Post installation setup and checks pfsense

This entry explains some steps I made when I had to reinstall my router due to a problem explained here.

Checking Hard drive performance

Let’s check hard drive performance:

/root: diskinfo -t /dev/ada0s1a
 /dev/ada0s1a
 ...
 TS32GMSA370 # Disk descr. D007501916 # Disk ident.
 Yes # TRIM/UNMAP support
 Seek times:
 Full stroke: 250 iter in 0.025302 sec = 0.101 msec
 Half stroke: 250 iter in 0.020902 sec = 0.084 msec
 Quarter stroke: 500 iter in 0.046197 sec = 0.092 msec
 Short forward: 400 iter in 0.047290 sec = 0.118 msec
 Short backward: 400 iter in 0.035362 sec = 0.088 msec
 Seq outer: 2048 iter in 0.144151 sec = 0.070 msec
 Seq inner: 2048 iter in 0.144160 sec = 0.070 msec
 Transfer rates:
 outside: 102400 kbytes in 0.488562 sec = 209595 kbytes/sec
 middle: 102400 kbytes in 0.243196 sec = 421060 kbytes/sec
 inside: 102400 kbytes in 0.243685 sec = 420215 kbytes/sec

We get 40MB/sec with our internal drive:

 /root: dd if=/dev/zero of=1g.dd bs=1M count=100
 100+0 records in
 100+0 records out
 104857600 bytes transferred in 2.485082 secs (42194824 bytes/sec)

Internal hard drive information:

/root: camcontrol devlist
 at scbus0 target 0 lun 0 (ada0,pass0

Checking Network performance

To measure network connection speed I’ve installed iperf package:

/root: pkg update && pkg install iperf3
  /root: pciconf -lv re0@pci0:1:0:0
 re0@pci0:1:0:0: class=0x020000 card=0x012310ec chip=0x816810ec rev=0x06 hdr=0x00
 vendor     = 'Realtek Semiconductor Co., Ltd.'
 device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
 class      = network
 subclass   = ethernet

To Enable TCP Segmentation Offload (TSO), if TSO is enabled on the transmission path, the NIC divides larger data chunks into TCP segments. If TSO is disabled, the CPU performs segmentation for TCP/IP. (if you want to know more about TSO check this link out):

/root: ifconfig re0 |grep options
 options=8209b
 nd6 options=23
 /root: ifconfig re0 tso
 /root: ifconfig re0 | grep options        options=8219b
 nd6 options=23

If you want to disable it:

 /root: ifconfig re0 -tso
 /root: ifconfig re0 | grep options  options=8209b

Running iperf3 with TSO disabled:

# iperf3 -c 192.168.1.180 -p 5201 -w 2M
 Connecting to host 192.168.1.180, port 5201
 [  5] local 192.168.1.219 port 14883 connected to 192.168.1.180 port 5201p 5201
 [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
 [  5]   0.00-1.00   sec  5.10 MBytes  42.8 Mbits/sec    5   68.1 KBytes       1
 [  5]   1.00-2.00   sec  3.55 MBytes  29.8 Mbits/sec    2   86.7 KBytes
 [  5]   2.00-3.00   sec  3.82 MBytes  32.0 Mbits/sec    2   80.8 KBytes
 [  5]   3.00-4.00   sec  3.89 MBytes  32.6 Mbits/sec    4   70.8 KBytes
 [  5]   4.00-5.00   sec  4.04 MBytes  33.9 Mbits/sec   11 /  76.6 KBytes
 [  5]   5.00-6.00   sec  4.02 MBytes  33.7 Mbits/sec    1   90.9 KBytes
 [  5]   6.00-7.00   sec  4.04 MBytes  33.9 Mbits/sec   13   58.1 KBytes
 [  5]   7.00-8.00   sec  4.20 MBytes  35.3 Mbits/sec    7   50.9 KBytes
 [  5]   8.00-9.00   sec  3.83 MBytes  32.1 Mbits/sec    1   86.7 KBytes
 [  5]   9.00-10.00  sec  4.13 MBytes  34.6 Mbits/sec    1   80.8 KBytes
 - - - - - - - - - - - - - - - - - - - - - - - - -
 [ ID] Interval           Transfer     Bitrate         Retr
 [  5]   0.00-10.00  sec  40.6 MBytes  34.1 Mbits/sec   47             sender
 [  5]   0.00-10.00  sec  38.7 MBytes  32.5 Mbits/sec                  receiver

Let’s run iperf3 with TSO enabled:

# iperf3 -c 192.168.1.180 -p 5201 -w 2M
 Connecting to host 192.168.1.180, port 5201
 [  5] local 192.168.1.219 port 13684 connected to 192.168.1.180 port 5201
 [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
 [  5]   0.00-1.00   sec  5.56 MBytes  46.6 Mbits/sec    0    105 KBytes
 [  5]   1.00-2.00   sec  3.81 MBytes  32.0 Mbits/sec    1   86.5 KBytes
 [  5]   2.00-3.00   sec  4.06 MBytes  34.0 Mbits/sec    9   78.0 KBytes
 [  5]   3.00-4.00   sec  4.07 MBytes  34.2 Mbits/sec    0    122 KBytes
 [  5]   4.00-5.00   sec  4.03 MBytes  33.8 Mbits/sec   23   14.2 KBytes
 [  5]   5.00-6.00   sec  3.80 MBytes  31.9 Mbits/sec   27   66.7 KBytes
 [  5]   6.00-7.00   sec  4.21 MBytes  35.4 Mbits/sec    0    117 KBytes
 [  5]   7.00-8.00   sec  4.01 MBytes  33.6 Mbits/sec    1    104 KBytes
 [  5]   8.00-9.00   sec  3.86 MBytes  32.3 Mbits/sec   25   85.3 KBytes
 [  5]   9.00-10.00  sec  4.14 MBytes  34.7 Mbits/sec    7   82.3 KBytes
 - - - - - - - - - - - - - - - - - - - - - - - - -
 [ ID] Interval           Transfer     Bitrate         Retr
 [  5]   0.00-10.00  sec  41.6 MBytes  34.9 Mbits/sec   93             sender
 [  5]   0.00-10.00  sec  39.6 MBytes  33.2 Mbits/sec                  receiver

Checking Memory

To check internal memory is needed to install a Perl script:

# fetch -o /usr/local/bin/free http://www.cyberciti.biz/files/scripts/freebsd-memory.pl.txt
# chmod +x /usr/local/bin/free

I’ve had to change the first line of this script to point to the proper path to Perl:

# which perl
# /usr/local/bin/perl
# /usr/local/bin/free
 SYSTEM MEMORY INFORMATION:
 mem_wire:         326889472 (    311MB) [  7%] Wired: disabled for paging out
 mem_active:  +     37593088 (     35MB) [  0%] Active: recently referenced
 mem_inactive:+     91910144 (     87MB) [  2%] Inactive: recently not referenced
 mem_cache:   +            0 (      0MB) [  0%] Cached: almost avail. for allocation
 mem_free:    +   3632758784 (   3464MB) [ 88%] Free: fully available for allocation
 mem_gap_vm:  +      -233472 (      0MB) [  0%] Memory gap: UNKNOWN
 -------------- ------------ ----------- ------
 mem_all:     =   4088918016 (   3899MB) [100%] Total real memory managed
 mem_gap_sys: +    123056128 (    117MB)        Memory gap: Kernel?!
 -------------- ------------ -----------
 mem_phys:    =   4211974144 (   4016MB)        Total real memory available
 mem_gap_hw:  +     82993152 (     79MB)        Memory gap: Segment Mappings?!
 -------------- ------------ -----------
 mem_hw:      =   4294967296 (   4096MB)        Total real memory installed

SYSTEM MEMORY SUMMARY:
 mem_used: 570298368 ( 543MB) [ 13%] Logically used memory
 mem_avail: + 3724668928 ( 3552MB) [ 86%] Logically available memory
 -------------- ------------ ----------- ------
 mem_total: = 4294967296 ( 4096MB) [100%] Logically total memory

Adding some useful services

After checking that our hardware meet our expectations we could continue adding some useful services to our pfSense installation like:

• VPN (OpenVPN)
• Network bandwidth traffic monitor (NTopng)
• Squid
• Snort

To install this new features please check the reference links below.

Reference links:

• Karim Elatov installation guide
• https://kb.vmware.com/s/article/2055140
• OpenVPN Installation: https://chrislazari.com/pfsense-setting-up-openvpn-on-pfsense-2-4/
• NTopng installation: https://techexpert.tips/pfsense/ntopng-installation-pfsense/
• Squid: https://docs.netgate.com/pfsense/en/latest/cache-proxy/setup-squid-as-a-transparent-proxy.html
• Snort: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html

—
“All that we see or seem is but a dream within a dream.”
— Edgar Allan Poe