Lan network very slow
i have a problem but i can't find the problem.
i have the following setup
- wifi ap 1
- wifi ap 2
- wifi bridge
- wifi ap 3
- wifi ap 4
i have tested the netword by connecting a laptop to the wan side i get aproximatly 4 Mbit per second
after that i connect the laptop to the lan side i get 0,98 Mbit per second.
why is there suche a large differents in there ?
I uninstalled all the packages.
Disabled most of the firewall rules that had to do somthing with speed limiting several users.
i also use captive portal.
some information from the server
built on Thu May 01 15:52:13 EDT 2014
please need some help on this.
a small update, after disabeling captive portal i get 1.8 Mbit/sec, still the half of the wan speed.
but a bit faster, why is this.
I think i had this speed issu after upgrade to the latest firmware.
Check that you don't have the 'enable bandwidth per IP' (or something like that!) setting enabled in captive portal.
Check the Status: Interfaces: page for errors or collisions.
no strange readings on this page.
Also no limitation on the per user settings.
I also have some problems with the speed even that me mac adres is in the passthrough tab.
below the info from the interface tab
LAN interface (stge0)
MAC address 00:22:15:xx:xx:xx
IPv4 address 10.0.0.1
Subnet mask IPv4 255.255.255.0
IPv6 Link Local fe80::222:15ff:fe10:e6d0%stge0
Media 100baseTX <full-duplex,flowcontrol,rxpause,txpause>In/out packets 1230805/1293650 (174.37 MB/1.15 GB)
In/out packets (pass) 1230805/1293650 (174.37 MB/1.15 GB)
In/out packets (block) 3091/26 (620 KB/1 KB)
In/out errors 0/0
do you have more things i could look to.</full-duplex,flowcontrol,rxpause,txpause>
Try downloading some data to the box directly from the command line:
[2.1.3-RELEASE][email@example.com]/root(1): fetch -o /dev/null http://download.thinkbroadband.com/10MB.zip /dev/null 100% of 10 MB 2067 kBps
Thinkbroadband is a good site for me but you might want to use something more local to you.
Doing that will determine if the restriction is at the WAN or LAN interface.
I tryed it, with your file and a file hosted in the netherlands.
so it seems that it is on the wan side, but when i disconnect the cable on the wan side and hooked it up on my laptop the speed is about 4 á 6 times faster.
so what will be the next step.
[2.1.3-RELEASE][firstname.lastname@example.org]/root(1): fetch -o /dev/null http://download.thinkbroadband.com/10MB.zip
/dev/null 100% of 10 MB 456 kBps 00m00s
[2.1.3-RELEASE][email@example.com]/root(2): fetch -o /dev/null http://www.speedtest2.nl/download/10mb.bin.zip
/dev/null 100% of 10 MB 439 kBps 00m00s
Hmm, well you are seeing 456kBps which is 3.6Mbps at the pfSense box. Seems like that's quite close to your 4Mbps line speed, no?
It's much faster than 0.98Mbps.
I suspect this is almost certainly an issue with the captive portal setup throttling the bandwidth somehow.
What hardware are you running this on?
I'm running an
AMD Athlon 64 X2 Dual Core Processor 4200+ (2204.61-MHz K8-class CPU)
real memory = 1073741824 (1024 MB)
avail memory = 943992832 (900 MB)
on my dashboard the load of the machine is not above 10 to 20%
You agree then that the WAN download speed is close to what you expect?
What is your WAN bandwidth supposed to be, what's it rated at by the ISP?
yes the wan speed is close to that the ISP give. they say about 4Mbit is the line speed.
so that looks fine. next step is to find out why captive portal is slowing things down.
Clearly it's not a hardware limitation that machine should be easily capable of 100X that speed.
So is this a fresh install that has always exhibited this problem or did you upgrade from a previously working version?
Clearly there is something amiss here. When you disabled captive portal how did you do it? Are/were you running any other traffic shaping?
it is on a running server, which started 1,5 year ago. until about 3 weeks ago this problem started.
it could be after updating the server from a previous software version.
But that i can't recall, i have setup the system to install updates automatic
as far as i can tell, there is no speed limit setuped in captive portal.
It cannot update without some manual interaction. 2.1.3 was released at the beginning of May so that seems likely. Some other users have possibly had issues with old traffic shaping rules. You have never used traffic shaping on this box?
I had a bandwidth limitation for one user (ip aders) in the firewall rules.
That was a traffic shaping rule.
I already deleted these rules with no luck.
is there some tool to send you all the settings, so you could verify the settings.
You could probably pm me the config.xml file or just attach it here, after you've removed all the passwords, private addresses etc.
I can't promise anything though. ;)
send you a pm, because i don't know how to remove privacy information like passwords and ssh information.
Ok, so looking thorough your config file my best guess here is that the limit you are hitting is caused by the ezshaper section at the bottom. You have the total upload and download set to 8Mb and 4Mb but since that's from the point of view of the LAN intreface that would be an 8Mbps download speed for clients. Then you have the bandwidth limiter set to 15% which would be 1.2Mbps, close to what you're seeing. For some reason your traffic is being caught by this. I'm not sufficently familiar with the traffic shaper to say quite what has happened here.
A simple test would be to change the 15% to, say, 30% and see if you see double the throughput. I'm not sure where that fingure would be stored though, you'll have to hunt around for it. ;)
and where can i find the settings vor ezshaper.
I searched the config file and changed the up and download speed, even alterd the % now going to try if this give us a performance boost.
This is what i made off it.
for a while it looks good, but i'm trying to monitor it through the day
<step5><enable>on</enable> <bandwidth>80</bandwidth> <bandwidthunit>%</bandwidthunit> <aimster>on</aimster> <bittorrent>on</bittorrent> <buddyshare>on</buddyshare> <cutemx>on</cutemx> <dcplusplus>on</dcplusplus> <dcc>on</dcc> <directconnect>on</directconnect> <directfileexpress>on</directfileexpress> <edonkey2000>on</edonkey2000> <fasttrack>on</fasttrack> <gnutella>on</gnutella> <grouper>on</grouper> <hotcomm>on</hotcomm> <hotlineconnect>on</hotlineconnect> <imesh>on</imesh> <napster>on</napster> <opennap>on</opennap> <scour>on</scour> <shareaza>on</shareaza> <songspy>on</songspy> <winmx>on</winmx></step5> <step2><uploadscheduler>PRIQ</uploadscheduler> <connupload>100000</connupload> <connuploadspeed>Kb</connuploadspeed> <conndownload>100000</conndownload> <conndownloadspeed>Kb</conndownloadspeed> <conn0downloadscheduler>PRIQ</conn0downloadscheduler> <conn0interface>lan</conn0interface></step2>
Like I say, I'm not sure quite how those parts of the config file are generated. The traffic shaper is IMHO the most confusing part of pfSense. ;) I'll have to do some experimentation on my test box here.
You saved that config file and then forced a reload (or rebooted)? If the speed has increased then that certainly looks like the problem. The question now is why is catching your traffic when it looks like it should only be catching P2P traffic and what changed 3 weeks ago that caused it.
Lan speed is a bit faster but wan speed is almost the same, when monitoring with traffic speed i get around 800kb.
I think the problem occured after upgrading the software.
Here some pictures from speedtest.net
The fastes is with captive portal turned off
The slowest is with captive portal turned on
Ah, OK. So with captive portal turned off you are getting full speed?
I had a play around with the traffic shaper this afternoon and I'm not really sure why you traffic seems to be being caught in it. I expected to find you had the 'catchall' selected but you don't appear to have.
Looking at your config file and comparing it with mine, generated by the wizard, there are many differences that I'm failing to explain. I think the easiest thing at this point would be to remove the traffic shaper completely, remove the <ezshaper>section from the config file manually and reapply the wizard. After backing up the config of course. ;)
Unless anyone else has any ideas?
i removed the ezshaper section, but this didn't solved the problem.
Is there a way to reinstall a early version of pfsense which worked ok for me.
Then i will reinstall that verion and hopfully that one will work again ok.
Or some body else should have the solution, or a fix for the problem.
Need some help on this one !!!
You mean is there a way to downgrade remotely? I don't think so, though I've never tried.
i'm curently on 2.1.3 so i thinking of going back to 2.1.1 that is the latest working version so far i can recal.
But will it working again.
there should be a solution for my problem.
I take it the site is a long way from you?
Reinstalling might be the only way to downgrade, I wouldn't go to 2.1.1 though that was the version vulnerable to Heartbleed. I guess it wouldn't be a problem if you upgraded immediately.
If you have removed all the traffic shaper rules from the webgui and the ezshaper section from the config file there shouldn't be any shaping happening. :-\ Is there anything left in the current config file?
You need to remove that attachment it should not be public.
The config file still contains the <shaper>section complete with all it's queues. It seems likely that your traffic is being diverted through one such queue for some reason. Though without any rules to do that it;s hard to see how.
Disabling the captive portal allows traffic to flow at full speed.
Removing all the traffic shaping rules via the webgui hasn't helped.
Changing the p2p ezshaper percentage did have an effect? Interestingly going through the wizard, 15% is the highest valid number there anyway.
Interestingly the captive portal is the only part of pfsense that uses ipfw and not pf because it has to operate at layer2, I wonder if that is the cause?
You could try removing the shaper section of the config file and reloading/restoring. However manually playing with the config file will almost inevitably eventually lead to the box failing to boot due to some typo etc. If you remove the queues and something is still trying to use them what happens?
If you do try, replace:
So <shaper>should be replaced with <\shaper></shaper>
No. In your config file the shaper section has opening and closing xml tags:
<shaper>all your shaper queues</shaper>
In my config file, from a box that doesn't have traffic shaping, I have only one tag that's different to either of yours:
I guess this designates that shaper section is empty or undefined.
Next week when i'm back on the camp site i go try this. I don't want to try this when i'm not around.
Or is it safe to do it remotly?
If you can wait I would do so.
If you're on site I would first try a re-install and restore of 2.1.3. If you look at the backup/restore section in the webgui you have the option of backing up each part of the config file separately. You can then restore each part testing at each stage.
For your config the major parts that you'd rather not have to reconfigure manually are probably, DHCP server - with all the static leases you have, firewall rules and captive portal.
Take install media with you anything you might need. If you have a spare HD take that and swap it out so you can always fall back to the old one. :)
finaly got a new machine up and running.
restored from backup captive portable and lan/wan setings.
same speed issu. need some more advice.
i could disable captive portal but then we can't make any money out of it.
Hmm, so you restored only those sections of the config?
I'm away from home right now so I'm restricted to using only a tablet. Might not be much help. :-\
Today i downloaded an old version 2.1.0 the first release, installed it. and my network is going like a rokket.
pffff finaly solved this problem.
Don't know why the newer versions aren't working but i don't update pfsense again.
Hmm, not really solved then. :-
Did you try a clean install of 2.1.4? What version were you runninb before any of this trouble started?
This is the current verion i'm running, and its running gooooood.
built on Wed Sep 11 18:17:48 EDT 2013
The latest version i had running from a newly installed live cd was 2.1.4 the download speed was terrible slow.
the problem is not solved, but for me i don't think i ever update my pfsense setup again.