PfSense behind multiWAN router slow
-
Hi all. I work at a school where the only Internet service is 6 Mbps ADSL. We are able to combine four ADSL lines to get decent speed by using a TP-Link TL-R470T+ multiWAN router. This gives us speeds in the low 20's; however, the router has no content-filtering or VPN access. I'd like to use pfSense to provide this. I've been able to install pfSense between the router and our LAN. Internet access works, but is much slower: it struggles to reach 6 Mbps on speed tests. I do have the squid and DansGuardian packages installed, but not activated. I haven't done anything with load-balancing or QoS. Any ideas what going on and how I can improve the speed?
The setup looks like this:
4 ADSL lines
||||
||||
VVVV
TL-R470T+ (192.168.0.1)
|
| 192.168.0.0/24
V
pfSense WAN interface (192.168.0.2)
pfSense LAN interface (192.168.205.215)
|
| (192.168.205.0/24)
V
LANI realize pfSense is (supposed to be) capable of doing multiWAN routing, but I'd rather not fix what's not broken.
Thanks in advance!
THeo
-
A speed test is not relevant , see this post : https://forum.pfsense.org/index.php/topic,65813.0.html
-
Also , a daisy-chain is not recomended , especially in networking , you should trow some cheap network adapters in the pfsense box , and let pfsense do the load-ballancing , there a re a lot of tutorials floating on the web , on the pfsense wiki , and somebody on the forums will help you if you have questions .
-
A speed test is not relevant , see this post : https://forum.pfsense.org/index.php/topic,65813.0.html
The speed test is relevant. If I connect directly to my multiWAN router, I get more than three times the speed compared to connections running through the pfSense box. HTTP and FTP downloads are correspondingly slower through the pfSense box as well.
THeo
-
Also , a daisy-chain is not recomended , especially in networking , you should trow some cheap network adapters in the pfsense box , and let pfsense do the load-ballancing , there a re a lot of tutorials floating on the web , on the pfsense wiki , and somebody on the forums will help you if you have questions .
I want to change one thing at a time. Once I have content filtering up and running, then I will play around with multiWAN using pfSense.
Thanks for your suggestions, but I was hoping for answers that would address my situation.
THeo
-
You are trying to say that HTTP and FTP are 4X adsl when hooked up to the multi-wan router?
-
You are trying to say that HTTP and FTP are 4X adsl when hooked up to the multi-wan router?
No. Speed tests show over 3.5x improvement compared to a single ADSL line, without pfSense. HTTP downloads appear to get all the bandwidth of a single ADSL line, so that I can run (e.g.) two downloads at 6+ Mbps each, maxing out two lines while two remain idle. This is ideal for our needs: reasonably fast connections for many users.
With pfSense between my multiwan router and my LAN I get performance similar to what I would get with a single ADSL line.
THeo
-
Just a guess , but are you by chance doing NAT twice? once behind the multiwan router and once after pfsense?
This is the only thing i can think right now that will maybe "break" the load balancing done on the multi-wan router.
-
If you connect a single laptop to the multi-WAN router and do multiple downloads from it, do the downloads get distributed around the links and eac h manage to get about 6Mbps?
With pfSense in the picture, the multiWAN router will see all the traffic to be coming from 1 LAN IP, the pfSense WAN IP. If the multi-WAN router is locking each LAN IP to a particular link, then all the pfSense traffic is going to be fed out only 1 link. -
Just a guess , but are you by chance doing NAT twice? once behind the multiwan router and once after pfsense?
This is the only thing i can think right now that will maybe "break" the load balancing done on the multi-wan router.
Sorry for seeming to drop off the planet; school got busy, and then March break happened. I was able to go back in to do some testing yesterday.
I am doing double NAT, which I understand can raise issues with VPN. However that doesn't seem to be the problem here. Disabling NAT on pfSense made no difference to the speed tests: same results with and without NAT.
However: Something bizarre is going on, and I need to do more testing. I'm getting the same results with and without NAT, but suddenly they're much better than before. Previously I was seeing much worse performance behind pfSense and now that's gone. I don't know whether that's because most users have been gone for a week, or whether it's not the Olympics (less video streaming on the Bell network) or what.
THeo