- Pfsense Slow Internet Speed
- Pfsense Vpn Speed Test
- Pfsense Speed Test Internet Connection
- Most Accurate Speed Test Site
- Pfsense Periodic Speed Test
The hardware running pfsense is a Super Micro XG-1537. The CPU load is only 1%. I ran a speed test via py37-speedtest-cli from the Firewall and I got around 585Mbit/s symmetrically. Problems relating to upload speed often end up being MTU-related problems. If the MTU on the pfSense® CE device (default 1500), is higher than the MTU of the uplink, it can result in packets that are fragmented or lost. Setting MSS clamping on WANs or changing the MTU of the interface can help.
Once multi-WAN has been configured, best practice is then to test itsfunctionality to verify it functions as expected. The following sectionsdescribe how to test each portion of a multi-WAN configuration.
Testing Multi-WAN in a controlled manner immediately after configuration is akey step in the process. Do not make the mistake of waiting until an Internetconnection fails naturally for the first test, only to discover problems whenthey are much more difficult and stressful to fix.
First, navigate to Status > Gateways and ensure all WAN gateways are show asOnline under Status, as well as on the Gateway Groups tab. If theydo not, verify that a proper monitor IP address is used as discussed inGateway Settings.
Creating a WAN Failure¶
There are a number of ways to simulate a WAN failure depending on the type ofInternet connection being used. For any type, first try unplugging the targetWAN interface Ethernet cable from the firewall.
For cable and DSL connections, try powering off the modem/CPE, and in a separatetest, unplug the coax or phone line from the modem. For fiber, wireless, andother types of connections with a router outside of pfSense® software, tryunplugging the Internet connection from the router, and also turning off therouter itself.
All of the described testing scenarios will likely end with the same result.However, there are some circumstances where trying all these things individuallywill find a fault that would not have otherwise been noticed until an actualfailure. One of the most common is unknowingly using a monitor IP addressassigned to the DSL or cable modem. Hence when the coax or phone line isdisconnected, simulating a provider failure rather than an Ethernet or modemfailure, the monitor ping still succeeds since it is pinging the modem. Fromwhat the firewall was told to monitor, the connection is still up, so it willnot fail over even if the upstream connection is actually down. There are othertypes of failure that can similarly only be detected by testing all theindividual possibilities for failure. The monitor IP address can be edited onthe gateway entry as covered in Gateway Settings.
Verifying Interface Status¶
After creating a WAN failure, refresh Status > Gateways to check the currentstatus. As the gateway monitoring daemon notices the loss, the loss willeventually move past the configured alarm thresholds and it will mark thegateway as down.
Verifying Load Balancing Functionality¶
This section describes how to verify the functionality of a load balancingconfiguration.
Pfsense Slow Internet Speed
Verifying HTTP Load Balancing¶
The easiest way to verify HTTP load balancing is to visit a website thatdisplays the public IP address the client used to access the site. A page onthe Netgate site is available for this purpose, and countless other sitesoffer the same functionality. Search for “what is my IP address” and numerouswebsites are returned that will show the public IP address making the HTTPrequest. Many of those sites tend to be full of advertisements, so Netgateprovides a handful of sites which report only the client IP address:
Pfsense Vpn Speed Test
Browsers have a habit of keeping open server connections and caching results, sothe best browser-based test is to either load multiple sites, or to close thebrowser window between attempts to load a site. During each connection attempt,a different IP address should be shown if load balancing is working correctly.If other traffic is present on the network, the IP address may not appear tochange on every page load. Repeat the test several times and the IP addressshould change at least a few times. As an alternative to using a browser,command line utilities such as
curl do not keep persistent sessions and aremore accurate for testing this behavior.
Pfsense Speed Test Internet Connection
If the IP address never changes, try several different sites, and make sure thebrowser is requesting the page again, and not returning something from its cacheor using a persistent connection to the server. Other good steps includemanually deleting the cache, closing and reopening the browser, and tryingmultiple web browsers. If all of those fail to return the expected result, thenstart troubleshooting the load balancer configuration further. Laptop speed test online.
Most Accurate Speed Test Site
Testing load balancing with traceroute¶
traceroute utility (or
tracert in Windows) shows the network pathtaken to a given destination. See Using traceroute for details on using
traceroute. With load balancing, running a
traceroute from a clientsystem behind the firewall should show a different path being taken for eachattempt. Due to the way
traceroute functions, wait at least one minute afterstopping a traceroute before starting another test so that the states willexpire, or try different destinations on each attempt.
Using Traffic Graphs¶
Pfsense Periodic Speed Test
The real time traffic graphs under Status > Traffic Graph and on the TrafficGraphs dashboard widget are useful for showing the real time throughput on WANinterfaces. Only one graph at a time can be shown per browser window when usingStatus > Traffic Graph, but additional windows or tabs can be opened in thebrowser to see all WAN interfaces simultaneously. The traffic graphs widget forthe Dashboard enables the simultaneous display of multiple traffic graphs on asingle page to simplify this process. If load balancing is working correctly,activity will be observed on all WAN interfaces.
The RRD traffic graphs under Status > Monitoring are useful for longer-termand historical evaluation of WAN utilization.
Bandwidth usage may not be exactly equally distributed, sinceconnections are directed on a round robin basis without regard for bandwidthusage.