Comcast internet slow after pfsense installed
-
Hello all first time pfsense user im having issues with slow speed. when i have my edge router connected i get close to my advertised speeds of 600MB down 20MB up. speedtest are around 450ish down and 15+ MB ups. I removed the edge router and install the pfsense box which is an old computer being repurposed. The computer has an 10/100/1,000 MBit/s Intel
I219LM on board(WAN) and im using two usb 3.1 to ethernet dongle(LAN, LAN2) that are gigabit. i have tested the dongles with the edge router to a computer and they do get close to the advertised speeds. the two dongles are attached to different LANs( LAN, LAN2) LAN goes to a tp-link switch and LAN2 goes to a Ubiquiti UAP 6 LR. when connected to the PFsense box im getting speeds between 62MB-90MB up and 2MB-10MB upload on both LAN and LAN2. It is a fresh install and pretty much default setup. Any suggestion on what it could be? there are no VPN which is why im trying to get close to my advertised speeds since i want to set up PiA on the box. 
-
I’m just a pc hobbyist and pfsense enthusiast. I’m sure I’ll be corrected if I’m wrong from what I read pfsense likes Intel Nics so that may be your bottleneck? I built my own box in 2018 on an ASRock board with new and old parts from eBay & Amazon finds. I disabled the ASRock onboard Nic and used a pre-owned Intel Quad port Nic. When we had Verizon Fios Gig tier service we had no problems maxing out the connection, here’s an old speedtest over pfsense 2018 speedtest
We ended the Gig promo a few years ago and are now on the Verizon 200/200 tier which they over provision. I setup a vlan for WiFi and IoT stuff. I also own the Unifi6 LR, here’s a speedtest over the Unifi6 LR just before the post.
pfsense shouldn't have any problem maxing out your connection, review your hardware. Good luck!
-
@s762 the onboard NIC is intel so it should be ok. i hear that USB dongles may not be as supported. I'm hoping there may be some optimizations i can do to try and speed it up.
-
@madman3353
It may be more of USB3.1 may not have complete support. -
@madman3353 said in Comcast internet slow after pfsense installed:
i have tested the dongles with the edge router to a computer and they do get close to the advertised speeds.
How exactly did you test that? Not to/from pfSense?
It's probably the USB NICs causing the throttling. I would try an iperf test to/from pfSense directly via one of the USB devices. Unfortunately there is often not a lot you can do to improve the throughput.
That CPU should be capable of far more than 600Mbps.
Steve
-
@stephenw10 i tested the dongle with the edge router by removing the PFsence from the network and using the ubiquity edge router then did the speed test with one of my computers that require the dongle. test were 350mb+
-
Ah, OK. Yeah, pfSense will be using a different driver unless you tested from a FreeBSD client.
USB Ethernet is notoriously unreliable in pfSense/FreeBSD. You just have to be lucky to find an adapter that works well. You can check the boot logs to see what driver it's using. In some cases it may be using the generic cdce(4) driver and it's possible to use the specific hardware driver instead giving performance improvement.Steve
-
@stephenw10 the drivers for the usb are Realtek it looks like.
-
Not much else you can do there then if it's using the correct driver. There are no magic tunables to set.
What does the output ofifconfig -vvvmalook like?
You might try changing the flow control settings.Really though you should just not use USB NICs. One NIC with VLANs will perform better.
Steve
-
@stephenw10 i figured is there a how set up pfsense with one nic? also i have a managed tp-link easysmart switch TL-SG1016DE could i some how set that up to as a trunk port or something? What kind of speed lose will i be looking at if i wanted to do the single port method with two vLans to separate wireless and wired devices?
-
@stephenw10 what would the iperf command be to check the throughput for the WAN to see what its capable of and then to the two lans?
-
Yes, you can setup the one NIC with a to trunk multiple VLANs to that switch then untag them to separate interfaces there. We don't have any specific documentation for that but there are numerous guides in blog posts / youtube etc. It is known as a 'router on a stick' configuration.
In that setup all traffic has to pass across the interface twice to go from LAN to WAN. The NIC can pass 1Gbps in both directions simultaneously so if you have a single 1G UDP stream for example you should see full bandwidth. However most traffic is TCP requiring some reply bandwidth and in this setup any traffic the other way removes available bandwidth. So in reality you don't usually see anything above, say, 800Mbps and often less depending on what traffic you're carrying.
But since your WAN is only 600Mbps that will probably be no problem. You would only hit this with traffic between LAN1 and LAN2.Since you already have all the required hardware, try it and see.
To test with iperf I would install the iperf3 package in pfSense then run the server there and connect to it clients. In iperf3 you can specify which direction to test so you test both ways with the client at the same end.
Steve
-
@stephenw10 I will be trying that. Thank you for taking the time. I will give an update when done.
-
@stephenw10 did the NIC with trunk port life saver thank you stephenw10 life saver. getting 350mb down down on the hardwired clients LAN and 250+ on the WiFi six LAN2
-
Nice. A lot better that 62Mbps. I would still have expected more if you can see close to 600Mbps connected directly. Maybe more to have there.
-
@stephenw10 if i disable the second LAN then i get over 600 down on one LAN when i have them both enabled i get 400-500 on one and 300-400 on LAN2. is there something i can tweek to make it faster or optimize?
-
Ah, probably not then. If all three interfaces are trunked on the same link to the switch that means any traffic at all on LAN2 will reduce the available bandwidth on LAN1/WAN.
Steve
