Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense performance

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigbird007
      last edited by bigbird007

      Hi all

      I have noticed that every time when I hit my data cap ( Monthly Limit is 500GB ) navigating though the pfsense GUI becomes really slow.
      An example is logging into pfsense and navigating to DHCP services or Snort or any other service, setting or configuration in pfsense.

      This is not to be confused with the internet being slow ( which of course it would be ).

      This seems really strange to me as i do understand why this would happen.
      It should not matter if i have reached my data allowance or not when navigating through the GUI.
      The speed should be snappy not slow as a snail.

      Is there a reason so why this is happening , has anyone experience this before?

      Edit:
      I have also turned of the modem and tested to see if the GUI is slow and it seems to be fine

      Packages I have installed are as follows:
      Snort
      FreeRADIUS 3
      pfBlockerNG-devel
      Service Watchdog
      openvpn client export

      Running on Intel Atom S1260 @ 2.00GHz
      8GB memory
      AES-NI Crypto is not support

      N GertjanG 2 Replies Last reply Reply Quote 0
      • N
        netblues @bigbird007
        last edited by

        @bigbird007 Please elaborate on what you mean by data cap.

        1 Reply Last reply Reply Quote 0
        • B
          bigbird007
          last edited by

          @netblues I am on a 500GB monthly plan

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @bigbird007
            last edited by Gertjan

            @bigbird007 said in Pfsense performance:

            Is there a reason so why this is happening , has anyone experience this before?

            Most probably related to : when the WAN connection is down, or very slow, DNS requests are also slow. Actually, everything that has "things to to out side of your network" is slow.
            Visiting the GUI does visit out side resources : like package update checks, pfSense update checks and other regular updates.
            Some of these issues have been addressed. Some might somewhat persist.
            There are even some bug report (resolved ?) about this issue.

            edit : https://redmine.pfsense.org/issues/8987 - so 2.4.5-p1 look promesing.

            So :
            @bigbird007 said in Pfsense performance:

            It should not matter if i have reached my data allowance or not when navigating through the GUI.

            True.
            If the main desktop page is loaded purely static info, it would.
            There is an option to disable update checks .... but think twice before you se it : you will not get signaled anymore that ther is an update, you would have to check yourself.

            I guess you see it coming :
            Only admin your pfSense when you have "data" left.
            Or : stop admining when data becomes low.
            Take more data ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            B 1 Reply Last reply Reply Quote 0
            • B
              bigbird007 @Gertjan
              last edited by

              Thanks Gertjan for you response quite helpful.
              I have just increased my data plan :)
              Because my wife and I have been working from home we have only noticed it now as its never been an issue before.

              Hopefully this can be addressed in 2.4.5-p1

              bmeeksB 1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks @bigbird007
                last edited by

                @bigbird007:

                I see where you stated you had Snort installed along with Service Watchdog. Note that Snort is NOT compatible with the Service Watchdog package! If you have Service Watchdog monitoring Snort, you should immediately disable that monitoring.

                Service Watchdog does not understand the inner workings of the Snort package nor does it monitor the correct parameters to see if Snort is running, thus it will foolishly attempt to restart Snort while, for example, Snort is updating rules and attempting a restart of its own. This dual restart attempt can lead to multiple Snort processes running on the same interface.

                Just an FYI to be sure you are aware that Snort and Service Watchdog are not compatible, and the Snort processes should NOT be monitored using Service Watchdog.

                1 Reply Last reply Reply Quote 0
                • B
                  bigbird007
                  last edited by

                  @bmeeks I use Service Watchdog for FreeRADIUS as i have noticed that when my IP address changes and Dynamic DNS updates the IP address FreeRADIUS will shop running.

                  I have not worked out why this is the case

                  bmeeksB GertjanG 2 Replies Last reply Reply Quote 0
                  • bmeeksB
                    bmeeks @bigbird007
                    last edited by bmeeks

                    @bigbird007 said in Pfsense performance:

                    @bmeeks I use Service Watchdog for FreeRADIUS as i have noticed that when my IP address changes and Dynamic DNS updates the IP address FreeRADIUS will shop running.

                    I have not worked out why this is the case

                    No problem then. Only with the Snort and Suricata packages does Service Watchdog cause an issue. FreeRADIUS should be fine.

                    And to be specific in case others see this thread in the future, I mean Service Watchdog specifically configured to monitor Snort or Suricata causes an issue with just those packages. So long as Service Watchdog is not configured to monitor Snort or Suricata, it can be installed and monitor any other compatible packages without a problem.

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @bigbird007
                      last edited by

                      @bigbird007 said in Pfsense performance:

                      i have noticed that when my IP address changes and Dynamic DNS updates the IP address FreeRADIUS will shop running.
                      I have not worked out why this is the case

                      Most packages are restarted when an IP on an interface changes. Because these changes are only picked up by the package, or actually, the services (daemons) that the package proposes.
                      The FreeRadius package has such a daemon. It's perfectly fine that it restarts ones in a while during an interface change.

                      There is no need at all have it monitored by Service Watchdog : if FreeRadius really fails, you have to find and resolve the reason. Simply have it restarted will amply the problem.
                      I never installed the monitored using Service Watchdog, and use the FreeRadius package for years now.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        bigbird007 @Gertjan
                        last edited by

                        @Gertjan I will disable the watchdog service and wait for it to fail, see if I can work it out

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • bmeeksB
                          bmeeks
                          last edited by

                          @Gertjan is correct that when configured to automatically restart a package, Service Watchdog masks potentially severe underlying problems (such as why is the package failing?). Better to monitor a service's state and maybe send out email notifications if the monitored service stops for more than a specified period of time.

                          I have never used Service Watchdog personally, so I don't know if it is capable of "just monitoring and alerting". If so, that would be the preferred use in my opinion.

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @bigbird007
                            last edited by

                            @bigbird007 said in Pfsense performance:

                            wait for it to fail, see if I can work it out

                            Finding the issue is actually easy with the FreeRadius package - process.

                            First : stop the FreeRaduisx instance in the GUI, if it is running.
                            Then, use the console or better SSH access, and enter god-mode : option 8.

                            Type the magic command :

                            radiusd -X
                            

                            A boatload of log line scroll over your screen.
                            After an initial startup phase, thing will calm down on your screen.
                            You can leave this screen open, and have break, day of, some sort of delay.
                            When the process dies, one of the last lines will probably printed in red. That is your issue.
                            The question was : what is the issue.
                            The answer will be : read the red line.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.