WAN Port slow

[kingfisher77]

Hi, since we have cable with 1Gbit down/50Mbit up we experience slow net performance. If we connect directly to the cable modem (FritzBox 6591) we have around 800Mbit down/40Mbit up. If we go through our OPNsense Ghz small (SML20083D) we experience only ~100-200MBit/~4-10Mbit.

Our setup is straight forward, no special requirements. OpnSense is connect to the FritzBox via Exposed Host.

Very could we start to narrow down the problem?

[shadesh]

A good troubleshooting startpoint are:
Interface -> Settings

• Hardware CRC
• Hardware TSO
• Hardware LRO

[kingfisher77]

Thanks! Checked them off and on (where disabled). No difference :/

I was thinking that the cpu is to slow. But top shows around 30-40% usage for python process.

[FingerlessGloves]

Guessing it a fresh install?

Also only does 450mbps max throughput
https://www.applianceshop.eu/security-appliances/security-appliances-desktop-and-wallmountable/opnsense-small-ghz.html#product-attribute-specs-table

[kingfisher77]

Ah, thats a point. Will look for a new hardware - any suggestions for 1Gbit?

[FingerlessGloves]

Ah, thats a point. Will look for a new hardware - any suggestions for 1Gbit?

Myself and quite a few people people have Qotom Devices, then you can buy how much CPU power you want.
You can also look at PC Engines APUs, depends what country your in to what works cheapest.

If size/power consumption isn't an issue, you could look at getting an old server and a 4 port Intel NIC.
You could even get an used corporate desktop (i3,i5 something like that), and put a 4 port Intel NIC in that. I know a people who've done that too.

[kingfisher77]

Thank you, i'll talk to the https://www.apu-board.de/, lets see what they suggest. Thank you!

[Antaris]

Thank you, i'll talk to the https://www.apu-board.de/, lets see what they suggest. Thank you!

Rebranded Quotom or other OEM chinese mini PC on slightly more than doubled price...

[kingfisher77]

I am not sure which CPU/Setup would fit best für my needs.

What do you think about this one?

https://de.aliexpress.com/item/32920921042.html?gps-id=pcStoreLeaderboard&scm=1007.22922.122102.0&scm_id=1007.22922.122102.0&scm-url=1007.22922.122102.0&pvid=e2793994-0169-4314-98b1-dbbd6ef8189e&spm=a2g0o.store_home.smartLeaderboard_819228523.32920921042

[FingerlessGloves]

I am not sure which CPU/Setup would fit best für my needs.

What do you think about this one?

https://de.aliexpress.com/item/32920921042.html?gps-id=pcStoreLeaderboard&scm=1007.22922.122102.0&scm_id=1007.22922.122102.0&scm-url=1007.22922.122102.0&pvid=e2793994-0169-4314-98b1-dbbd6ef8189e&spm=a2g0o.store_home.smartLeaderboard_819228523.32920921042

I've got the 7100u in mine with 4GB Ram. With the Qotom store on AliExpress double check its the cheapest listing, some bazaar reason they list the products many times, with different prices for the same thing.

You going to do any IPS or anything like that?

[cguilford]

I run a https://www.dell.com/us/en/business/servers/poweredge-r210/pd.aspx?refid=poweredge-r210&cs=04&s=bsd that I found on Ebay they are older servers but they run great, I'm on 1gb and I normally have about 940mb throughput

[kingfisher77]

I ordered this one: https://www.ipu-system.de/produkte/ipu675.html. Much to much of almost everything but who knows what comes up. Delivery from China does take a long time nowadays.

[kingfisher77]

The new firewall is up and running. Nice 

But there is no change in speed 

Directly connected to Fritzbox speed is optimal. With Opnsense in between not. Just 200-300Mbit and 3-10Mbit upload.

I measure directly on the firewall at the WAN port. Changed the kabel already. Changed each apparently relevant setting in OpnSense. I'm at a bit of a loss.

What else could i optimize?
 

[kingfisher77]

Solved it finally. I had a routed IP address on the Upstream Gateway to the bridged Fbox. With the new Fbox and 1Gbit bridging is not possible anymore. "Exposed Host" is the alternativ. On the firewall i changed noting, just switched to "Exposed host" in the Fbox.

A second Upstream Gateway in the 192. net solved the problem for me. Fbox is natting and the "old" gateway is still there (not as upstream) handling the routet IP address.

Don not know exactly where the problem was, but it is solved now

Thank you for your ideas.