Speed Tests with VPN and Encryptions. Help by Sharing your results :)

[Rango]

I'm having hard time figuring out if it's configuration or if my realtek driver is not working with virutal drivers, hance no wan ip from comcast. Any other explanation i have is comcast is blocking pfsense on getwway from assigning ip adress threw dhcp if platform is pfsense and only works with routers. ?

 

[System Error Message]

even im confused to what you're doing.
There are 2 ways to use pfsense virtually which is either to give it access to the physical NIC so it uses the physical device, than theres the virtual NIC which you must bridge with the physical NIC for it to work. If you use virtual NICs it would be the host OS that deals with it so your VMWare needs to support it and that your guest OS has the drivers for it.

I suggest you give the WAN port to your pfsense, let it handle it directly and than bridge the LAN port with a virtual NIC. It should make configuration easier.

If you are using only 1 physical port for both WAN and LAN than you need VLANs and a smart switch to segment it. You cant have your WAN and LAN on the same layer 2 network.

For internet to work you need IP routing/NAT working and DNS

 

[Blade Runner]

I can't get comcast ip address.

Reset cable modem.

If i set nic to bridged it shows blank, if i do nat it give 192 ip for wan.

Do not configure NAT rules to get WAN IP address.

Could it be possible comcast is blocking pfsesne from getting ip address.

Unlikely.

It's possible i'm not configuring virtual adapters in vmware coorectly but i tried all configurations. Any ideas?

I figured it's my realtek driver that is not being recognized in pfsense so therefore i ordered intel 1000 pro nics. vmware esxi is also not seing my adapters but not sure about workstation.

Get basic configuration working then worry about NIC later.

Also if i don't setup nic as nat i won't connect to web interface.

Reset cable modem.

You are right i have them on same subnets. Should lan be 10.x..x.x subnet and wan whatever comcast ip asssigns correct?

Let Comcast assign WAN IP address. Let pfSense configure LAN IP address as default 192.168.1.1. Get basic configuration working then worry about 10.x..x.x subnet later.

That is because this was setup threw router so that's why. it's incorrect setup i know i was just testing it.

Delete GW_LAN rule because its unnecessary.

How should this be setup then?

Do not worry about bridging because it's causing more issues.

My pfSense router is configured with PIA. No issues.

Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.
Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.
Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.
Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.
Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.
Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem. Reset cable modem.

 

[Rango]

Blad i have reset (unplugged for 30 min) modem about 20 times by now. That will not yield in me getting comcast isp ip in pfsense. On desktop physical nic it will but not in pfsense.
I'm not sure what the issue is. It seem like nic is not bridging between physical nic and virtual nic in vmware workstation.

I get comcast ip address on physical nic with no problem but pfsense does NOT see this ip althought it shows up in CMD under my physical nic of my desktop pc.

My desktop pc is where physical nics is and where it host vmware workstation that then is running pfsense. I have 2 virtual nics wan and lan set to bridge and what happens is wan in pfsense will NEVER get comcast ip address but my desktop pc physical card will. So to me it seems like either pfsense does not see my physical nic either due to vmare virtual nic configuration or pfsense does not like realtek nic controllor or i'm being blocked by comcast on pfsense platform as my router and my desktop get ip no problem.

The setup looks like this cable modem to my desktop pc with 2 physical realtek nics, desktop pc runs vmare workstation with pfsense as host, 2 virtual nics are setup as bridge, em0 and em1 gets assigned to them with wan in pfsense never get comcast ip. Desktop pc shows comcast ip on physical nic however. I have reset entire pfsense configuration to factory settings and then unplugged modem and tried like 5 times. No matter how i set this up NEVER will pfsense get comcast ip address but my physical nic on deskotp always will. The lan out of pfsense is going to my router physical switch port which is running in AP mode. I even tried runing it to my laptop too. No change.

I got so frustrated with this i ordered brand new Intel Pro 1000 MT Server Dual nic card in hope it's NIC controller issue talking to vmware. If it's not that then i have no idea what is going on wrong. What i also tried is installing ESXi server and it does not see physical nic SO i only assume vmware workstation also does not which is why pfsense would not bridge. ESXi told me that but workstation and pfsense does not. Not sure if i'm on right track or not so any thoughts are appreciated much.

The hole point of me setting this is is that i want openvpn client and pfsense to run on my 4.1Ghz quad core (assigned 2 core tho) proccessor so my 128 bit or even 256 bit runs at 80Mbps while on vpn. On router i can only get to 60Mbps on good day due to lack of Mhz. Plus i would like to learn pfsense as well and there are other features as well. Reporting, ad blocking packages etc.

Also the way my quad 4.1Ghz is setup is wasting all this power anyway so i want to virtualize some of this intead of spending money on physical box that will waste energy but right now virtualization is faling me. I'm hopig it's realtek issue and nic will resolve that. Otherwise i have no idea what the issue is.

 

[Rango]

I'm also considering this physical box as this would probably do what i want for $100 but i really a) don't want to spend more $ as vm should fix this issue for me and b)I would hate to increase electricity bill if i don't have to and c) increase noise in my bedroom and d) waste money that i don't have to and e) thoguht of not being able to virtualize will be eating at me. f) buying physical box just to find out that comcast is blocking pfsense platform on their dhcp/gateway server.

I'm really hoping it's realtek nic controller issue and intel will resolve that. If not then i have ZERO clue what is going on here besides comcast blocking pfsense platform.

desktop as physical box
http://www.newegg.com/Product/Product.aspx?Item=9SIA7RB33C0963

 

[System Error Message]

did you run the DHCP client on your WAN interface and that it has a link to internet?

 

[Rango]

did you run the DHCP client on your WAN interface and that it has a link to internet?

I have no idea how to do that. I enabled dhcp on lan when i was nating but wan was always 192 ip not comcast isp assigned dhcp in pfsense. On physical nic i had isp ip tho.

 

[Blade Runner]

Read and heed
https://forum.pfsense.org/index.php?topic=107455.0

It seem like nic is not bridging between physical nic and virtual nic in vmware workstation.
R: Stop bridging. See above link.

I get comcast ip address on physical nic with no problem but pfsense does NOT see this ip althought it shows up in CMD under my physical nic of my desktop pc.
R: It’s confirmation that Comcast is not blocking pfSense.

I have 2 virtual nics wan and lan set to bridge and what happens is wan in pfsense will NEVER get comcast ip address but my desktop pc physical card will.
R: Stop bridging and it’s confirmation that Comcast is not blocking pfSense. See above link.

The setup looks like this cable modem to my desktop pc with 2 physical realtek nics, desktop pc runs vmare workstation with pfsense as host, 2 virtual nics are setup as bridge, em0 and em1 gets assigned to them with wan in pfsense never get comcast ip.
R: Stop bridging. See above link.

Desktop pc shows comcast ip on physical nic however. No matter how i set this up NEVER will pfsense get comcast ip address but my physical nic on deskotp always will.
R: WAN IP address configuration was successful because physical NICs are not bridged. See above link.

What i also tried is installing ESXi server and it does not see physical nic SO i only assume vmware workstation also does not which is why pfsense would not bridge.
R1) Perhaps someone who is more familiar with ESXi can respond.
R2) Stop bridging. See above link.

Otherwise i have no idea what the issue is.
R: Stop bridging. See above link.

Bridging is not worth the headache. See above link.

Comcast is not blocking pfSense.

 

[Rango]

In the configuration i described should both of the adapters in vmware be bridged?
Assuming one is wan and one is lan. And how do i make lan to communicate with wan?

 

[Rango]

Here are network adapters. When i connect modem to my physical nic on desktop that hosts vmware and vmware hosting pfsense wan comcast ip gets assigned to
Realtek Pcie GBE card. (currently showing ip form my 87u router tho). I don't quite understand how and why virtual adapters are on completely different network.
I would have realtek rtl8139 connected to my router/switch in AP mode.

How does pfsense have a chance of getting comcast wan ip when first point of contact the mac address is my physical nic of my desktop. Obviously virtual nic has different mac and gateway knows that there are two mac address and hance will assign one to physical always. Virtualization is messed up to understand.

 

[Nullity]

Could you perhaps run pfSense on the bare metal of this or another computer, avoiding virtualization since it seems to be your primary obstacle?

 

[System Error Message]

i thought you were running pfsense on vmware instead of virtualbox. Its a bad idea to run pfsense on virtualbox.
In your case you would need to disable ipv4 and ipv6 and other protocols on your WAN port in windows and bridge the WAN virtual adapter to it (virtualbox may provide this option), than bridge your LAN virtual adapter to your LAN port. you still need 2 physical ports on your machine.

Why not find yourself another PC or if you want something small there are many NUCs that offer dual NIC with wifi for this sort of things.

 

[Rango]

Read and heed
https://forum.pfsense.org/index.php?topic=107455.0

It seem like nic is not bridging between physical nic and virtual nic in vmware workstation.
R: Stop bridging. See above link.

I get comcast ip address on physical nic with no problem but pfsense does NOT see this ip althought it shows up in CMD under my physical nic of my desktop pc.
R: It’s confirmation that Comcast is not blocking pfSense.

I have 2 virtual nics wan and lan set to bridge and what happens is wan in pfsense will NEVER get comcast ip address but my desktop pc physical card will.
R: Stop bridging and it’s confirmation that Comcast is not blocking pfSense. See above link.

The setup looks like this cable modem to my desktop pc with 2 physical realtek nics, desktop pc runs vmare workstation with pfsense as host, 2 virtual nics are setup as bridge, em0 and em1 gets assigned to them with wan in pfsense never get comcast ip.
R: Stop bridging. See above link.

Desktop pc shows comcast ip on physical nic however. No matter how i set this up NEVER will pfsense get comcast ip address but my physical nic on deskotp always will.
R: WAN IP address configuration was successful because physical NICs are not bridged. See above link.

What i also tried is installing ESXi server and it does not see physical nic SO i only assume vmware workstation also does not which is why pfsense would not bridge.
R1) Perhaps someone who is more familiar with ESXi can respond.
R2) Stop bridging. See above link.

Otherwise i have no idea what the issue is.
R: Stop bridging. See above link.

Bridging is not worth the headache. See above link.

Comcast is not blocking pfSense.

Blade i read this thread but how do i get comcast wan ip address in pfsense? The thread talks not bridging but doesn't give solution.

In vmware there is 4 options bridging, NAT, Host and Custom. I have to choose one of these option in order for pfsense virtual adapter to talk to my desktop's wan port.

Nat-ing results in 192 ip which i can't route to comcast gateway and therefore internet. Can't use this.

Host is host and won't get wan ip to pfsense

Bridging between virtual network adapter in vmware workstation where pfsense is a host to physical nic on desktop where wan port to comcast it should get virtual nic to get wan from physical nic. That is at least how i understand this which is why i chose this options. If its wrong what should i use?

Custom not sure what it does. I tried it too but didn't get me comcast ip

So which one of those options should i chose and how to set it up. I can only do 1 of 4.

 

[Rango]

Could you perhaps run pfSense on the bare metal of this or another computer, avoiding virtualization since it seems to be your primary obstacle?

Well i would have to shell out $140 for physical new box and increase electric cost and i wanted to play with virtualization but it may come to that. I just can't justify spending $140 to just increase vpn Mbps by 20Mbps which is why i'm trying to get this work on vmware. My main objective on implementing pfsense is to run opven vpn client and using my pc computing power to get close to Mbps speed of my comcast isp provider. NUC i think i've seen have atom cpu with 1.4Ghz speed, which will not yield better Mbps then my 87u router. I need 3.0Ghz+ dual core at least, i3 would be better.

Also the issue with this if in fact comcast is blocking pfsense then me getting physical box would result in same outcome, no wan ip address and $140 down the drain so i'm trying virtualization way first which is way i want anyway.

I need computing power of similar to APUTM which is CPU INTEL core i7 up to 3,7 GHz.

I suspect 3.0Ghz dual core will do the job of getting 100mbps on open vpn. My pc is 4.1Ghz quad core.

http://www.firewallhardware.it/en/pfsense_selection_and_sizing.html

 

[Rango]

i thought you were running pfsense on vmware instead of virtualbox. Its a bad idea to run pfsense on virtualbox.
In your case you would need to disable ipv4 and ipv6 and other protocols on your WAN port in windows and bridge the WAN virtual adapter to it (virtualbox may provide this option), than bridge your LAN virtual adapter to your LAN port. you still need 2 physical ports on your machine.

Will i be able to get on internet on my desktop if i disable ipv4 ipv6 on it?
I use it as my main pc as well.

The setup looks like this modem connected to desktop's nic1 (wan) pc, desktop running vmware workstation as virtualization platform for pfsense. Pfsense running as host on vmware workstation. Desktop is used as main pc to connect to internet. I have two physical nics in desktop and router 87 which can be used switch and AP in AP mode. Second nic2 (lan) on desktop is used to connect to 87 routers/switch in AP mode as LAN. I can use lan nic of pfsense to get on internet therw 87u switch? no?

Why not find yourself another PC or if you want something small there are many NUCs that offer dual NIC with wifi for this sort of things

I need at least 3Ghz dual core pc in order to do encrypt decrypt on fly on openvpn. 87u gets up to only 60mpbs. pfsense on CPU of my pc gets 80mbps out of 90mpbs of my comcast Isp. I would have to spend $140 on new box. I have old pentium 3 pc but it's computing power will not yield more then 25mbps on vpn so i can't use it (may as well stick to 87u router), plus recently nic wouldn't work either which this new nic intel may come handy.
So general consensus is that it's not nic controller that is the issue but how virtual adapters are setup ?[/QUOTE]

 

[Rango]

In your case you would need to disable ipv4 and ipv6 and other protocols on your WAN port in windows and bridge the WAN virtual adapter to it (virtualbox may provide this option), than bridge your LAN virtual adapter to your LAN port. you still need 2 physical ports on your machine.

System i just tried this. I disabled ipv4, v6 on physical nic on desktop on wan and lan port. Restarted pfsense and reset cable modem. I got comast ip on pfsense wan interaface and 192.168.1.1 on lan interaface.
No internet connection on both desktop and my laptop from which i logged into 192.168.1.1
So as soon i setup initial pfsense dashboard meaning new password , time zone, etc. I got into dashboard and then in dashboard and in console the wan ip dropped and got 192.168.100.1 on wan interface, no longer comcast ip.I was not able to get onto internet and dashboard is also showing unable to obtain the update where it checks for newest pfsense version.

So either nic is dropping comcast ip cause driver (realtek) is crappy or comcast if forcing nic to drop ip. (blocking pfsense platform) Why did comcast ip dropped from wan nic on pfsense?
I have no other explanation why this happened.

 

[Rango]

Here is what makes me think it's nic but that's in case of vmware esxi. I suspect vmware workstation is not much different in handling nic driver since it's same company and since pfsense is on vmware and it's freebsd unix based code i suspect it may be same issue as esx.

http://blog.fosketts.net/2011/01/31/best-nic-network-card-vmware-esx-home-lab-machine-retail/

 

[Blade Runner]

Rango,

First
https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

Second
https://snowulf.com/2015/08/31/tutorial-using-vmware-esxi-and-pfsense-as-a-network-firewallrouter/

Third
https://forum.pfsense.org/index.php?board=37.0

Compare your configuration to determine corrections.

 

[Rango]

Blade thanks for the links but i've spent 7 days on troubleshooting this issue. As you see I myself can't seem to get this work. The symptom is always the same no matter how i try to configure the vmware with pfsense which is comcast wan ip is either blank or appears for second until i log into dashboard then it's either private ip or blank again. I'm running circles around myself at this point which is why i'm asking maybe somebody knows what's going on. I posted 3 threads btw on pfsense forum and no help there. ESXi is little over my head, setting up virutal switches, virtual cards etc it's way over my head. My troubleshooting leads me to NIC control that being realtek or comcast blocking me since i've tried ALL CONFIGURATIONS AND ALL FAILED. Unless i'm setting up something wrong in which case i'm asking here for help. I'm waiting for that intel nic from china so will be few days before i get it. I'll review those links but like i said i'm running chasing my own tail at this point.

It worst case i'll put intel nic into my pentium 3 just to see if i can get wan comcast ip on pfsense on physical box and that will clear up a lot but i have to wait a week before it gets here. In case i'm wrong it's not nic controler then i'm asking as i have no clue then. Obviously P3 is waste of my time as it won't get 25Mbps guaranteed so this is test only.

 

[Rango]

Blade any thought on this article point desktop nics especially realtek and marvel are useless. It's possible they are dropping packets in unix enviroment but are ok in windows. I don't know until i can test new nic card.

http://blog.fosketts.net/2011/01/31/best-nic-network-card-vmware-esx-home-lab-machine-retail/