changed LTE router, now heavy delay, but down/up Speed is fine
-
Hello,
I´m using first a Netgear LTE router and changed now to a Huawei with external Antennas.
I have now the Problem, that sometimes I have a long delay when i try to open websites and sometime I get the error "Website not found".
This must be because of changing the router.I´m using:
2.4.4-RELEASE-p2 (amd64)The router is set to bridge and on WAN side of the pfSense is the public IP.
Which infos did you need?
Thank you!
-
How do you know the problem is pfSense related and not your new Netgear?
-Rico
-
Hello,
no, the new LTE router is the Huawei. Well, correct is the new Huawei Modem
Sure, i try now to identify the problem and maybe (or of course) the new LTE Router ... but how can I check this?
Are there in pfSense any log files, which can show why I get sometimes heavy delays?
-
Sorry, I meant the Huawei.
Can't you just plugin your Laptop to the Huawei and check if the delay follows or not?
Any special in
Status > Gateways
Status > System Logs > System > General
Status > System Logs > System > Gateways
?-Rico
-
Also check to see if the delay is DNS related. Could be the speed is fine but DNS resolution is slow making it feel slow. I would start by using nslookup from your pc against the firewall and against upstream providers and then move on to running dig from your pfSense box.
-
Check to see if it's passing you IPv6.
That can really introduce huge delays if pfSense is passing what it thinks is valid IPv6 info to LAN side clients but there is not actually any connectivity. Perhaps the Huawei support v6 and the Netgear didn't.
Steve
-
did you mean the "IPv6 Configuration Type" on "Interfaces" from pfsense? This was DHCP and I disabled now.
-
Yes, if indeed it was providing IPv6 and the Netgear did not.
-
What addresses would it be providing? If it's not getting a prefix from the ISP, then someone must have configured a global prefix somewhere. However, it's easy enough to see what IP addresses a device has, to see if that is the case.
-
It might be providing a valid v6 prefix. By default LAN will start handing those to clients. But if you don't have a firewall rule on LAN to allow v6 you will see exactly this. Clients will try to use v6 in preference if they have it and will have to timeout before falling back to v4.
Steve
-
The rules are generally used to allow traffic in. I've never seen a rule to allow IPv6 to be used on a LAN. So, then perhaps someone has created a rule they shouldn't have.
-
The default ruleset has an allow rule for IPv6 on LAN.
If that has been removed or disabled but LAN is still handing out v6 IPs to clients this is exactly what you'll see.
I've done it myself and spent time troubleshooting it.
Steve
-
I don't have LAN anything in my rules, yet IPv6 works fine. In addtion to my main LAN, I have a test LAN, a VLAN and OpenVPN, all using IPv6.
-
Well you certainly have some rule passing IPv6 traffic or it would be blocked.
-
I have rules that allow specific destinations, just not the entire LAN.
-
You see this is a rule on the LAN to allow clients to connect out using IPv6 rule right? Nothing to do with LAN as a destination.
-
The word "LAN" appears nowhere in my rules. I do have a * with destination WAN for IPv6.
-
You will probably need to show your rules.
-
Hello,
thank you ... I changed the WAN Interface from static to dhcp, because I get a static IP from my provider. Maybe because of this the gateways are not correct?
Here are some screenshots:
-
-
It looks like it's not pulling a gateway via DHCP. But I assume, since you have redacted it, that is is pulling an IP address?
Is the gateway outside the WAN subnet perhaps?
Steve
-
Wouldn't a bad or no gateway address cause complete failure, rather than just slow?
-
I would think so, yes. But I assumed the change to dhcp might have broken everything.
Though there are 900 states and it appears able to check for updates....
-
Hello,
the gateway by DHCP are ok:
So how could I fix it in "Status/Gateway" ?
-
First thing I would do is restart the dpinger service if you have not already.
Then check the system and gateways log for errors.
Steve
-
Hello,
I already restarted pfSense.
-
I delete the static Gateway and the DHCP Gateway seems ok. The Gateway is not ping able ... so he show "Offline"
-
Ok, then change the gateway monitor target to something external that does respond to ping.
https://docs.netgate.com/pfsense/en/latest/book/routing/gateway-settings.html#monitor-ip
Steve
-
ok, thank you. use 1.1.1.1
Its now showing online
-
Keep in mind that 1.1.1.1's primary goal is harvesting your DNS requests. Not replying on your ICMP requests, so if they (1.1.1.1) decide to stop doing that, for example for bandwidth reasons, your WAN could get marked as offline.
