Wifi performance

awebster

Its isn't that FreeBSD is good or bad as a wifi access point, but rather the nature of the technology itself.

You mention that using iperf3 to a wired PC you can get 60-70mbps, well that's about the maximum you'll ever get if your connection speed is 130mbps.
This is because wifi is a half duplex medium, meaning it can only ever be talking (sending) or listening (receiving), never both at the same time, and further more every single wifi packet must be acknowledged by the receiver.  This effectively cuts the effective throughput in half.
Interference on wifi is really the biggest single source of problems now.  The 2.4GHz band is saturated, and especially bad in high density housing (apartment buildings).
Ideally, if you wireless devices are dual band, get a dual band wifi router or access point and set it to use the 5GHz spectrum; this will give you much better overall signal because of less interference.

You don't mention what your internet speed is, so I don't know how to answer your question about the actual performance you're seeing.

Panja

Thanks for the clean answer awebster.
My internet speed is 120/12 mbit. I'm getting a max of 14,5 MB/s normally (wired).

Another problem I have with the wifi in my pfSense box is that the connection is not kept after a while on iOS 9 devices.
My GF's iPhone and mine are both disconnected after +/- 10 minutes if the phone is locked/standby.
After unlocking it searches for the wifi signal and reconnects.

awebster

You might try googling "ios 9 disconnecting from wifi"  there are loads of hits which tells me this is probably an Apple related issue.

Panja

Will give that a try but with other wifi ap's I do not have this problem…

Guest

Will give that a try but with other wifi ap's I do not have this problem…

For how many users this must reach or going fine?
WiFi is a shared medium and so you couldn´t await that the full throughput is only for you alone
or your laptop available to catch.

Try out downloading NetStumbler and scann the whole area around your apartment and then
you will be able to see how many other WiFi networks are there and witch channels they are using
so you could set up the pfSense WiFi to a less used channel using a less used radio band.

• Prevent from TKIP try AES-CCM only (enterprise)
• don´t go with pre or default WiFi station names (SSID) please choose something individual likes "as5da4s5d"
• set up the a radius server to be sure that only you will used this WiFi network
• hide the SSID (iPhone & iPads from Apple are trying permanent to connect to WiFI networks they can "see")
• Perhaps you could try also new antennas with more dBi likes 12, 15 or 20 dBi instead of 3, 5 or 9 dBi only
• Perhaps also a new or other mini PCIe card would be bring more gain or throughput likes a UBNT SR71-E

Is the WiFi running in station or AP mode?
Are this laptop also inside of the LAN or to the LAN connected to the same time as the WiFi is connected?
Are you running both WLAN and LAN in the same subnet likes 192.168.1.0/24?
Are there other WiFI devices, APs, Routers, or such things are not named by me here?

If nothing goes right for you perhaps an external WiFi AP will do the job better likes the miniPCI card now will
ever be able to do.

Panja

This is for 3 users the case.
But at the time of testing I was testing it with one user online (me).
Other users were offline.

I have tried all 13 channels already.
Giving me the same problems on all 13.

I'm using WPA2 personal. Unfortunately it's no option to use Radius as I have a few devices (printer, Squeezebox, etc) that are not capable of using WPA(2) Enterprise.
I don't have a default SSID name, no one else is using it for sure.
The wifi is running in AP mode and the connection is bridged with my LAN so wifi connections are in the same subnet (192.168.10.0/24) as my LAN.

When I connect an external wifi ap I do not have such problems.

The main problem I have is that the connection does not stay connected on my iOS devices after you lock the screen.
On other wireless aps I do not have this problem.

I recently tried another firewall distro "ZeroShell" which is based on Linux instead of (Free)BSD and with this distro I did not have the problem of disconnecting iOS devices after they are locked/standby for 10 minutes.

Guest

I recently tried another firewall distro "ZeroShell" which is based on Linux instead of (Free)BSD and with this distro I did not have the problem of disconnecting iOS devices after they are locked/standby for 10 minutes.

This could be for sure as the same as with other Linux based distros, because of the better hardware and driver
support under Linux. ZeroShell is really good but more wide spread in Italy and Spain or Portugal and not
here in Germany where I live. It comes also with a very strong encrypting Rasius Server and is actual
maintained and gets support over a forum or directly from Fulvio. nice appliance but nothing really that
should be compared to pfSense, but with his own charm and skills.

For WiFi & pfSense it is only to say about, when is runs smooth it runs, if not it is running not with smooth.
If you need urgent a WLAN AP you could also insert your card inside of an smaller MikroTik with RouterOS
and turn it into a WLAN AP running in AP mode. It will be much better then all other things.

awebster

@Panja,  my guess is that the hostapd is using the default inactivity timeout of 5 minutes, and kicking off your device too soon.  Other devices typically use 15 or 30 minutes inactivity timeout.
You would probably have to manually edit the  /var/etc/hostapd_xxx.conf config file to test this, and your changes would be lost anytime you make a change on pfSense web GUI as it will require the file.
From hostapd defualt config file, we find this:

Station inactivity limit

If a station does not send anything in ap_max_inactivity seconds, an

empty data frame is sent to it in order to verify whether it is

still in range. If this frame is not ACKed, the station will be

disassociated and then deauthenticated. This feature is used to

clear station table of old entries when the STAs move out of the

range.

The station can associate again with the AP if it is still in range;

this inactivity poll is just used as a nicer way of verifying

inactivity; i.e., client will not report broken connection because

disassociation frame is not sent immediately without first polling

the STA with a data frame.

default: 300 (i.e., 5 minutes)

#ap_max_inactivity=300

In the end, as others have stated, a DD-WRT device or any other device that is dedicated to wifi (and the requisite code development went into it) will probably work better.

Panja

@awebster.
Thanks!
Unfortunately in my .conf file there is no "ap_max_inactivity=300" so I cant change it.
But can I add this to my config file?

@BlueKobold
Thanks. I won't be running ZeroShell but just tested it because of the wireless drivers.

Probably just have to accept that the wireless on (Free)BSD is sh*t.  :o

Panja

Just made up my mind and I will buy an additional wireless access point.  :o

patord

@Panja:

Probably just have to accept that the wireless on (Free)BSD is sh*t.  :o

I wouldn't go that far to call it that.

First: that card you are using utilizes the AR9280 chipset.  Which is known to have low level hardware issues if you read the FreeBSD ATH driver maintainer's pages on freebsd.org or out on google.  Based on my experience with trying to use that chipset with pfsense for the past few years, I can see why some think that way.

Second: given the limitations of what that ATH maintainer has to do to reverse engineer the HAL for Atheros chipsets, it's amazing what he has been able to do and I give him props for that.

Third: try the newer rev of that chipset series.  AR9380.  The ATH maintainer's wiki page indicates fewer or no low level hardware issues with the newer chipsets.  After I swapped out a bunch of AR9280 over to AR9380 in my pfsense deployments, hostap is now actually usable.  Specifically I saw a significant reduction of dropped connections, especially during WPA2 AES rekeys.  That's also probably tied in with the last round of ATH driver updates back in 2.2.3 or 2.2.4 I believe.

Panja

Thanks for the clearing that up!
Did not know that.

Cheers

Guest

Thanks. I won't be running ZeroShell but just tested it because of the wireless drivers.

For sure likes we all do this for testing, I really often use OpenWRT or also ZeroShell for these things.

Probably just have to accept that the wireless on (Free)BSD is sh*t.  :o

Perhaps to hard as i see it right. If you got it running smooth and liquid it will be a fine thing
but if it will permanently not running or matching your needs, it sometimes is a really point that
can´t be changed.

JonathanLee

@Panja Change this as a system tuneable

JonathanLee

@Panja What kind of dbi is your antena? 7, 8 or 10?

https://dongknows.com/wi-fi-dbi-and-high-gain-antennas-explained/