I already made sure the issue is not my modem by getting my ISP to reset from their end. I also shut off the modem and firewall, and then restarted them. I tried turning off IPS and IDS, and turning off my VPN. Even though, I've taken out those potential bottenecks I'm still getting download speeds of only 20 Mbps, when I should have gigabit. I do have a bunch of tunables turned on that increased my throughput back on 24.1. I'm on 24.7.10_2.
Have any idea what might be causing my issues? Anyone experiencing slow speeds even after a reset?
Quote from: grimelog on December 08, 2024, 02:35:07 AM
I tried turning off IPS and IDS, and turning off my VPN.
That is called shotgun debugging http://www.catb.org/jargon/html/S/shotgun-debugging.html
You would be better to reduce your problem instead. Find a large test file close to you geographically, say your local FreeBSD mirror: https://docs.freebsd.org/en/books/handbook/mirrors/
Download this on a computer directly attached to your modem. Avoid Windows if this is a computer you care about :). Ubuntu live from USB with tools required to connect will work. DHCP if you're lucky, PPPoE if your ISP likes cruft.
If that goes at full tilt, back up your OPNsense config and start with a clean slate - just WAN with NAT and download again through that.
Add components until the speed tanks. The last one you added is the culprit.
Not all issues are sofware related. Swap out cables, network cards, etc. The general idea is to start from a known good setup and build up from there until you see what breaks it.
Bart...
I know which features typically cause slowdown so I disabled them. I think this is a bug in OPNSense. The connection will be fine if I connect directly through the modem.
Quote from: grimelog on December 08, 2024, 11:41:24 PM
The connection will be fine if I connect directly through the modem.
"will be"?
But is it?
It is an odd bug for OPNsense which produces 20 Mb/s out of 1 Gb/s for you, 267 Mb/s out of 250 Mb/s for me.
Investigate slowly, as @bartjsmit describes. No-one is going to pop up saying "Well, just change this parameter in OPNsense...". I suggest something is different in your setup.
Yeah, I'm looking into it from a factory reset. Factory reset brought me back to 800 Mbps out of 1 gigabit.
I know the system since I've been running it for awhile. I probably had some configuration that was not applied properly during an update.
-------
Saving config, factory reset, restore config, and then reboot fixed the issue. I'm able to get 250 Mbps to 500 Mbps immediately.
--------
I tried another fresh install and it looks like the problem is caused by turning Surricata on. I probably need to remove some rules. I have a ET open/bottcc.portgrouped and all of the ET telemetry rules installed. Happen to know which I should get rid of?
Does Zenarmor have better performance as an IPS?
I think this might be a bug in OPNsense on the older DEC850. I reset to factory defaults, copied my settings to a VM, manually entered them, shut down the VM, and restarted the DEC850. Over time my performance degrades from 250 MB to 950 MB down to 30 MB, and stays there unless I factory reset, and power cycle the modem and firewall. I'm going to venture a guess it has something to do with a setting being left over from an older version release.
I'm going to pick up a cheap laptop to confirm it's not my modem doing this.