PfSense very slow with 20 users
-
I'v installed pfSense 2.3.4-Release (amd64) on a HP server with:
- one Intel Xeon 3,10 GHz E31220 (4 cores),
- 8 Go RAM,
- one SATA Hard drive,
- 2 Intel 82574L Gigabit Network cards.
With one or two users, all is working fine.
With 20 users, Internet access are very slow.
If I stop pfSense, modify my network (users go to Internet with router, without pfsense), all is fine for the 20 users.
–------------------------------------
In firewall: all is permitt from LAN to WAN.
Squid is installed (not squidGuard).When 20 users can't surf, I've:
- State table size: 0% (3791/812000)
- MBUF Usage: 1% (5066/506196)
- Temperature: 8.3°C
- Load average: 0.09, 0.05, 0.01
- CPU usage: 4%
- Memory usage: 4% of 8123 MiB
- SWAP usage: 0% of 16383 MiB
- Disk usage (/): 0% of 210 GiB - ufs
- Disk usage (/var/run): 3% of 3.4 MiB - ufs in RAM
Is there anything to modify in System -> Advanced -> System Tunables ?
Thanks for all.
-
Probably not related, but this is very strange :
@boucherle:- Temperature: 8.3°C
I advise you to take a 2 minutes test :
Save your config.
Re install from scratch.
Activate WAN.
See what happens.I advise you not to change anything that isn't strictly needed- knowing that YOU and I have the same pfSense code, it can only be your settings that cripple the throughput.
Btw : You have Squid, but :
Disk usage (/): 0% of 210 GiBso Squid isn't caching at all ??
edit : consider this : this "thing" can throughput a Gig …..
-
The temperature is probably from an invalid tjmax value being used for the CPU, if you are using coretemp at least.
I would not expect any speed issues there with even 10 times that number of users. It seems likely there is something else causing an issue here. Since it appears to be a problem with more users perhaps you have IP conflicts?
Or maybe you have one or two users using all your bandwidth?
Steve
-
I've made a new install:
Configure console: "< Accept these Settings >"
Select Task: "< Quick/Easy Install >"
Are you SURE ?: "< Ok>"
Install Kernel: "< Standard Kernel >"
Reboot: "< Reboot >I'va assigned em0 and em1 interfaces.
I've given an IPv4 address for LAN (the gateway of my 20 users).
I've given an IPv4 address for WAN, and given a address for the gateway (the internal address of my router).That's all.
With one user, the system is working fine.
With 20 users, it's wrong.
I've then when it's not working good:
- State table size: 1% (5107/812000)
- MBUF Usage: 1% (5107/506196)
- Temperature: 8.3°C ?!?
- Load average: 0.03, 0.06, 0.02
- CPU usage: 0%
- Memory usage: 2% of 8123 MiB
- SWAP usage: 0% of 16383 MiB
- Disk usage (/): 0% of 210 GiB - ufs
- Disk usage (/var/run): 3% of 3.4 MiB - ufs in RAM
Without pfSense, all is fine…
Thanks for all.
-
yeah sounds like possibly a bandwidth problem - maybe try installing bandwidthD to check that out?
It depends on what you're switching to other than pfSense that's solving the problem. If it's a bandwidth problem and you're switching over to something like a cerowrt router with traffic shaping enabled, that would solve the problem. You can shape on pfSense as well in several different ways if bandwidth is indeed the problem.
-
I think we will need to better define 'wrong' here. What exactly happens that is a problem?
If could be your other router is doing some bandwidth sharing/limiting.
Steve
-
With 20 users, surf in Internet is very slow (no surf in fact for 20 users). No problems with 1 user. No problem with 20 users if I connect LAN direct to the routeur, without using pfsense.
For: bandwidthd: I'm very sorry : "bandwidthd has nothing to graph".
I've set:
- BandwidthD Interface: WAN
- Subnet(s) for Statistics Collection: LAN and WAN.
I'm sorry.
-
bandwidthd has shown sometings.
I test with my 20 users.
-
No. I don't see anyting.
My WAN card had (Gigabit card) received 2.3 Mb/s, and my routeur is able to receive 20 Mb/s.
I've an other UC, which is the same, and have Active Directory. When users download files from this server, it's very slow. Prehaps these UC have problems in NIC, or in hard disks.
We'll try to find an other UC, install pfsense, and make new tests with this different UC.
Sorry for all.
Thanks for all.
-
A 2.3Mbps link could easily be saturated with 20 users.
I think if you use traffic shaping your problem will be solved.
HFSC if you are familiar with it will do the trick.
Limiters might do it on a normal setup.
-
Seems like this could also be some speed/duplex mismatch. Check Status > Interfaces for errors/collisions.
Steve
-
I've given an IPv4 address for WAN, and given a address for the gateway (the internal address of my router).
That's all.
What about private networks getting blocked?
