Massive speed drop after upgrade of pfSense from 2.0.1 to 2.1.2 - FIXED



  • Hi everyone,

    I am a newbie to this forum and not sure if this has been addressed elsewhere (I did a few searches but couldn't see anything similar). I have upgraded by install of pfSense from 2.0.1-RELEASE (i386) to 2.1.2-RELEASE (i386) after the Heartbleed was announced.

    I took a backup of my live config and did a clean install of 2.1.2-RELEASE using a CD that I had burnt.

    The upgrade went smoothly and I noticed no problems during this process.

    I configured the interfaces during the fresh install without any issue, I then uploaded my backup config file and the box restarted without any issue.

    After a couple of days, I thought I'd do a speed test and was shocked to find that my Internet speeds had dropped from being around (74Mb down / 17Mb up) down to 0.5Mb down / 7Mb up.

    I really couldn't believe this and so I initially decided to phone BT Infinity Business support and complain thinking that they had somehow dropped my services. I spent ages explaining that I do not use their modem/firewall as my pfSense installation is sufficient and it allows me to make use of all IP address in a proper manner.

    In the end, I was forced to unpack the BT modem and connect it upto the Openreach device and I couldn't believe that it was working fine and I was getting my normal speeds. Embarrased, I thanked the agent and closed the call.

    My next process of elimination was to downgrade the service back to my previous build, 2.0.1-RELEASE (i386) and see if it made any difference. I was annoyed to see that the downgrade didn't make any difference.

    SOLUTION:

    I then spent ages going through every single config to see if anything had changed and eventually checked the ethernet interfaces for my firewall. I have a total of 5 physical nics (WAN, LAN, OPT1, OPT2, OPT3), 3 VLANS (iSCSI VLANS). When I checked the WAN interface I noticed that it had defaulted to auto negotiate however my interconnecting switch was configured as 100MB FD, I check the speed/duplex settings on the switch port and found that the nic was connecting as 10MB HD, hence the speed issue. Once I manually set the interface on the NIC within pfSense from auto to 100MB FD, the speed went back to expected levels again.

    I have now updated the software back to 2.1.2-RELEASE (i386) and everything this running fine.

    I thought this might be a good place to highlight how I fixed this issue as I saw a couple of old posts where people were wondering what to do when they encountered this problem but there was no answer from the forum and I am guessing they were left in the dark.

    Hope this helps you as I was certainly relieved after fixing this issue.

    Cheers,
    Mamun



  • @mamun:

    Hi everyone,

    I am a newbie to this forum and not sure if this has been addressed elsewhere (I did a few searches but couldn't see anything similar). I have upgraded by install of pfSense from 2.0.1-RELEASE (i386) to 2.1.2-RELEASE (i386) after the Heartbleed was announced.

    I took a backup of my live config and did a clean install of 2.1.2-RELEASE using a CD that I had burnt.

    The upgrade went smoothly and I noticed no problems during this process.

    I configured the interfaces during the fresh install without any issue, I then uploaded my backup config file and the box restarted without any issue.

    After a couple of days, I thought I'd do a speed test and was shocked to find that my Internet speeds had dropped from being around (74Mb down / 17Mb up) down to 0.5Mb down / 7Mb up.

    I really couldn't believe this and so I initially decided to phone BT Infinity Business support and complain thinking that they had somehow dropped my services. I spent ages explaining that I do not use their modem/firewall as my pfSense installation is sufficient and it allows me to make use of all IP address in a proper manner.

    In the end, I was forced to unpack the BT modem and connect it upto the Openreach device and I couldn't believe that it was working fine and I was getting my normal speeds. Embarrased, I thanked the agent and closed the call.

    My next process of elimination was to downgrade the service back to my previous build, 2.0.1-RELEASE (i386) and see if it made any difference. I was annoyed to see that the downgrade didn't make any difference.

    SOLUTION:

    I then spent ages going through every single config to see if anything had changed and eventually checked the ethernet interfaces for my firewall. I have a total of 5 physical nics (WAN, LAN, OPT1, OPT2, OPT3), 3 VLANS (iSCSI VLANS). When I checked the LAN interface I noticed that it had defaulted to auto negotiate however my interconnecting switch was configured as 100MB FD, I check the speed/duplex settings on the switch port and found that the nic was connecting as 10MB HD, hence the speed issue. Once I manually set the interface on the NIC within pfSense from auto to 100MB FD, the speed went back to expected levels again.

    I have now updated the software back to 2.1.2-RELEASE (i386) and everything this running fine.

    I thought this might be a good place to highlight how I fixed this issue as I saw a couple of old posts where people were wondering what to do when they encountered this problem but there was no answer from the forum and I am guessing they were left in the dark.

    Hope this helps you as I was certainly relieved after fixing this issue.

    Cheers,
    Mamun



  • @mamun:

    When I checked the LAN interface I noticed that it had defaulted to auto negotiate however my interconnecting switch was configured as 100MB FD, I check the speed/duplex settings on the switch port and found that the nic was connecting as 10MB HD, hence the speed issue. Once I manually set the interface on the NIC within pfSense from auto to 100MB FD, the speed went back to expected levels again.

    The standards always say that at the ends of a cable ports's speed/duplexity have to be configured the same way. Either both ports auto, either both ports manual to the same value.
    One end auto and the other end manual is non-standard, and it only works if NIC manufacturers/drivers have implemented it - that really differs from asic chip type. Never do that. If it works, you're just being lucky…