Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    changed LTE router, now heavy delay, but down/up Speed is fine

    Scheduled Pinned Locked Moved General pfSense Questions
    30 Posts 7 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unique24
      last edited by

      Hello,

      I´m using first a Netgear LTE router and changed now to a Huawei with external Antennas.

      I have now the Problem, that sometimes I have a long delay when i try to open websites and sometime I get the error "Website not found".
      This must be because of changing the router.

      I´m using:
      2.4.4-RELEASE-p2 (amd64)

      The router is set to bridge and on WAN side of the pfSense is the public IP.

      Which infos did you need?

      Thank you!

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        How do you know the problem is pfSense related and not your new Netgear?

        -Rico

        1 Reply Last reply Reply Quote 0
        • U
          unique24
          last edited by

          Hello,

          no, the new LTE router is the Huawei. Well, correct is the new Huawei Modem

          Sure, i try now to identify the problem and maybe (or of course) the new LTE Router ... but how can I check this?

          Are there in pfSense any log files, which can show why I get sometimes heavy delays?

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            Sorry, I meant the Huawei.
            Can't you just plugin your Laptop to the Huawei and check if the delay follows or not?
            Any special in
            Status > Gateways
            Status > System Logs > System > General
            Status > System Logs > System > Gateways
            ?

            -Rico

            1 Reply Last reply Reply Quote 1
            • S
              Stewart
              last edited by

              Also check to see if the delay is DNS related. Could be the speed is fine but DNS resolution is slow making it feel slow. I would start by using nslookup from your pc against the firewall and against upstream providers and then move on to running dig from your pfSense box.

              1 Reply Last reply Reply Quote 1
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Check to see if it's passing you IPv6.

                That can really introduce huge delays if pfSense is passing what it thinks is valid IPv6 info to LAN side clients but there is not actually any connectivity. Perhaps the Huawei support v6 and the Netgear didn't.

                Steve

                U 1 Reply Last reply Reply Quote 1
                • U
                  unique24 @stephenw10
                  last edited by unique24

                  @stephenw10

                  did you mean the "IPv6 Configuration Type" on "Interfaces" from pfsense? This was DHCP and I disabled now.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Yes, if indeed it was providing IPv6 and the Netgear did not.

                    JKnottJ 1 Reply Last reply Reply Quote 1
                    • JKnottJ
                      JKnott @stephenw10
                      last edited by

                      @stephenw10

                      What addresses would it be providing? If it's not getting a prefix from the ISP, then someone must have configured a global prefix somewhere. However, it's easy enough to see what IP addresses a device has, to see if that is the case.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by stephenw10

                        It might be providing a valid v6 prefix. By default LAN will start handing those to clients. But if you don't have a firewall rule on LAN to allow v6 you will see exactly this. Clients will try to use v6 in preference if they have it and will have to timeout before falling back to v4.

                        Steve

                        JKnottJ 1 Reply Last reply Reply Quote 1
                        • JKnottJ
                          JKnott @stephenw10
                          last edited by

                          @stephenw10

                          The rules are generally used to allow traffic in. I've never seen a rule to allow IPv6 to be used on a LAN. So, then perhaps someone has created a rule they shouldn't have.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            The default ruleset has an allow rule for IPv6 on LAN.

                            Selection_793.png

                            If that has been removed or disabled but LAN is still handing out v6 IPs to clients this is exactly what you'll see.
                            I've done it myself and spent time troubleshooting it. 🙄

                            Steve

                            JKnottJ 1 Reply Last reply Reply Quote 0
                            • JKnottJ
                              JKnott @stephenw10
                              last edited by

                              @stephenw10

                              I don't have LAN anything in my rules, yet IPv6 works fine. In addtion to my main LAN, I have a test LAN, a VLAN and OpenVPN, all using IPv6.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Well you certainly have some rule passing IPv6 traffic or it would be blocked.

                                JKnottJ 1 Reply Last reply Reply Quote 0
                                • JKnottJ
                                  JKnott @stephenw10
                                  last edited by

                                  @stephenw10

                                  I have rules that allow specific destinations, just not the entire LAN.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    You see this is a rule on the LAN to allow clients to connect out using IPv6 rule right? Nothing to do with LAN as a destination.

                                    JKnottJ 1 Reply Last reply Reply Quote 0
                                    • JKnottJ
                                      JKnott @stephenw10
                                      last edited by

                                      @stephenw10

                                      The word "LAN" appears nowhere in my rules. I do have a * with destination WAN for IPv6.

                                      PfSense running on Qotom mini PC
                                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                      UniFi AC-Lite access point

                                      I haven't lost my mind. It's around here...somewhere...

                                      1 Reply Last reply Reply Quote 0
                                      • DerelictD
                                        Derelict LAYER 8 Netgate
                                        last edited by

                                        You will probably need to show your rules.

                                        Chattanooga, Tennessee, USA
                                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                        1 Reply Last reply Reply Quote 0
                                        • U
                                          unique24
                                          last edited by unique24

                                          Hello,

                                          thank you ... I changed the WAN Interface from static to dhcp, because I get a static IP from my provider. Maybe because of this the gateways are not correct?

                                          Here are some screenshots:
                                          fca1ee7d-c246-48fa-883c-a00901c732c5-image.png
                                          58fe2bca-b206-4774-b6f1-68dd3bc27d05-image.png
                                          e41056d4-8e19-4c81-bb6a-d7ab3cdd06fb-image.png
                                          d3c4259b-3ef5-4a5c-a94d-cba7df10c9bf-image.png

                                          1 Reply Last reply Reply Quote 0
                                          • U
                                            unique24
                                            last edited by

                                            34ecbc68-fc57-42d9-bbfa-21a2d75629ef-image.png
                                            d192eece-477f-486c-b617-b8422320ab8e-image.png

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.