Settings for the most responsive browsing?
-
I feel like web browsing is kind of laggy (and always has been) despite having really fast connection, so I was wondering if there were some universally applicable tips what to change in pfSense's settings to make everything a little more responsive.
Basically what happens is I click a link in bookmarks, and it can take up to two seconds before the page starts loading. I think most of that delay consists of the browser showing any or all of the "waiting for, looked up, looking up" or whatever messages in the status bar.I should also mention that our house is connected via wifi, but it should be pretty stable and I don't think it's the root of the problem: our ISP has recently upgraded the AP to some GiFi technology that's supposedly almost impossible to interrupt (no idea what is the correct word, basically interference like I had when we had 5GHz AP).
When it comes to pfSense, I don't really know what I'm doing, because I have borderline zero networking knowledge and I set it up according to various guides I could google up over two years ago and forgot even the little I learned during the process.
Oh and I am running it virtualized, btw.If what I'm asking has any solution (I am aware I am asking an extremely vague question and pfSense has a gazzilion settings), I can provide screenshots, the entire thing's config, and answer any questions the best I can.
-
@octopuss said in Settings for the most responsive browsing?:
"waiting for, looked up, looking up" or whatever messages in the status bar.
You sure your browser is not using doh, and not even using pfsense for dns?
Many a browser loves to use their own dns via doh, unless you specifically tell it not too.
-
@johnpoz I have no idea what doh is unfortunately.
-
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
All the browsers can, and not sure on all - but many like to enable it without any user interaction or opt-in
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/encrypted-dns-browsers/
-
@octopuss said in Settings for the most responsive browsing?:
Basically what happens is I click a link in bookmarks, and it can take up to two seconds before the page starts loading.
Something to look at : what does your browser do when you ask it to show "a page".
Open the browser console, every browser has one. For Firefox, its SHIF+CTRL+I.
Goto the 'network' pane.
Now, open a site like https://www.flickr.com
See what happens in the pane.
It won't take a minute before you ask yourself : will it ever stop ?
About DNS : as soon as a host name is resolved, it will be available for future usage without a lengthy lookup.
If the site that you visit wants to inform every other big player in the net, flickr is a good example here, many sites get contacted, as many connections are opened, and you start wondering : is congestion a thing ?Also : Go here : https://www.waveform.com/tools/bufferbloat and do the test.
Last but not least : do not use "responsive" and "wifi" in the same phrase
No one can't see the radio waves around your devices and access points. Special equipment is need. So communication might be a mess, with many re transmit requests etc.The next time you buy that wireless device, think about this video I Declared Victory. I was SOOO Wrong… - Deep WiFi Troubleshooting.
Test are always compared with 1000 Mbis/sec wired connections - and your ISP uplink. "Wifi" can be very erratic, and not reproducible. Good wifi equipment is rarely the AP you got from your ISP. It might be good enough ... And don't forget that you need more as a good access point : the other side of your connection : your device needs also to be 'good' ? ( and you can't swap the wifi adapter in your phone ^^)
-
@johnpoz said in Settings for the most responsive browsing?:
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
All the browsers can, and not sure on all - but many like to enable it without any user interaction or opt-in
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/encrypted-dns-browsers/
I am using Pale Moon, which I'm sure doesn't support this nonsense.
-
@gertjan said in Settings for the most responsive browsing?:
@octopuss said in Settings for the most responsive browsing?:
Last but not least : do not use "responsive" and "wifi" in the same phrase
No one can't see the radio waves around your devices and access points. Special equipment is need. So communication might be a mess, with many re transmit requests etc.The next time you buy that wireless device, think about this video I Declared Victory. I was SOOO Wrong… - Deep WiFi Troubleshooting.
Test are always compared with 1000 Mbis/sec wired connections - and your ISP uplink. "Wifi" can be very erratic, and not reproducible. Good wifi equipment is rarely the AP you got from your ISP. It might be good enough ... And don't forget that you need more as a good access point : the other side of your connection : your device needs also to be 'good' ? ( and you can't swap the wifi adapter in your phone ^^)
From what the ISP's technician told me, this frequency cannot be "interefered". It only works on short distances (which in our case is about 260m AP to AP).
Also there is no packetloss at all, I have a program that lets you periodically ping a list of IPs, and there is not even one lost packet in 1000 pings. Also, the latency barely ever spikes. I have pings of under 5ms across the country, and the rare spikes are still under 20ms.
I don't know what the AP on the roof is, but this is a small local ISP that takes pride in only using good equipment, so I'm pretty sure we have a good one. -
-
@octopuss said in Settings for the most responsive browsing?:
From what the ISP's technician told me, this frequency cannot be "interefered".
Nice company minded statement.
Every frequency can be interfered, its a question of equipment and efforts, but not of physics.The higher the frequency, the lower is the risk of being interfered by typical other WLAN or low shielded devices, but there is no radio frequency that can not be interfered.
Therefore this statement is rather optimistic.
Regards
-
@fsc830 Maybe he said "mostly cannot be interfered" or something, I don't know.
What I can say is that I didn't have to call them once since the upgrade, whereas with the previous 5GHz AP they constantly had to tune it because despite being in the outskirts of a town, there are still way too many signals around, and the connection would randomly start dropping or speed would drop to 20% of what it was supposed to be. -
Looks pretty good to me.Oh and the AP should be Mikrotik nRAY.
-
@octopuss What OS is on your computer? 2 seconds sounds like a DNS timeout. *nix usually queries its DNS servers in order, while Windows uses the "last known good" server first.
-
@steveits Windows 10.
It's not flat 2 seconds for every site. Some are this slow, some are not. Sites within the country tend to be noticeably faster to start loading.
Most sites seem to load faster the 2nd time too.pfSense runs under ESXi on all-in-one server.
-
@octopuss In DNS Resolver settings, is "DNS Query Forwarding" enabled?
If it is, disable the DNSSEC option.
In v23.01, some have posted of random failures if "DNS Query Forwarding" is enabled and "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" is checked.
Did you say what pfSense version you have?
-
@steveits Yes, I have forwarding enabled in the Resolver. It's the only way to use specific DNS servers I think? I guess using my ISP's DNSes makes the most sense as they are like 1km away from me.
I used to have DNSSEC enabled, but have disabled it when I was digging in the settings before posting here. I don't think there is any change in any way.
I have also disabled the use SSL/TLS setting because the DNS servers I use aren't compatible with it.I have also updated from 2.5.2 to 2.7.0 the same day.
-
FWIW, in my home environment, I've found browsing speed no different on the 400 Mb I once had or the 70 Mb I have now.
-
@provels I don't believe it has anything to do speed either. Not unless you have like 10Mbit download or something at least.
-
I have also updated from 2.5.2 to 2.7.0 the same day.
I meant to write 2.6.0.
-
@octopuss I think you need to verify it's a DNS issue. From your computer try nslookup to see how long domains take to resolve. Use a hostname you haven't connected to/looked up already, so it isn't cached. Syntax:
nslookup abc.com IP_of_pfSense
That will show you how long it takes pfSense to resolve it. Then maybe try again using a public DNS server like 8.8.8.8 or 9.9.9.9.
-
@steveits Is the command supposed to give me some kind of measurement in miliseconds or am I supposed to simply observe whether it feels slow?
