Netgate SG-1000 microFirewall

Author Topic: Poor performance with 2.4.1  (Read 1385 times)

0 Members and 1 Guest are viewing this topic.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #15 on: October 30, 2017, 03:29:02 pm »
Quote
Do you also use in "General DNS Resolver Options" Network Interfaces :: "All" and Outgoing Network Interfaces :: "All" ?

I have WAN selected for outgoing and everything but WAN for the LAN side.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #16 on: October 30, 2017, 03:30:58 pm »
@JKnott : What is your RTT and RTTsd values under WAN Gateway? Have you seen any significant change from version 234 to 241?
If you have a spare disk with your 234 backup copy and you can swap between 234 and 241 you can quickly get to the bottom of the speed issue.

I have never checked RTT etc., so I don't know what they were before.  However, as I mentioned in another note, pfSense is flat out failing to resolve external addresses, but appears to be OK for local.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9763
  • Karma: +1103/-311
    • View Profile
Re: Poor performance with 2.4.1
« Reply #17 on: October 30, 2017, 03:43:14 pm »
Quote
I have WAN selected for outgoing and everything but WAN for the LAN side.

Just select All and All and try again. It sounds like you are not actually listening on the address you are specifying.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #18 on: October 30, 2017, 03:47:07 pm »
The service status shows DNS Resolver stopped and I can't start it.

The log has several lines of "Oct 30 16:18:37   unbound   95941:0   error: can't bind socket: Can't assign requested address for fe80::214:d1ff:fe2b:edea".  That's the link local address for my WAN port.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #19 on: October 30, 2017, 03:49:11 pm »
Quote
I have WAN selected for outgoing and everything but WAN for the LAN side.

Just select All and All and try again. It sounds like you are not actually listening on the address you are specifying.

That seems to have it working.  Why would this change between versions?

Offline hda

  • Sr. Member
  • ****
  • Posts: 599
  • Karma: +32/-4
    • View Profile
Re: Poor performance with 2.4.1
« Reply #20 on: October 30, 2017, 04:56:51 pm »
I have WAN selected for outgoing and everything but WAN for the LAN side.

Finally I found the Resolver corresponding settings which work perfect, fast and no errors in Log.

For me I have set with GUI:
Network Interfaces: LAN, OPT1, OPT2, Localhost
Outgoing Network Interfaces: Localhost

In unbound.conf that is correctly found as:
Quote
# Interface IP(s) to bind to
interface: 192.168.1.1
interface: 2001:****:####:1::1
interface: 10.8.4.1
interface: 192.168.22.1
interface: 2001:****:####:3::1
interface: 127.0.0.1
interface: ::1

# Outgoing interfaces to be used
outgoing-interface: 127.0.0.1
outgoing-interface: ::1

Besides this, the "All & All" works too, but you probably don't want listening on WAN ;)


My setup in 2.4.1 (upgraded from 2.4.0) about DNS:
 - No Forwarding with Resolver
 - Nothing set or checked for DNS in [System > General Setup]
 - No other DNS config for DHCP(6) servers || RA

« Last Edit: October 30, 2017, 07:32:23 pm by hda »

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #21 on: October 30, 2017, 05:11:00 pm »
^^^^
I'll give those a try.  DNS through pfSense has now failed completely.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #22 on: October 30, 2017, 05:22:03 pm »
Didn't work.  I still have complete DNS failure with pfSense.  I cannot resolve either Internet or local host names.  Something is clearly messed up here.  Is there any way to revert back to 2.4.0?

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Poor performance with 2.4.1
« Reply #23 on: October 30, 2017, 05:23:42 pm »
For a test.  Disable resolver and enable forwarder.  See what happens.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #24 on: October 30, 2017, 06:08:09 pm »
For a test.  Disable resolver and enable forwarder.  See what happens.

That appears to work, though I no longer have the local hosts available through it.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Poor performance with 2.4.1
« Reply #25 on: October 30, 2017, 06:11:22 pm »
Yeah - I'm having the same troubles on both a pfsense vm and opnsense vm.  In vmware with a private IP at wan. 

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #26 on: October 30, 2017, 06:22:44 pm »
If there isn't a fix for the resolver soon, I'll have to copy all my local devices into the forwarder.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Poor performance with 2.4.1
« Reply #27 on: October 30, 2017, 06:25:36 pm »
I think its a resolver specific issue and it will be fixed.   til then, I like your fix.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9763
  • Karma: +1103/-311
    • View Profile
Re: Poor performance with 2.4.1
« Reply #28 on: October 30, 2017, 07:15:59 pm »
No idea what you guys are doing. Resolver works fine in 2.4.1.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1161
  • Karma: +49/-11
    • View Profile
Re: Poor performance with 2.4.1
« Reply #29 on: October 30, 2017, 08:21:45 pm »
No idea what you guys are doing. Resolver works fine in 2.4.1.

I updated to 2.4.1.  I guess I shouldn't have done that.