue with wan and lan networks?
edit: works fine behind the other router would hint at you have an overlap on networks maybe... Like you first had when you tried to test where you thought you could use /16 and then put a /24 on your lan that is inside the /16 network.
Maybe your dd-wrt is using 192.168.2 vs 192.168.1 like your isp device... You can not have overlapping networks on your wan and lan and expect anything to actually work.
-
My ISP is Spectrum on a cable modem with routing turned off. I get a 72.185.x.x IP address. I can plug that modem into my computer directly and get 400+ Mbps (I have a 400 Mbps plan)
-
Well then look to the connection between being your problem.. If your saying it works fine behind your other router... Just use it as a switch then.. I am guessing the ports or 10/100 on your dd-wrt router, or are they gig?
Turn off dhcp on your dd-wrt and use it as just a dumb switch (just use lan ports).. Or use a different switch between your modem and pfsense.
isp device --- switch --- pfsense wan
Also pretty much any cable modem ever worked with requires a reboot when you change the mac of the device connected to it... I swap out different router, or go from router to pc or pc to router, etc.
-
I kinda understood the /16 being on the same sunbnet and overlap thing. That why I was quick to fix that on my own. But I dont see that scenario happening now. everything is DHCP and the addresses are definitely WAN and LAN.
-
if your public on wan, and 192.168.x on your lan your fine... But maybe there is a connection issue between the devices ports.
If your saying works fine with your other router pfsense behind - then just use its lan ports as dumb switch to connect pfsense to your isp modem. Your just goign to want to turn off dhcp server on it so pfsense doesn't get its address from dd-wrt dhcp.
-
The DD-WRT is 10/100, I rebooted the modem after each different try and even call the tech to have them rest my port.
-
Do you not have a gig switch you can use? If your saying there was no overlap in networks, and works fine behind your other router... Then points to connection issue between your modem and pfsense ports. So put a switch only between... Ie you can just use the lan ports of your dd-wrt router as dumb switch - if you get close to 100 that way... Then get switch... You can get a gig 5/8 port switch for like $20...
There are devices that just don't like talking to each other.. Its rare but have seen it over the years.
device A doesn't like talking to B..
So you put device C (switch) in between that A or B have no problem talking too.
-
I have a dumb 1g switch that I can put in between the modem and pfsence. I'll try that.
I do not want the DD-WRT router or switch in the equation. It is slow and old (10 years I think)
I did have two ISPs in the house up until yesterday. This problem persisted on both, two completely different modems. One was the Motorola ONT (FiOS) and the other is a ARRIS TG1682G (The ARRIS is my current one)
-
Even at 100Mbps it would prove the issue is at the link layer.
You could also try fetching a file from pfSense directly to check if it's WAN or LAN side:
[2.4.4-RELEASE][admin@5100.stevew.lan]/root: fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip /dev/null 100% of 50 MB 4470 kBps 00m11sThough it looks like WAN side since it works behind a different router.
Steve
-
@badfrogg have you considered it might be an MTU issue ? have you tried lowering it?
-
I have achieved success. But... I don't know why.
I had an exact duplicate set of the hardware I was using so, I took that hardware and repeated the same process from scratch. I made a fresh USB stick and installed it to the other board.
The same exact version of pfsence, same exact hardware with the same exact processor and bios.Just as before, I installed it with a serial console (the only things I did in console was say no to VLAN and set re0 to WAN and re1 to LAN)
Then in the browser configuration all I did was set the time zone and password.... And it worked! Everything is routing just fine. I get my full service speed with a ping below 10.
I promise that I did these exact steps on the other setup several times.
