J1900 performance

VAMike

@soder fair enough. I'll amend to "my ISP got rid of PPPoE when FTTH was still delivered via 100Mbps ethernet, so it doesn't matter to me". :)

AZCoyote

@stephenw10 said in J1900 performance:

Yeah, that is very location dependent. Here in the UK most soho level connections are DSL with PPPoE. None are Gigabit though so....

Hmmmm, CenturyLink in AZ does FTTH and it’s still PPPoE. So until they get away from that, PfSense would not be the best answer for me? This is my 5 year hardware/software review to find something that will do 1 Gb throughout with IDS/IPS on. I may lean to the UniFi Dream Machine Pro at this rate if I cannot find a solution via PfSense or Sophos.

AndyRH

If the CenturyLink FW is working at 1Gb, could you not just put the pfSense FW behind it? Let CenturyLink do the beloved PPPoE work and let pfSense do the rest.
I have ATT and I have to leave the ATT FW in-place for the connection to work. pfSense behind ATT and I still get better than 980Mbps. ( No IPS on pfSense)

AZCoyote

@andyrh I did a speed test then pulled the CL “firewall” right their tech left. My FW handles PPPOE better than theirs and VPN and so on. Putting it back isn’t an option as A) that CL router with 2.4 WiFi junk is a bottleneck & B) the less ISP hardware the better.

AndyRH

@azcoyote B) Agreed, if I could, I would ditch the ATT HW. A) I turn off the ATT WiFi, from time to time ATT turns it back on.

I hope you find what you are looking for.

stephenw10

pfSense will work fine there, you just need something with better single core performance that a J1900.
To be honest I'm not sure why anyone would buy a J1900 new at this point unless it was very cheap. That discussion has already happened in this thread though.

Steve

AZCoyote

@andyrh said in J1900 performance:

@azcoyote B) Agreed, if I could, I would ditch the ATT HW. A) I turn off the ATT WiFi, from time to time ATT turns it back on.

I hope you find what you are looking for.

Thank you! A) what jerks!

B) does PfSense have a way/plan to address this in the future?

AZCoyote

@stephenw10 said in J1900 performance:

pfSense will work fine there, you just need something with better single core performance that a J1900.
To be honest I'm not sure why anyone would buy a J1900 new at this point unless it was very cheap. That discussion has already happened in this thread though.

Steve

Lol. For sure. My little J1900 was purchased 5 years ago so it’s gotta be time for a move to new hardware. It’s viable as just a simple FW with some basic rules. Buts that is definitely all.

stephenw10

There is:
https://github.com/MonkWho/pfatt

And there are ways to extract the cert from the router so you don't need it at all. I've never seen that on pfSense though. And both are completely unsupported.

Steve

VAMike

@azcoyote said in J1900 performance:

@stephenw10 said in J1900 performance:

pfSense will work fine there, you just need something with better single core performance that a J1900.
To be honest I'm not sure why anyone would buy a J1900 new at this point unless it was very cheap. That discussion has already happened in this thread though.

Steve

Lol. For sure. My little J1900 was purchased 5 years ago so it’s gotta be time for a move to new hardware. It’s viable as just a simple FW with some basic rules. Buts that is definitely all.

it would be fine without pppoe or on linux, but for pfsense you need to throw hardware at it. (or not--the ifr stuff might even work.) since you were planning to buy a unifi, you could spend the same money on beefier hardware. you really just need to decide what you want to use for software.

AZCoyote

@stephenw10 said in J1900 performance:

There is:
https://github.com/MonkWho/pfatt

And there are ways to extract the cert from the router so you don't need it at all. I've never seen that on pfSense though. And both are completely unsupported.

Steve

Oofda. And I thought the VLAN magic I had to find to connect to my CL ONT was a trick. That is quite the process!

AZCoyote

@vamike said in J1900 performance:

@azcoyote said in J1900 performance:

@stephenw10 said in J1900 performance:

pfSense will work fine there, you just need something with better single core performance that a J1900.
To be honest I'm not sure why anyone would buy a J1900 new at this point unless it was very cheap. That discussion has already happened in this thread though.

Steve

Lol. For sure. My little J1900 was purchased 5 years ago so it’s gotta be time for a move to new hardware. It’s viable as just a simple FW with some basic rules. Buts that is definitely all.

it would be fine without pppoe or on linux, but for pfsense you need to throw hardware at it. since you were planning to buy a unifi, you could spend the same money on beefier hardware. you really just need to decide what you want to use for software.

It’s the usual chicken and egg problem. In this case with a side of PPPoE green ham. If I want to go straight from the NIU/ONT to my FW I have to PPPoE so I guess it means I’m borked for going to PfSense for now. But I will either pick great hardware and move over later or just get the UniFi device. Then when the PPPoE issue is resolved I can circle back.

VAMike

@azcoyote said in J1900 performance:

Oofda. And I thought the VLAN magic I had to find to connect to my CL ONT was a trick. That is quite the process!

With verizon internet-only service you plug the ethernet into the cable and run a dhcp client. It's nuts that ISPs are making this so complicated.

stephenw10

@vamike said in J1900 performance:

It's nuts that ISPs are making this so complicated.

Yup. Just crazy that something like pfatt needs to exist in any way.
I guess there are enough people out there who's alternative to AT&T is limited or non-existent.

Steve

4o4rh

@azcoyote said in J1900 performance:

It’s the usual chicken and egg problem.

what problem is that....if you have a chicken, you have eggs. no chicken....no eggs

craig5

Hi. I can confirm the J1900 can perform ok. Mine is a Eglobal Fanless Pfsense Mini PC J1900 had it for 3 years. I'm currently on 1000/50mbps FTTP, PPPOE and speedtest.net gives me around 830/41mbps, however I had to apply some tweeks mentioned in this thread:

https://forum.netgate.com/topic/133704/poor-performance-on-igb-driver/40

However, as some people have said, it is pretty old so I probably would buy something slightly better in 2021.

AZCoyote

@craig5 I have J1900 based super micro board now that will route my fiber 1000/1000 at almost line speed. So they are decent little boxes 5 years ago. Just cannot do real IPS/IDS at that speed. I am looking into a I5 solution next outing.

craig5

@azcoyote Yep can't complain. It probably doesn't need it but I recently whacked a fan on it (plugged into the usb), dropped the temp 20 degrees, it was running pretty warm in my garage:

gstlouis

@jknott
I can confirm, although a little late that it can take a 500meg fibre line with PPPoE. You need to setup dedicated DMZ

https://www.reddit.com/r/bell/comments/xyh46q/bell_3gbps_pfsense_and_pppoe/

stephenw10

Doing that removes the PPPoE though and also adds double NAT. Which isn't a problem for most things but will break, for example, UPnP.

Steve