Protectli FW2B Upload Speeds Slow

[nodakbarnes]

So I recently got FTTH from Kinetic Windstream and have symmetric 1Gbps service.
The issue I am running into is that the upload appears to be capped at 30Mbps.
Download speeds are fine at 930 Mbps.
The service is terminated in the home with an Adtran SDX 601q GPON ONT with a 2.5 GbE interface which feeds the WAN input on the FW2B.
I can get full 930 Mbps up and down directly connected with a laptop to the ONT.
I re-installed OPNSense from scratch and still slow uploads.
In desperation I installed pfSense and it had the exact same issue.
Finally, I installed Sophos Firewall on the FW2B and it worked as expected (full up and down speeds).
What am I missing here?
There is no special requirement by this ISP for this fiber service that I am aware of.
I also tried both OPNSense and pfSense on my LattePanda Sigma which has 2.5 GbE interfaces to match the ONT but it also has slow upload speed.
The only common thread I can discern is OPNSense/pfSense are based on FreeBSD versus Suse Linux for Sophos Firewall.
Settings for the WAN port are the same in Sophos as well as OPNSense/pfSense.
I've used this setup in my previous home with fiber and never experienced this slow upload.
The ISP will not help because the issue is only there with my equipment.
I really want to get OPNSense back on the box as Sophos just feels dirty.
Thanks in advance for any suggestions.
Wally

[Drunkenfetus]

I also have the problem and have the exact same firewall , maybe its a driver issue? maybe we just need to go back to an older version?  but looking more towards Protectli maybe we need to flash something?

[nodakbarnes]

I thought the same thing but when I switched to the LattePanda Sigma hardware I assumed the problem would not follow but it did.

[Drunkenfetus]

Have you rolled back to the previous version to see if the issue goes away? right now im just going through the motions as to what could be blocking the traffic.. i thought it was one of the security features we have but still nothing ...so frustrating lol

[nodakbarnes]

I have not tried an older version but may eventually.
Still, I would not consider that a valid fix as I do not like running older versions for security reasons.
I did notice that with Sophos Firewall the interfaces are swapped (igb0 is LAN, igb1 is WAN) so I may reinstall OPNSense and assign the interfaces similar to Sophos.
Not sure why that would make a difference but it's the only thing I haven't tried yet.

[nodakbarnes]

@Drunkenfetus do you possibly have an Adtran ONT as well?

[Drunkenfetus]

Noteworthy Differences Between 24.7.7 and 24.7.8

The 24.7.8 update introduced patches to Intel network drivers (ixgbe, igb, igc, and e1000), which could be directly impacting your upload speeds if you’re using Intel NICs. The previous 24.7.7 version does not include these driver updates, suggesting it might be more stable for your setup.

[nodakbarnes]

So I loaded an old version of OPNSense on the LattePanda Sigma and then started updating and testing between updates with interesting results:

23.7 - UP/DOWN > 900 Mbps
23.7.12_5 - UP/DOWN > 900 Mbps
24.1.5_3 - UP/DOWN > 900 Mbps
24.1.10_8 - UP/DOWN > 900 Mbps
24.7.1 - UP/DOWN > 900 Mbps
24.7.8 - UP/DOWN ~ 600 Mbps

So there is definitely some regression going on with the 24.7.8 update in regards to the interface drivers.

I'll keep testing it to see if the upload slows back down on 24.7.8 but so far it has not been capped at 30 Mbps like before yet.

[danieldk]

Might be useful to report in this topic as well?

https://forum.opnsense.org/index.php?topic=43372.0

[nodakbarnes]

Thanks for the info...looks like 24.7.8 included the intel4 kernel but there is now an intel6 which I may try:

Code: [Select]

# opnsense-update -zkr 24.7.8-intel6

[nodakbarnes]

I also heard back from Protectli support which suggested I swap the interfaces in the OPNsense console (Option #1).

This sounds encouraging as that is the configuration it lands on by default using Sohos Home Firewall.

[Drunkenfetus]

I have done all of it and i still cant see any improvement ....

596.8 Mbps download
3.24 Mbps upload
Latency: 4 ms

770.8 Mbps download
2.46 Mbps upload
Latency: 5 ms

[newsense]

Have you tried iperf from one side of the FW to another ? Discussing drivers when tests are done over the internet where there's no way of controlling what happens once the traffic has left the firewall is a waste of time.

[Gauss23]

Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.

[danieldk]

Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.

The CPU in the LattePanda Sigma should have no issues doing 1Gbit PPPoE. Even a N5105 does 2.5Gbit PPPoE without an issue. Given that there were no issues with older 24.7.x versions, it's most likely caused by the recent Intel NIC driver updates. Maybe it's worth testing 24.7.7, the last version before these changes.