Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
LAN vs WAN speed differences
« previous
next »
Print
Pages: [
1
]
Author
Topic: LAN vs WAN speed differences (Read 2696 times)
Raptcha
Newbie
Posts: 31
Karma: 0
LAN vs WAN speed differences
«
on:
November 24, 2023, 03:58:56 pm »
Hello,
I have a 1gbps (~940mbps) internet connection. I am testing zenarmor on my OPNSense installation and I see a lot of difference in speedtest between running zenarmor on LAN vs WAN. WAN is almost always faster (Almost the full speed). In LAN, I only get about 550mbps.
What are differences of running it on WAN vs LAN interfaces?
Logged
athurdent
Sr. Member
Posts: 251
Karma: 23
Re: LAN vs WAN speed differences
«
Reply #1 on:
November 24, 2023, 04:01:46 pm »
Are your interfaces compatible with Netmap?
Is your LAN interface a different model than your WAN interface perhaps?
Logged
Raptcha
Newbie
Posts: 31
Karma: 0
Re: LAN vs WAN speed differences
«
Reply #2 on:
November 24, 2023, 04:54:02 pm »
They are both Realtek 8111H 1GbE ports. I believe they are compatible with netmap. I have tried both netmap native and netmap emulated. They are mostly the same results.
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: LAN vs WAN speed differences
«
Reply #3 on:
November 24, 2023, 06:54:39 pm »
Hi,
Have you installed the os-realtek plugin? Could you please provide the specifications for your CPU and RAM?
Logged
Raptcha
Newbie
Posts: 31
Karma: 0
Re: LAN vs WAN speed differences
«
Reply #4 on:
November 24, 2023, 06:59:24 pm »
Thank you for responding. Yes I have already installed the realtek plugin. Without it, the connection keeps dropping for me.
Sure, I am running OPNSense on a Zimaboard 432 with Intel Celeron N3450 Quad Core (1.1 GHz Base and 2.2GHz Boost), 4GB LPDDR4 RAM, 32GB eMMC Storage. I'm using local Mongo DB as the reporting backend for Zenarmor
https://shop.zimaboard.com/products/zimaboard-single-board-server?variant=39283928432838
Logged
Raptcha
Newbie
Posts: 31
Karma: 0
Re: LAN vs WAN speed differences
«
Reply #5 on:
November 25, 2023, 07:44:24 am »
Even though the LAN speeds are almost half my real internet speed, the Zenarmor policies only work on this. Some of the blocks I have added in the policies section works if I'm running Zenarmor on WAN.
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: LAN vs WAN speed differences
«
Reply #6 on:
November 25, 2023, 10:25:55 am »
Hi,
The performance of a CPU's single core is crucial in determining the throughput that Zenarmor can handle. To ensure compatibility, please refer to the hardware requirements for information on throughput and user size.
For Zenarmor to handle a throughput of 1Gbps, it is recommended to have a single-thread rating of approximately 1500.
For more details, you can visit the following link: [Hardware Requirements](
https://www.zenarmor.com/docs/introduction/hardware-requirements
)
However, the current single-thread score of the Celeron CPU is relatively low.
To check the single-thread score of the current Celeron CPU, you can refer to this link: [Celeron CPU Score](
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Celeron+N3450+%40+1.10GHz&id=2907
)
Logged
Raptcha
Newbie
Posts: 31
Karma: 0
Re: LAN vs WAN speed differences
«
Reply #7 on:
November 25, 2023, 11:25:34 am »
Hey @sy,
In WAN interface, I get full upload speed and half download speed and none of the policies work. Should I not be running zenarmor on WAN?
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: LAN vs WAN speed differences
«
Reply #8 on:
November 27, 2023, 03:40:21 pm »
Hi,
The best practise is to protect the LAN interface on Zenarmor and the WAN interface on Suricata.
Logged
Raptcha
Newbie
Posts: 31
Karma: 0
Re: LAN vs WAN speed differences
«
Reply #9 on:
November 30, 2023, 12:33:31 am »
What does protecting the WAN interface do?
I ask because I thought protecting WAN would be the right way to filter incoming traffic through Zenarmor (To block sites, ads etc) but it turns out I need to be protecting LAN to do that.
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: LAN vs WAN speed differences
«
Reply #10 on:
November 30, 2023, 09:21:13 am »
Hi,
Your incoming traffic will also inspect when routed the destination host on yor network if you protect all inner interface. But you can filter the WAN interface on Suricata or use Zenarmor in bridge mode.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
LAN vs WAN speed differences