So I recently got FTTH from Kinetic Windstream and have symmetric 1Gbps service.
The issue I am running into is that the upload appears to be capped at 30Mbps.
Download speeds are fine at 930 Mbps.
The service is terminated in the home with an Adtran SDX 601q GPON ONT with a 2.5 GbE interface which feeds the WAN input on the FW2B.
I can get full 930 Mbps up and down directly connected with a laptop to the ONT.
I re-installed OPNSense from scratch and still slow uploads.
In desperation I installed pfSense and it had the exact same issue.
Finally, I installed Sophos Firewall on the FW2B and it worked as expected (full up and down speeds).
What am I missing here?
There is no special requirement by this ISP for this fiber service that I am aware of.
I also tried both OPNSense and pfSense on my LattePanda Sigma which has 2.5 GbE interfaces to match the ONT but it also has slow upload speed.
The only common thread I can discern is OPNSense/pfSense are based on FreeBSD versus Suse Linux for Sophos Firewall.
Settings for the WAN port are the same in Sophos as well as OPNSense/pfSense.
I've used this setup in my previous home with fiber and never experienced this slow upload.
The ISP will not help because the issue is only there with my equipment.
I really want to get OPNSense back on the box as Sophos just feels dirty.
Thanks in advance for any suggestions.
Wally
I also have the problem and have the exact same firewall , maybe its a driver issue? maybe we just need to go back to an older version? but looking more towards Protectli maybe we need to flash something?
I thought the same thing but when I switched to the LattePanda Sigma hardware I assumed the problem would not follow but it did.
Have you rolled back to the previous version to see if the issue goes away? right now im just going through the motions as to what could be blocking the traffic.. i thought it was one of the security features we have but still nothing ...so frustrating lol
I have not tried an older version but may eventually.
Still, I would not consider that a valid fix as I do not like running older versions for security reasons.
I did notice that with Sophos Firewall the interfaces are swapped (igb0 is LAN, igb1 is WAN) so I may reinstall OPNSense and assign the interfaces similar to Sophos.
Not sure why that would make a difference but it's the only thing I haven't tried yet.
@Drunkenfetus do you possibly have an Adtran ONT as well?
Noteworthy Differences Between 24.7.7 and 24.7.8
The 24.7.8 update introduced patches to Intel network drivers (ixgbe, igb, igc, and e1000), which could be directly impacting your upload speeds if you're using Intel NICs. The previous 24.7.7 version does not include these driver updates, suggesting it might be more stable for your setup.
So I loaded an old version of OPNSense on the LattePanda Sigma and then started updating and testing between updates with interesting results:
23.7 - UP/DOWN > 900 Mbps
23.7.12_5 - UP/DOWN > 900 Mbps
24.1.5_3 - UP/DOWN > 900 Mbps
24.1.10_8 - UP/DOWN > 900 Mbps
24.7.1 - UP/DOWN > 900 Mbps
24.7.8 - UP/DOWN ~ 600 Mbps
So there is definitely some regression going on with the 24.7.8 update in regards to the interface drivers.
I'll keep testing it to see if the upload slows back down on 24.7.8 but so far it has not been capped at 30 Mbps like before yet.
Might be useful to report in this topic as well?
https://forum.opnsense.org/index.php?topic=43372.0
Thanks for the info...looks like 24.7.8 included the intel4 kernel but there is now an intel6 which I may try:
# opnsense-update -zkr 24.7.8-intel6
I also heard back from Protectli support which suggested I swap the interfaces in the OPNsense console (Option #1).
This sounds encouraging as that is the configuration it lands on by default using Sohos Home Firewall.
I have done all of it and i still cant see any improvement ....
596.8 Mbps download
3.24 Mbps upload
Latency: 4 ms
770.8 Mbps download
2.46 Mbps upload
Latency: 5 ms
Have you tried iperf from one side of the FW to another ? Discussing drivers when tests are done over the internet where there's no way of controlling what happens once the traffic has left the firewall is a waste of time.
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.
Quote from: Gauss23 on November 10, 2024, 07:48:55 AM
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.
The CPU in the LattePanda Sigma should have no issues doing 1Gbit PPPoE. Even a N5105 does 2.5Gbit PPPoE without an issue. Given that there were no issues with older 24.7.x versions, it's most likely caused by the recent Intel NIC driver updates. Maybe it's worth testing 24.7.7, the last version before these changes.
So my connection is not PPPoE (I connect DHCP to the ISP ONT).
I did go down a rabbit hole last night by installing VyOS on the FW2B.
The issue persists even with that Debian-based firewall (and what a nightmare to setup!)
So I now have OPNSense 23.7 installed with the interfaces swapped (so igb0 is LAN & igb1 is WAN) and the speeds are both 930 Mbps.
Tonight once the family goes to bed I will begin the upgrade iterations and see if it stays good with the interfaces swapped.
What does that tell us if swapping the interfaces fixes the issue?
Why would that even be a thing?
Did the Vendor specify or said what is the reason why they advised to switch the ports?
Regards,
S.
No, the vendor did not give a reason why switching the ports should help.
I'm happy to report though that after going through the upgrade iterations to 24.7.8 I am fully updated and still testing 930 Mbps UP/DOWN for WAN now.
It is definitely not an OPNSense or FreeBSD issue as the same occurs with Linux firewall variants.
Very strange indeed, just happy that I'm in a good configuration now.
The FW2B has been a workhorse through the years and has served my home gateway needs superbly.
May consider a modest upgrade to their V1210 now which is at a sweet price point of $199.
Well i just got the new Cable Modem from Spectrum, and replace it and i still get that delicious 900 down / 5 up..lol
I do not know what else to try....WAN is at em0 and LAN is at em1...not sure what the deal is at this point or what else to try...
any ideas?
Like look at these speeds:
1089.7 Mbps download
0.06 Mbps upload
Latency: 5 ms
LOL ive never received 1G down like this lol
How are you connecting to the service provider?
Do you have FTTH which terminates in an ONT?