Very confusing - slow WAN throughput
Kinda long post here, sorry in advance but I'm kinda stuck. Been using pfsense as a firewall/router for several years on a 20/20 mbit fiber connection and all has been well. Just upgraded to 50/50 and can only get about 25mbit either way. First thing I did was unplug pfsense and hooked a laptop up to the transciever and got 50/50 no problem. Came back to the DC and plugged laptop into the same cable pfsense was plugged into and also got 50/50. So no cabling issues that I can tell. I then booted existing pfsense box with a LiveCD and did a basic WAN/LAN config with NAT and can only get ~25mbit. At this point I figured the box had issues with a NIC or something so I grabbed a desktop machine and put two Intel Pro1000 cards in it and loaded pfsense on that and can only get ~25mbit.
I'm not sure what to try here now since I think I've removed any chance of cabling issues and have tried all new hardware and get the same speeds. It seems like something unique to pfsense itself that's causing the issue.
Anyone have any ideas?
KOM last edited by
Which version of pfSense? I'm running 2.1.3 on an 90/90Mb link with traffic shaping, Squid, SquidGuard & OpenVPN, and I can saturate it to about 85Mb/s.
Running 2.1.3, sorry forgot to include that.
Also tried the latest M0n0wall on the desktop PC I'm testing with a got the same speeds (~25mbit).
First thing I did was unplug pfsense and hooked a laptop up to the transciever and got 50/50 no problem. Came back to the DC and plugged laptop into the same cable pfsense was plugged into and also got 50/50.
How are you testing speed?
Just so I understand your topology:
Laptop –> Switch --> pfSense (original hardware) --> Modem = 25/25mbps
Laptop --> Switch --> pfSense (desktop hardware) --> Modem = 25/25mbps
Laptop --> Switch --> Modem = 50/50mbps
I've tested with speedtest.net, testmy.net, and just to triple check grabbed an iso from a 100mbit offsite server I pay for.
Two possibilities come to mind. First I would verify that there are no speed/duplexity mismatches anywhere when the pfSense box is in the loop. For simplicity I would take out the switch for testing:
laptop –> pfSense --> Modem
Check Status: Interfaces under media to see what duplexity pfSense is using on it's interfaces. For the remaining devices (Modem, switch, and laptop) you may have to resort to their indicator lights to verify speed & duplexity.
If that all checks out, then I would watch the CPU during the download to see if it's at 100%. Status: RRD Graphs: System: Processor
If that all checks out, then I would probably trying a local test to what the pfSense does locally. Something like: laptop --> pfSense --> desktop