How to increase WAN connection speed to match ISP?
-
I guess this is a stupid n00b question, but I'm running into issues getting a pfSense 2.4.4 to recognize an internet service upgrade.
With a laptop direct wired to the cable modem, the speed tests are showing 210-220Mbps download and 18-20Mbps upload.
With pfSense connected to the cable modem and the laptop behind, speed tests drop to 100-110Mbps download and 8-10Mbps upload.
Hardware is a ProtectLI Vault, 4-core 1.9GHz Intel CPU, 8GB of RAM & 120GB SSD , one LAN interface, one WAN interface, both reporting they are connected to 1000baseT full-duplex ethernet.
The previous ISP speed was only around 100Mbps, so this hadn't been an issue before.
Service was upgraded to double the download bandwidth, and then we discovered the discrepancy.
System load, CPU, & memory usage never seem to increase much, even when running speed tests. I've been using pfSense for years, but is there some incredibly basic config option that I'm somehow missing which has to be tuned for higher speeds on the external interface?
I don't think it's a system resources limitation since there's no sign of the hardware being maxed out at any time, either in daily operations or when conducting speed tests.
Will upgrading to version 2.5.1 or 2.6.0 make any difference?
Thanks in advance for ideas & suggestions! -
@penguin8r Do you have any traffic shaper or limiters set? Sometimes people set those while testing something, and forget. :)
What is the CPU usage while downloading? If it's a super slow CPU it might be a limiting factor but that's unlikely.
Upgrading versions is not going to help with speed, though 2.4.4 is pretty old.
-
@steveits
CPU utilization on that box is usually sitting at 2-5%, sometimes more like 5-8% when VPN users are connected. Running speed tests from behind pfSense will cause it to rise briefly to 10-12%, (like for a half second), and then it's right back to idling along at 2%. -
I guess I should add, this is a very basic setup. 1 LAN interface, 1 WAN.
No traffic shaping, no redundant connections or failover setups , very little VPN activity other than a max of 2-3 OpenVPN client sessions at any given time. All speed tests were done with nobody connected to rule that out, just to be safe, just a single laptop on a wired link with other network hardware unplugged from the local side. -
@penguin8r Usually someone finds an old shaper or limiter. Next try changing patch cables, or if you have a switch connect the switch between pfSense and the ISP router. That comes up now and then here, if the two don't talk to each other very well.
You could always try saving a backup of your config, then resetting to defaults, and see if the problem goes away.
What kind of network cards? There used to be many posts complaining about Realtek.
-
@steveits
the driver module loaded for the cards is 'em' , suggesting they're regular Intel interfaces of the 81XXX or 82XXX family.
Definitely no traffic shaping in place, and minimal firewall rules outside of the defaults.
Switching patch cords was one of the first things I tried, but I got the same results with a laptop direct connected to the cable modem on both the old and new cords, likewise with the pfSense hardware plugged in.
I'm not sure what to try next, there's still nothing to suggest it's a hardware performance limitation, and that particular piece of equipment has been running since mid-2019 with absolutely no issues thus far. -
@penguin8r First, you'll need to upgrade. It would be unreasonable to post about your current old system and not expect us to motivate you to upgrade to the current version pfSense 2.6. It's just the responsible thing to do and with all the upgraded features who knows, it might resolve your issue and if not, we have a better slate to reanalyze.
-
Here is a recent speedtest with the hardware described in my sig.
As you can see, pfSense can handle much better than what you're getting. My first guess would be you have some hardware issue.
-
@penguin8r
Go here:
https://www.speedtest.net/apps/cliInstall that, then either ssh in and run it (type speedtest) or go to Diagnostics/Command Prompt and type speedtest in the "execute shell command" box and press enter.
This will test right from pfSense so you can see if it's slowing down on the box itself or going through the box.If you do the Diagnostic route, just wait for it to finish as you won't see the actual test running.
Edit: You'll have to ssh in and run it, I forgot the first time you need to accept the terms of usage.
-
@jarhead It won't let me install or run the CLI speedtest from the pfSense itself.
I think my only option in the short term is to roll the dice on the upgrade to 2.5/2.6, and see if that makes any difference, assuming the upgrade doesn't brick the unit. Or, worst case, just do the new install and re-configure from scratch. I still can't find any evidence that this is a hardware restricted throughput limit, but maybe there's a latent glitch lurking elsewhere.
Thanks everyone for help & suggestions. -
@penguin8r while some people find running speedtest on pfsense directly of some use - and not saying it can not be useful.
But pfsense is not meant to be a server or client - its quite likely that the speedtest running on pfsense might not give you what it can handle as a router/firewall.
Its best to do speedtesting from from a device behind pfsense.
The upload not going up seems odd - you sure you don't have any sort of limiters or shapers setup.. You actually checked? Users quite often forget that they were playing with them at some point while back, etc.
Also - cable modems normally requite a reboot when switching devices. So plugging a laptop or pc directly into the cable modem is a valid test. You should really reboot the cable modem when you change devices (that use a different mac)..
But upgrading/clean install of current is not going to hurt your performance. And being on current allows for more interest in figuring out what might be going wrong as well. A clean install for sure would make sure there is not shapers or limiters that is for sure - especially if you have a basic vanilla setup and don't have to load a previous config for all your firewall rules and packages, etc.
While I don't have your hardware, as mentioned pfsense is more than capable of much higher speeds. I have 500/50 connection and get my full speeds..
Its also not a bad idea to test to multiple different speedtest servers - some don't always give you full numbers, etc.
-
@penguin8r said in How to increase WAN connection speed to match ISP?:
@jarhead It won't let me install or run the CLI speedtest from the pfSense itself.
I think my only option in the short term is to roll the dice on the upgrade to 2.5/2.6, and see if that makes any difference, assuming the upgrade doesn't brick the unit. Or, worst case, just do the new install and re-configure from scratch. I still can't find any evidence that this is a hardware restricted throughput limit, but maybe there's a latent glitch lurking elsewhere.
Thanks everyone for help & suggestions.Are you sure you're trying to install the correct version?
They have links for FreeBSD12 and 13, you need the 12.Scratch that, just noticed you're still using FreeBSD 11.
-
btw the speedtestcli is part of the pfsense repo, if you do a search it comes back with
[22.05-RELEASE][admin@sg4860.local.lan]/: pkg search speedtest py38-speedtest-cli-2.1.3 Command line interface for testing internet bandwidth [22.05-RELEASE][admin@sg4860.local.lan]/:So you should be able to do that on what version your on. Not sure how far back in versions its there, etc. But again being current is good!
-
I believe that's a different application than the official Ookla one. I've never looked too closely into it though.
-
@stephenw10 It is a different one, developed by a forum member if I remember correctly, but it did work fine when I used it. Been a long time but if it's still available, probably worth a try.
-
Yes, it works fine. I use the one from our repo if I ever need to test directly like that.
I would say it seems less reliable at higher speeds. But that could just be subjective.
-
Thanks to everyone for the suggestions, it eventually turned out this was just cable internet provider doing what it does. Customer complains, they turn the speed up for a few days, and it shows a bit over 200Mbps , then over the course of another 2 weeks or so it drops back to under 100Mbps. Customer makes another call, tech shows up, they turn the speed up again for a while and say everything's OK, rinse & repeat. I went ahead and did the upgrade to pfSense 2.6.0-Release to stay current, but both pfSense and the hardware it's on are working perfectly, everything else was typical ISP shenanigans.
