I have 50Mbs service. I was hoping to get in the 40's since i built a pfsense box to get around the limitations of a consumer router. Any help would be much appreciated. Hey guys, figured it out. It was the auto speed setting in pfsense on my intel NIC. Once i changed it, i was getting about 80% of my 50Mbs service through the VPN. Obviously, the first thing to do is to define the Virtual Machine's settings and actually install pfSense in said VM. Thankfully, setting up pfSense itself isn't much of a challenge. Remember pfSense is based on FreeBSD 11.1, so select BSD as the Type and FreeBSD as the Version, along with an appropriate name.
PFsense, v 2.2.6 and 2.3.4Both are VM's under ESXiInternet speed with analyzer directly connected to modem, (5) Static IPs, 185MB down/36MupI'm paying for a 150up/35down line - the speed is there at the modem.2 Different HP Proliant systems, ML350/360s - both have quad GBE Nic cards.Intel(R) Xeon(R) CPU E5430 @ 2.66GHzCurrent: 333 MHz, Max: 2666 MHz2 CPUs: 2 package(s) x 1 core(s) 6GB RAM for the VM.Internet WAN Nics are separated, broken out, etc. No LAggs, no Vlans, vanilla.Take wire from modem and put into quad nic port.Attach that port to PFSENSE f/w and configure the wan ip address.reboot f/w for funtest directly from PFsense console.
Fetch -o /dev/nullThe PFsense GUI traffic meter is shows 165-175MB down. COOL, I wouldn't expect no overhead. That speed is acceptable.but hey it tells me that cables and config is good. It says that the quad card is working fine at 1GB speeds. Etc.It says that the ESXI VM host hardware and virtualization can support that speed.However,No clients using PFSENSE as a gateway on my local network can get more than 80-100 download speeds from speedtest.net or any other speed test thingy.Troubleshooting:ELIMINATE EVERYTHING - hubs switches, cables.? How?Using a W7 guest system on the same host, I configured it to use the STATIC IP, attached the nic that was directly connected to the modem, and poof, Speedtest.net shows 160-170 down.
No cables, virtual NICs.Move the W7 guest system to the other VM host, and use the Ngear 24port GBit switch NetgearGS724 in the middle of it.Speedtest.net shows 160-190 down. Wow, but its working. And now its using my network infrastructure. No errors, frags, or collisions show on the switch stats.Take a known good cable and go from a laptop PC and directly connect into the cable modem, speedtest.net 190mb down. Working.Take the same cable and go from the same laptop PC and directly connect into a NIC port on Ngear switch.Configure the laptop pc to use PFSENSE (Either one, 2.2 or 2.3) as its internet gateway.Speedtest.net shows 70-90 down/36 up.What gives.? REBOOT Netgear SWITCH, default to factory settings. O yes, every port on the NetgearGS724 is green, no amber (100m) anywhere.I'm lost here.
Something is causing the drop.Can anyone point me to where its loosing its sh.t?The VNICS are E1000 type. And they are working fine, because they work at the best speed possible by testing from the console.I simply cant get PFsense to move any faster.What questions can you ask me? Anything.What addition info is needed.I took an old Dell Dimension 3000 tower from 2006 with a 3GHZ processor, and 1GB of RAM.burned an Iso CD and configured - pfSense-CE-2.3.5-RELEASE-i386It smoked the PROLIANT HP ML350 with DUAL 2.66GHZ processors.This 12 year old PC with (2) Intel nics, ran 192MB DOWN / 40MB UPI can't believe it. The ML350 is not even close with ESXi. I never noticed it at 60-80MB, but now that my speed was upgraded,baremetal wins.I really hated to say it. But it does.I've been all over the pfsense forums and was hoping a spicer would know where to aim me.Thanks. PfSense uses Snort by default (I believe) for IDS/IPS so if you have that turned on, I'm going to bet that turning it off will get you near max speed.
Snort is a single threaded application and heavily relies on CPU clock speed to move things along. So if you find that there is a single thread on the assigned CPU that is maxing out at 100% during your tests, chances are this might be the culprit if it's enabled. There is nothing that can fix this other than using higher clock CPU (which you;ve seen first hand when you tried the ghigher clock Dell).I think there's a way to setup Suricata instead which allows multi-threaded IDS/IPS but I've never tried it. I am not sure if this will assist but based on the version number of pfSense you are running a version that is somewhat old - the older one is from December of 2015 and the newer one is from May of 2017.
They are up to version2.4.2-p1 (this is current as of December 2017). Have you tried upgrading the Firewall Software on the box? I know that this may not sound like an accurate answer but a LOT of fixes (and security mitigations) have come out since these earlier releases.Perhaps this might work? Just a suggestion.I am using the newest pfSense version on my box at home now and its been perfectly stable for MONTHS without any issues (I use VPN, APCUPS monitor, etc.).CK. PfSense uses Snort by default (I believe) for IDS/IPS so if you have that turned on, I'm going to bet that turning it off will get you near max speed. Snort is a single threaded application and heavily relies on CPU clock speed to move things along. So if you find that there is a single thread on the assigned CPU that is maxing out at 100% during your tests, chances are this might be the culprit if it's enabled.
There is nothing that can fix this other than using higher clock CPU (which you;ve seen first hand when you tried the ghigher clock Dell).I think there's a way to setup Suricata instead which allows multi-threaded IDS/IPS but I've never tried it.
. Published on Nov 29, 2015.
Subscribe to get more videos in this series as they come out. This is part 1, showing what pfSense is and why you might want to use it.
Next time I will go over designing hardware to run pfSense on. Year agoI've been running pfsense for about 5 months now. No more drops, hdd caching, firewall and domain blocking. Set all my old wireless routers as access points with no DHCP and just wpa2. All tied together with a 24 port unmanaged gigabit switch.
Best network experience ever. I really believe that this is the only way to go if you want a reliable service. And if you can find atom based 1u servers and switches on Craigslist for less than $100 total, there is no reason not to do this. 2 years ago +2The whole premise of the video of routers not having enough hardware seems incorrect.
I checked mine (Linksys 1900 wrt) its a nice router but not crazy ($170-$200). It has a dual core 1.2 Ghz processor and 512 Mb of ram. At you say that even the high end $400 routers don't have much ram and that you don't know of any over 300Mb.
Pfsense Takes Long Time To Log In
This is where you completely lost credibility. Even at the end of 2015 when this was made there were routers out with more than 300Mb, and the chances of even enthusiasts using more than 300Mb is just about zero. If you are torrenting which is the heaviest workload, you would have a seedbox, no tech savvy user is torrenting that much without a seedbox or their an idiot. 2 years agoMy isp's router sometimes stops providing Internet on the wired connections. My wifi is 'perfectly fine' (for wifi). I have a ubuntu server running with qbittorrent plex and sickrage. When it happens I unplug my server and my Internet is back.
Pfsense Dashboard Too Slow Youtube
Am I killing my router with my server or is it something else? My nat tables are disabled by the way. Just trying to switch the isp router with pfsense and you're helpful with your info so far. Little long but the info is important.
So keep it coming. 2 years agoOne can experience bugs with pfSense too. As of this writing I'm using 2.3.2-RELEASE-p1 (amd64) on dual socket Xeon's with more than enough ram + Broadcom Netextreme NICS and it contains a bug resulting in 100% CPU spikes when viewing the dashboard (all HW accelerators on the NIC's are enabled, no polling). Another bug I found is with the Squid Reverse Proxy service that doesn't work properly if used as a SSL-termination point HTTPS-HTTP mapping. I'm heading towards OpenBSD + pf instead.
Only console out of the box, yes, but then I'll have total control. Many enterprise networks use OpenBSD in conjunction with pf (packet filter) and SNMP for management/statistics after my understanding.