• I've been looking for a while now for a solution, but haven't found a thing...

    When I use the modem provided from my provider, pfsense connected to that network by the WAN port (DHCP) I reach speeds arround 50Mbs.
    However when I set the WAN as PPPoE, I only get a speed of 8Mbs.

    Is there a solution to this problem?


  • @Lieven said in Speed issues PPPoE:

    Is there a solution to this problem?

    PPPoE is preferred by ISPs (in many more places) for identification and parameterization.
    PPPoE is a tunnel protocol...

    It is always slower than an identical Dynamic IP (DHCP), IPoE, fixed IP solution.

    Oddly enough, the big difference is 50/8 this is not typical

    Does your ISP have any diferrent settings (bandwidth) for PPPoE connection and DHCP?

    You may want to try connecting directly to your ISP device with a laptop or other option and measure the speed for PPPoE and DHCP.

    +++edit:

    otherwise in front of the firewall I would avoid PPPoE especially, if you have DHCP capability.
    PPPoE only complicates your life


  • @DaddyGo

    ????

    In my experience your choices are either DHCP or PPPoE depending on the provider and you can't just pick one. PPPoE adds an 8 byte header, resulting in the 1492 MTU. Those 8 bytes should cause only a slight decrease in throughput. PPPoE is generally used with ADSL and DHCP with cable. With ADSL, you're much more likely to see a decrease due to the line quality and distance.


  • @JKnott said in Speed issues PPPoE:

    In my experience your choices are either DHCP or PPPoE depending on the provider

    It was not me who wrote that I had both methods, this was written by OP ๐Ÿ˜‰

    Strange to me too.

    Btw: It is not generalizable to be ADSL + PPPoE, but they can actually be connected.

    We have now terminated the PPPoE connection of one of our GPON subscriptions because there were constant problems with Snort.

    Now the same optical fiber (GPON) is running on a fixed IP and Snort is satisfied, no tunnel protocol.

    Indeed the speed reduction, as I have written, should not be significant. PPPoE vs. Dynamic IP, but exists especially at high loads.

    Not to the same extent as for OP.

    Currently, PPPoE and fixed IP are still available on our GPON connection

    the figure shows that we get the maximum out of 1000/400 with the fixed IP, but with PPPoE the reach is slower than by 6-8%.

    Nearly 50 IceCast2 servers with 2,000 to 2,500 listeners run daily on this connection.


  • @DaddyGo

    If you're seeing a problem with PPPoE, it's elsewhere, not with the protocol, as it takes only 8 bytes from the frame. As for GPON, if it comes from a phone company, it will likely use PPPoE, as they use on ADSL. If DHCP, then it's likely a cable TV company, as they generally use. You can get static from either.

    BTW, I have set up many business customers over ADSL, SDSL, cable and fibre, with static or dynamic addresses. I have even set up some with PPP over fractional T1, through a CSU.


  • @JKnott said in Speed issues PPPoE:

    If you're seeing a problem with PPPoE,

    You know, the joke is that in this area we are the ISP and cable TV and FM URH radio broadcast service provider.

    Only another department is dealing with it GPON / DOCSIS systems.
    We have not used ADSL / VDSL for a thousand million years.

    I am well acquainted with the PPPoE protocol and "I am in the picture", but thanks for the ongoing clarification and confirmation...๐Ÿ˜‰ (MTU, etc.)

    btw:
    In the EU, very serious investments have been made in broadband internet infrastructure, so most Member States have optics and DOCSIS.

    You can check **ASN 59869 that is the block of our Hungarian company.
    (although I work in the Western European division)

    +++edit:

    yeah, what I forgot to repeat, weโ€™re not talking about a significant difference...

    and under a very serious load - under the same conditions (GPON) - only protocols differ

    as:
    50 pcs. IceCast2 stream with 320 mp3 CBR - 2000 - 2500 user

  • Netgate Administrator

    I think what the OP is saying here is that they get full 50Mbps if they allow the ISP provided device to do the PPPoE and connect to that from pfSense with DHCP.

    I would expect to get the same speed using PPPoE directly from pfSense assuming the correct parameters are used.

    Some ISPs will allow you to connect but at a much reduced rate if you do have the correct VLAN or priority set. Or the correct login even.

    Steve


  • @DaddyGo

    Maybe I was not clear enough in my description.

    When I connect Pfsense by PPPoE, I get slow speeds.
    When I set the WAN interface to DHCP, I get an IP from the modem of my provider. On its local network. The modem itself connects also by PPPoE.

    The reason I want to use PPPoE is because on the modem I adjust certain settings to be able to remotely access my network.


  • @stephenw10
    Yes Stephen, that's exactly my problem.

    @stephenw10 said in Speed issues PPPoE:

    I would expect to get the same speed using PPPoE directly from pfSense assuming the correct parameters are used.

    Some ISPs will allow you to connect but at a much reduced rate if you do have the correct VLAN or priority set. Or the correct login even.

    So you think that maby not all parameters are set correctly then? I must say I didn't think about the VLAN and priority settings. But also have no idea at the moment where to set these in pfSense.
    I'll see what I can do about that this evening.


  • @Lieven

    Now it is clear... THX


  • @Lieven said in Speed issues PPPoE:

    When I set the WAN interface to DHCP, I get an IP from the modem of my provider. On its local network. The modem itself connects also by PPPoE.

    You don't use PPPoE on the LAN side of the modem. That's only used from the modem back to the ISP. Years ago, you'd configure computers for PPPoE, as the modem didn't do it. If you're using it on a modem that's already using it, it's no wonder you're having problems.


  • @JKnott I understand.

    But... The modem is configured as passthrough. So theoretically it should be the same connecting straight to the ISP. (right?)

    Also, everything works, I get an IP, having internet,... But only slower speed.

    The other problem is that on my pfSense, I do not have an RJ11 connection. (connection to ISP) So connecting it to the ISP without the modem is not possible.
    Also I still need the modem for my TV, so I cannot eliminate it completely...


  • @Lieven said in Speed issues PPPoE:

    The other problem is that on my pfSense, I do not have an RJ11 connection. (connection to ISP)

    Because there is no ADSL modem built into pfSense
    The RJ11 connector standard is POTS or ISDN 2 wire or 4 wire

    So this is a separate theme...


  • @DaddyGo said in Speed issues PPPoE:

    Because there is no ADSL modem built into pfSense
    The RJ11 connector standard is POTS or ISDN 2 wire or 4 wire

    I agree, so I still need the modem...
    But how can I find out what's slowing down my connection?
    This evening I will settup the same PPPoE connection from my PC. If it is also slow, then the modem is the cause. If it's high speed, it's pfSense...
    (Why didn't I think about this sooner...?)


  • @Lieven
    (Why didn't I think about this sooner...?)

    if you look, I have already suggested this above...๐Ÿ˜‰

    "You may want to try connecting directly to your ISP device with a laptop or other option and measure the speed for PPPoE and DHCP."


  • @DaddyGo said in Speed issues PPPoE:

    @Lieven
    (Why didn't I think about this sooner...?)

    if you look, I have already suggested this above...๐Ÿ˜‰

    "You may want to try connecting directly to your ISP device with a laptop or other option and measure the speed for PPPoE and DHCP."

    Yeah, for some reason I did't connect the correct dots in my head... Maybe to busy with working...? ๐Ÿค”
    I'll try this evening!!


  • @Lieven said in Speed issues PPPoE:

    So theoretically it should be the same connecting straight to the ISP. (right?)

    Not necessarily. I have set up ADSL modems in pass through, but they still did PPPoE back to the ISP. It's been many, many years since the last time I had to configure PPPoE on a computer. If you get a working Internet connection when using DHCP on the LAN side, you can be certain the modem is already using PPPoE. Your performance issue is proof of that.

  • Netgate Administrator

    PPPoE WAN connections in pfSense are very common. Both of mine are that. Both are connected to an upstream DSL modem in pass-through mode.

    However modems configured like that may or may not apply the required VLAN settings. In my case here in the UK most DSL providers require VLAN 101 and the modems do that by default so pfSense just uses PPPoE untagged.

    Yes, try connecting a laptop to the modem directly and establishing a PPPoE session form there. If you still get limited speed then you are probably missing some connection parameter. Who is your ISP.

    Steve


  • @stephenw10
    I tried following setups:

    1. modem connects to ISP by PPPoE and pfSense to modem by DHCP/fixed IP = 50Mbps
    2. modem connects to ISP by PPPoE and PC to modem by DHCP/fixed IP = 50Mbps
    3. PC connects to ISP by PPPoE (physically with modem in between) = 50Mbps
    4. pfSense connects to ISP by PPPoE (physically with modem in between) = 16Mbps

    So it is only with pfSense in combination with PPPoE that I experience slow speeds.

    I'm located in Belgium
    ISP is Proximus

  • Netgate Administrator

    Hmm, that's fun!

    Is it actually linked to the modem correctly? What does ifconfig -a show about the PPPoE parent interface when it's connected?
    It could be something simple like a bad cable.
    Try putting a switch in between the modem and pfSense as a test if you can.

    Steve

  • LAYER 8

    funny indeed,
    I have pppoe on my pfsense, connected to an upstream DSL modem in pass-through mode.
    In my case here in Italy, we have vpi 8 vci 35 vlan none, so I have PPPoE untagged.
    speed is 70Mbps with or without pfsense
    found this on a search idk if it apply to you.
    https://www.reddit.com/r/belgium/comments/9pj6sd/diy_vdsl2_modem_with_proximus_xdsl_network/

    but again in other discussions I recall that something similar was caused if the correct vlan was not used

  • Netgate Administrator

    Mmm, if the modem in question was not playing nicely then, sure I could believe it. But here we have the same modem that gives correct speeds when establishing the PPP directly from a PC. Windows?
    It could still be a bad link 16Mbps is about what you might get if the modem is linked at 100Mb half duplex.

    Steve


  • @stephenw10

    Is it actually linked to the modem correctly? What does ifconfig -a show about the PPPoE parent interface when it's connected?

    re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    	ether 00:30:18:xx:xx:xx
    	hwaddr 00:30:18:xx:xx:xx
    	inet6 fe80::230:18xx:xxxx:xxxx%re1 prefixlen 64 scopeid 0x2
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect (100baseTX <full-duplex>)
    	status: active
    

    It could still be a bad link 16Mbps is about what you might get if the modem is linked at 100Mb half duplex.

    So it looks like the connection is OK? There is full-duplex on the interface.

    It could be something simple like a bad cable.

    I tried with the same cable from the laptop test. No change.

    Try putting a switch in between the modem and pfSense as a test if you can.

    something for this evening

    @kiokoman

    but again in other discussions I recall that something similar was caused if the correct vlan was not used

    I already tried to use vlan10 on the pfSense WAN, but then the connection failed. (Don't know if I set it correctly, never done it before)

  • Netgate Administrator

    If it worked from a laptop directly and got full speed then you can assume the modem is applying any VLAN tags required.
    Was that a Windows laptop?

    Steve


  • Yes -> Windows 10 Pro v1903


  • @Lieven, I think that has to do with manufacturing id, some are whitelisted and others not.ย 
    I suggest not to use ISPโ€™s modem/router as they can sniff, remote and manipulate. Even if you bought those modem/router, it is still property of ISP and if something happens, you can not sue them.


  • @AKEGEC said in Speed issues PPPoE:

    Even if you bought those modem/router, it is still property of ISP and if something happens, you can not sue them.

    On the other hand, they can't blame your equipment if there are problems. I ran into that with my ISP, because I run pfsense. Also, if you bought it, it is not their property, though they may have access to it.


  • @JKnott said in Speed issues PPPoE:

    On the other hand, they can't blame your equipment if there are problems. I ran into that with my ISP, because I run pfsense. Also, if you bought it, it is not their property, though they may have access to it.

    Well you may think like that but the truth is still their property. These corporations want to adapt the government system, you pay for borrowing their property like your passport.


  • If you have PPPoE then your MTU is not 1500. It is as said 1492. So then you have to use a fixed MSS (in the WAN config) of 1452.

  • Netgate Administrator

    If the PPPoE session is assigned as an interface it should be MTU 1492 anyway since we can see the parent re1 interface is 1500 (as you'd expect).

    You could try assigning re1 and spoofing the MAC address just to see if they have somehow flagged that.

    Steve


  • Well guys, thanks for the help!!
    But at the moment none of the ideas works.

    I found a dirty solution now...
    I use re1 as PPPoE Connection. So I can connect to it with everything I want.
    And I used re2 as an DHCP connection to the modem for the high speed.

    But since I want to know why this is happening I will continue to test the ideas ๐Ÿ˜‰
    So here I go:

    @Rob-Vercouteren

    If you have PPPoE then your MTU is not 1500. It is as said 1492. So then you have to use a fixed MSS (in the WAN config) of 1452.

    I set these values, but still slow speed.

    @stephenw10

    Try putting a switch in between the modem and pfSense as a test if you can.

    I tried this, but no effect.

    You could try assigning re1 and spoofing the MAC address just to see if they have somehow flagged that.

    What MAC address whould I use then? I tried one with the first 6 bytes the same as the one from the modem, but that results in a connectionloss.
    When I used the original MAC-address as spoofed address, also no connection... So it looks like spoofing MAC-addresses is detected and not allowed (?).

  • Netgate Administrator

    I would try the MAC from your laptop since you know that worked.

    It would be unusual to see the MAC being an issue on a PPPoE connection though.

    Steve


  • @Lieven i've re read the topic; my statement is not true.
    If you have a modem in front of your pfsense box on the WAN side; the MTU is default 1500.
    Do you get a public ip on the WAN interface via PPPOE (on your pfsense box)? and to the DHCP interface?

  • Netgate Administrator

    Yes the Ethernet link to the modem should still be 1500B but the assigned PPPoE connection will be 1492B.


  • @Rob-Vercouteren

    Do you get a public ip on the WAN interface via PPPOE (on your pfsense box)? and to the DHCP interface?

    The WAN interface with PPPoE gets a public IP.
    The WAN interface with DHCP gets a local IP address from the modem.

    So even with PPPoE connection I set the MTU to 1500? (or as default)

  • Netgate Administrator

    You should leave it as default when you have the WAN set as PPPoE and that should then show as 1492.

    If you run ifconfig -a at the command line you should see the pppoe0 connection as 1492 and the interface it is running on, connected to the modem, at 1500 still.

    Steve


  • @stephenw10
    you are correct ! ๐Ÿ™‚

    pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
    	inet x.x.x.x --> y.y.y.y netmask 0xffffffff
    	inet6 x:x:x:x:x:x%pppoe0 prefixlen 64 scopeid 0xa
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    
    re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    	ether 00:30:18:xx:xx:xx
    	hwaddr 00:30:18:xx:xx:xx
    	inet6 x:x:x:x:x:x%re2 prefixlen 64 scopeid 0x3
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect (100baseTX <full-duplex>)
    	status: active
    
  • Netgate Administrator

    Mmm, that all looks as expected then.

    We are left with the modem doing something else in the PPPoE connection when it handles that. Or some MAC limitation which seems unlikely.

    However the Windows PPPoE client also gets full speed so that must be matching it too, whatever 'it' is.

    I might be tempted to pcap the PPPoE connection with something to see what it's actually doing.

    You might be able to see something in the ppp lohs in pfSense when it connects. The server asking for something the client is not sending.

    Steve


  • @stephenw10 said in Speed issues PPPoE:

    I would try the MAC from your laptop since you know that worked.

    It would be unusual to see the MAC being an issue on a PPPoE connection though.

    Steve

    @Steve, It did work in the past. I used a non whitelisted modem with a random mac address for almost a year and I got a good and stable speed. Then the ISP caught me, they lowered my speed about 10% of the capacity. I think they have some kind of gatekeeper, only the whitelisted manufacturer would get pass.

  • Netgate Administrator

    Urgh, well that sucks. But as I understand it the OP here is still using the ISPs modem so it shouldn't apply.

    Steve