Pfsense Struggling big time.
-
@KOM:
if I remove pfsense and just use a router I don't have the problems.
This information would have been nice to know much earlier in this thread. While I can't speak for your other router, you need to find the source of your issue. You said your link is 350/100? When you are having these issues, how saturated is your pipe? Is it mainly download traffic or are you mainly seeding? How full is your state table? Anything in your System log? What happens if you turn off Snort and pfBlockerNG which are two notoriously heavy packages?
Sorry yea I should of said that at the start.
The main leeching seeding is done on my other server (which is not on this network)saturated pipe? sorry no idea what that means.
State table? no clue ill see if I can find something on pfsense for that ( from what I can see is there is lots if its (Diagnostics-States-States)
snort and pfblocker off deleted clean isntall still do the same.
I can;t seem to find where the logs are ill look -
I was about to create a thread but luckily found this thread.
I am facing this same issue. Someone help me please. -
saturated pipe?
That's another way of saying you're using all of your bandwidth.
The main leeching seeding is done on my other server (which is not on this network)
Is it using pfSense as its gateway?
State table? no clue ill see if I can find something on pfsense
Look on the dashboard for the System Information widget which has a section titled State table size.
I can;t seem to find where the logs are ill look
Status - System logs.
-
I dunno why you are looking north when the problem is south.
Bandwidth Saturation is common in every installation, not unique to pFsense, and on your first post u disclose starting this deluge thing on the media PC does it, so THAT is your problem.
When an App takes up all available bandwidth, the network is not smart enough, by default, to say, hold it, I got other clients to service so u can't have the whole "pipe." Fortunately you have the power to change this. Pfsense solution is: TRAFFIC SHAPER.
-
Bandwidth Saturation is common in every installation, not unique to pFsense
He said that the problem goes away if he swaps out pfSense for a consumer-grade router.
-
That's another way of saying you're using all of your bandwidth.
Not really thought I would says its alot of connections if that means anything
Is it using pfSense as its gateway?
No its not even in my house.
Look on the dashboard for the System Information widget which has a section titled State table size.
1% (3423/401000) with deluge off
5% (21722/401000) with it onStatus - System logs.
I see this every few lines
Apr 5 10:22:09 check_reload_status updating dyndns WAN_DHCP
Apr 5 10:22:09 check_reload_status Restarting ipsec tunnels
Apr 5 10:22:09 check_reload_status Restarting OpenVPN tunnels/interfaces
Apr 5 10:22:09 check_reload_status Reloading filter
Apr 5 10:25:24 rc.gateway_alarm 20213 >>> Gateway alarm: WAN_DHCP (Addr:81.107.216.1 Alarm:1 RTT:87812ms RTTsd:49587ms Loss:21%)He said that the problem goes away if he swaps out pfSense for a consumer-grade router.
Well its better other computers don't drop but do run slow
-
It's possible the consumer grade router is so limited that it is unable to saturate the internet connection or a limited number of states.
I actually had the inverse issue. I went from a 60/3 cable connection to a 50/50 dedicated fiber connection and when downloading torrents, I found that my Netgear suddenly started to puke. I had to limit the number of connections my torrent client could make to keep it from dying. But prior to fiber, I could use torrent just fine.
-
It's possible the consumer grade router is so limited that it is unable to saturate the internet connection or a limited number of states.
I actually had the inverse issue. I went from a 60/3 cable connection to a 50/50 dedicated fiber connection and when downloading torrents, I found that my Netgear suddenly started to puke. I had to limit the number of connections my torrent client could make to keep it from dying. But prior to fiber, I could use torrent just fine.
Seems to be the other way around for me pal.
-
Apr 5 10:25:24 rc.gateway_alarm 20213 >>> Gateway alarm: WAN_DHCP (Addr:81.107.216.1 Alarm:1 RTT:87812ms RTTsd:49587ms Loss:21%)
This isn't good. pfSense gateway quality detection thinks your WAN is really flaky. What does it say under Status - Gateways?
-
@KOM:
Apr 5 10:25:24 rc.gateway_alarm 20213 >>> Gateway alarm: WAN_DHCP (Addr:81.107.216.1 Alarm:1 RTT:87812ms RTTsd:49587ms Loss:21%)
This isn't good. pfSense gateway quality detection thinks your WAN is really flaky. What does it say under Status - Gateways?
WAN_DHCP 81.107* 81.107* 12.19ms 4.111ms 0.0% Online Interface WAN_DHCP Gateway
WAN_DHCP6 fe80::201:5cff:fe80:1447 Pending Pending Pending Pending Interface WAN_DHCP6 Gateway
with deluge offOn
WAN_DHCP 81.107.* 81.107* 598.681ms 216.247ms 38% Offline Interface WAN_DHCP Gateway
WAN_DHCP6 fe80::201:5cff:fe80:1447 Pending Pending Pending Pending Interface WAN_DHCP6 Gateway -
Try going to System - Routing - Gateways. Edit your gateway and check the Disable Gateway Monitoring checkbox and try again. It seems that your torrent app is filling your pipe to the point that the upstream monitor thinks your link is dying.
-
@KOM:
Try going to System - Routing - Gateways. Edit your gateway and check the Disable Gateway Monitoring checkbox and try again. It seems that your torrent app is filling your pipe to the point that the upstream monitor thinks your link is dying.
Seems to be the same Kom. Thanks again for the help.
-
Hmmm, crapping out under heavy traffic. What hardware is pfsense installed on?
I'm betting there's a Realtek NIC in there.
-
Hmmm, crapping out under heavy traffic. What hardware is pfsense installed on?
I'm betting there's a Realtek NIC in there.
Smoothwall SWG700 I think its called
-
@KOM:
This isn't good. pfSense gateway quality detection thinks your WAN is really flaky. What does it say under Status - Gateways?
Flaky or stuffed to the gill.
-
While we may never get to the bottom of your actual issue, you would still be best served by some traffic shaping so that your torrent traffic doesn't hog all your bandwidth.
-
@KOM:
While we may never get to the bottom of your actual issue, you would still be best served by some traffic shaping so that your torrent traffic doesn't hog all your bandwidth.
Thanks is there some kind of guide on how you do this which you know of KOM
-
Traffic shaping is probably THE hardest element of pfSense to figure out. Try:
https://www.youtube.com/watch?v=it_5xvC28vs
https://www.youtube.com/watch?v=rF46PNid1Mo
-
@KOM:
Traffic shaping is probably THE hardest element of pfSense to figure out. Try:
https://www.youtube.com/watch?v=it_5xvC28vs
https://www.youtube.com/watch?v=rF46PNid1Mo
and this Darkvodka34 https://forum.pfsense.org/index.php?topic=126637.0 for general discussion, and this for message highlighting what to do.
-
@Darkvodka34:
Thanks is there some kind of guide on how you do this which you know of KOM
I suggest save your conf, then turn on Traffic Shaper and see what it does, always can revert back by restoring conf.
If you use the Traffic Shaper's Wizard, it guides you through pages, and on the second page I believe, it presents you with common scenarios you want to deal with and one of them is ta-da, peer-to-peer protocol, u can simply ENABLE it and give it LOW Priority and see what happens.
In Cisco-land, Traffic Shaper is called Priority Queuing, which is a term simpler to understand what it's doing underneath.
In Traffic Shaper, a service sits on the WAN port controlling the uploads. a second service sits on the LAN port controlling the downloads.
The gists of it is, rather than letting traffic pass though these ports as they come, the TS services hold the packets on queues (or buffer if u prefer), each queue has a priority label, another service takes the packets from the queues and shoot them out the interface. The highest priority queue gets serviced more often than the lower queues. Think of a traffic cop sitting at a intersection and letting go of the commuter lane for 1 minute, while let go of the next passenger lane only for 15 seconds. This way the packets flow is controlled, giving a chance for everybody to go through, eventually.
Well there is more to it, if you really get into it, but last paragraph is the gist and I hope easy to understand.
Bottom line is, without flow control, an app, in this case peer-to-peer often takes over and everybody else get stuck/freeze.
Don't know why your consumer grade box works, it could be just a coincidence. There is the possibility that it came with QOS (another Traffic Shaper term) turned on. Lots of consumer boxes these days come with a variety versions of QOS, in part to deal with VOIP.