Windstream gig fiber and pfsense

batrams

I have new Windstream gigbit fiber. The optical cable comes into my basement and connects to an Adtran 411 they provided, which has a single ethernet port.

If I connect my Linux destokp to that ethernet port, I get a public IP via DHCP and all is well. Speed tests show around 900M both ways.

If I instead connect my pfsense WAN port to that ethernet port, I do (usually) get an IP via DHCP, but i get horrible packet loss - like 50% or more.

If I connect my pfsense WAN port to my good old spectrum cable modem, all is well. I get abot 500M down and 20M up as expected.

Tried lower MTU but no change. Quite puzzling. Does anyone have suggestions or experience with this?

batrams

I tried swapping the LAN and WAN interfaces in pfsense but it made no difference :(

bmeeks

First suspicion is that the auto-negotiation is failing and your pfSense NIC is defaulting to probably half-duplex operation. What brand of NIC is your pfSense box using as compared to that Linux desktop that works?

Second obvious thing to check, although perhaps you are using the same cable for both the desktop test and pfSense, is that the network cable is good.

However, my bet is on the auto-negotiation perhaps not working correctly with the NIC in the pfSense box.

batrams

Thanks I'll check that when I try again.

Linux box uses motherboard interface:
product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller

pfsense:
'RTL8169 PCI Gigabit Ethernet Controller'

bmeeks

@batrams said in Windstream gig fiber and pfsense:

Thanks I'll check that when I try again.

Linux box uses motherboard interface:
product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller

pfsense:
'RTL8169 PCI Gigabit Ethernet Controller'

Realtek NICs have a bad reputation in FreeBSD (which is the underlying OS that pfSense is based upon). If you have another Ethernet card you could try in the pfSense box, I would suggest giving that a go. Intel is probably the best supported, but even there older technology is best supported in FreeBSD. So the most cutting edge Intel NIC may not be supported well, or even at all.

batrams

I think you were right - I overrode autodetect on my pfsense WAN interface and no more packet loss. Thanks!

bmeeks

@batrams said in Windstream gig fiber and pfsense:

I think you were right - I overrode autodetect on my pfsense WAN interface and no more packet loss. Thanks!

Glad it worked in your case, but generally overriding auto-detect on Gig links is not optimal just so you are aware. If possible, you might want to consider finding an Intel NIC to stick in your firewall. There are several dual-port models available that work.

batrams

Yes I will. If you know of any specific models (old school pci slot) please advise. Thanks again.

bmeeks

The old Intel PRO/1000 dual-port server NIC should work. You would probably have to find one on eBay from a reputable computer recycler/reseller. Watch out for knockoff counterfeits from China, though. If you really must have a PCI interface and can't use PCIe, that's going to narrow the field of choices considerably.

JKnott

@bmeeks said in Windstream gig fiber and pfsense:

Glad it worked in your case, but generally overriding auto-detect on Gig links is not optimal just so you are aware. If possible, you might want to consider finding an Intel NIC to stick in your firewall. There are several dual-port models available that work.

If you do override it, you must do so at both ends of the cable.

batrams

I have no access to the Adtran ONT but what I did has fixed the packet loss. I will replace the interface however.

mdsmoker

@batrams - I'm just starting to play around with pfsense and also recently switched to Windstream with the same ONT. Did you have to change any settings on the WAN interface to get it functioning? My WAN interface seems to get an IP address just fine (set to DHCP), but can't get out to the internet. If I connect the pfsense WAN interface back to the Windstream modem/router, reconnect the ONT to the Windstream WAN interface and reboot, I get internet no problem.

Thanks!

stephenw10

How are you testing?

First try to connect by IP directly from pfSense itself.

So from the command line try to ping 8.8.8.8.

If that fails everything else will too. Check pfSense has a valid gateway.

Steve

mer

Overriding: all depends on how you do it.
If you force a speed/duplex on one end, leave the other end at autoneg, it typically gets the speed correct, but mucks up duplex.

If instead of forcing you leave autoneg but specifically advertise a speed and duplex, if the other side is autoneg it works correctly.

So a 1G NIC can do 10/100/1000 for speed, and full/half for duplex. If you force "1000/full" leaving other side autoneg, you'll wind up with 1000/half.
If you advertise "I only do 1000/full" the autoneg works.