Hi everyone,
Yesterday I spent a whole day setting up an access point with FreeBSD 13.1-RELEASE on a Pine RockPro64
board and at the moment while this setup works I'm experiencing very slow internet browsing.
I'm describing the hardware and setup that am using as well as all steps taken to have this working:
The Pine RockPro64 has attached two external wifi dongles based on the `rwtn` chipset.
One of them is the TP-Link TL-WN725N and the other one is: https://pine64.com/product/usb-wifi-802-11b-g-n-rtl8188eu/
which I purchased when I bought the board. Both dongles are rated 150 Mbps. Why have two wifis on the board?
My use case is probably not very common: I have a single internet connection provided by my mobile phone.
I always take this phone with me. When I'm at home all my computers use it as hotspot. Because
I also wanted to have a permanent wifi lan regardless I have internet access or not I'm using the
two wifi interfaces in the Pine board: One provides the permanent wifi lan (the access point) and the other interface
connects as a client to the mobile hotspot so all my computers can have internet access through the
Pine board acting as a router.
Here are the detailed steps that I've done to get it working. All following steps but #6 take place in the Pine board:
1. Setting up the interfaces (`/etc/rc.conf`):
Then run: `service netif restart`.
Both interfaces come up correctly as shown here:
2. Setting up `hostapd` (`/etc/hostapd.conf`):
Then run: `service hostapd onestart`.
3. Setting up `dnsmasq` (`/usr/local/etc/dnsmasq.conf`):
Then run: `service dnsmasq onestart`.
I'm using `dnsmasq` to let all clients get an IP through DHCP. I've adapted it from Vermaden's byhve
setup guide from here: https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/
4. Setting up `pf` to perform NAT between the two interfaces (`/etc/pf.conf`):
Now enable forwarding: `sysctl net.inet.ip.forwarding=1`.
Then run: `service pf onestart`.
5. Update `/etc/rc.conf` to start all services at boot time:
6. Configure one or more machines to connect to the Pine board access point (`/etc/wpa_supplicant.conf):
Now the nasty symptoms. When I try to navigate to a heavy website (using one of my machines that connects to the
Pine board access point) images for example load extremely slowly, as if I were using a PPP dialup connection from the 90's.
Websites that are light (HN for example) load relatively quickly. One thing that is really puzzling me is this:
when I browse to a heavy website, my SSH connection to the Pine board DEGRADES significantly to the point that
sometimes I have to cancel loading the website to actually continue using the SSH connection to the Pine board.
If I inspect the Firefox console (network tab) I can see a lot of these errors: NS_ERROR_NET_PARTIAL_TRANSFER, NS_ERROR_FAILURE,
NS_BINDING_ABORTED. None of this happens when I connect directly to the mobile hotspot.
When I run `netstat -r4` in the Pine board, this is what I see (it takes between 5 and 6 seconds to complete):
By the way I haven't mentioned so far, the Pine board is also running `avahi-daemon` as well as all my machines.
Mentioning this just in case, but I don't think it has anything to do with the setup.
Here are my thoughts:
* I'm not 100% sure if this a hardware problem. Dongles are relatively new and they seem
to work ok. One thing that I also tested is having one of the dongles a bit far away from the other
one through an USB cable extension, I thought that perhaps being so close to each other they could be
interfering (somehow) with one another. This was a silly assumption and produced no noticeable changes at all.
* Perhaps the given PF rule is not entirely correct and/or not performant?
The rule that I'm using was taken and adapted from this post: https://forums.freebsd.org/threads/pf-nat.77104/
* Do I need to adjust one or more networking settings through `sysctl`?
* Could it be a `dnsmasq` issue?
Which tools can I use to track down the problem? What things can I try to have a better insight?
My guess so far is that is either a `dnsmasq` and/or `pf` issue. I can't see any problems with the interface
and `hostapd` configuration.
Thanks in advance for reading this long post,
Lucas.
Yesterday I spent a whole day setting up an access point with FreeBSD 13.1-RELEASE on a Pine RockPro64
board and at the moment while this setup works I'm experiencing very slow internet browsing.
I'm describing the hardware and setup that am using as well as all steps taken to have this working:
The Pine RockPro64 has attached two external wifi dongles based on the `rwtn` chipset.
One of them is the TP-Link TL-WN725N and the other one is: https://pine64.com/product/usb-wifi-802-11b-g-n-rtl8188eu/
which I purchased when I bought the board. Both dongles are rated 150 Mbps. Why have two wifis on the board?
My use case is probably not very common: I have a single internet connection provided by my mobile phone.
I always take this phone with me. When I'm at home all my computers use it as hotspot. Because
I also wanted to have a permanent wifi lan regardless I have internet access or not I'm using the
two wifi interfaces in the Pine board: One provides the permanent wifi lan (the access point) and the other interface
connects as a client to the mobile hotspot so all my computers can have internet access through the
Pine board acting as a router.
Here are the detailed steps that I've done to get it working. All following steps but #6 take place in the Pine board:
1. Setting up the interfaces (`/etc/rc.conf`):
Bash:
# wlan0 connects to the mobile hotspot.
wlans_rtwn0="wlan0"
ifconfig_wlan0="wpa syncdhcp"
# wlan1 is used as my local access point.
wlans_rtwn1="wlan1"
create_args_wlan1="wlanmode hostap"
ifconfig_wlan1="inet 192.168.200.1 netmask 255.255.255.0 hidessid ssid spectre mode 11g channel 9"Then run: `service netif restart`.
Both interfaces come up correctly as shown here:
Bash:
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether XX:XX:XX:XX:XX:XX
inet 10.17.11.235 netmask 0xffffff00 broadcast 10.17.11.255
groups: wlan
ssid SkyDirect channel 6 (2437 MHz 11g ht/20) bssid XX:XX:XX:XX:XX:XX
regdomain FCC country US authmode WPA2/802.11i privacy ON
deftxkey UNDEF AES-CCM 3:128-bit txpower 30 bmiss 7 scanvalid 60
protmode CTS ht20 ampdulimit 64k ampdudensity 2 shortgi -stbc -ldpc
-uapsd wme roaming MANUAL
parent interface: rtwn0
media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
status: associated
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether XX:XX:XX:XX:XX:XX
inet 192.168.200.1 netmask 0xffffff00 broadcast 192.168.200.255
groups: wlan
ssid spectre channel 9 (2452 MHz 11g) bssid XX:XX:XX:XX:XX:XX
regdomain FCC country US authmode WPA2/802.11i privacy MIXED
deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60 protmode CTS wme
hidessid dtimperiod 1 -dfs
parent interface: rtwn1
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>2. Setting up `hostapd` (`/etc/hostapd.conf`):
Bash:
interface=wlan1
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=spectre
wpa=2
wpa_passphrase=PASSPHRASE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMPThen run: `service hostapd onestart`.
3. Setting up `dnsmasq` (`/usr/local/etc/dnsmasq.conf`):
Bash:
domain-needed
no-resolv
server=1.1.1.1
except-interface=lo0,wlan0
local-service
dhcp-authoritative
interface=wlan1
dhcp-range=192.168.200.2,192.168.200.250Then run: `service dnsmasq onestart`.
I'm using `dnsmasq` to let all clients get an IP through DHCP. I've adapted it from Vermaden's byhve
setup guide from here: https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/
4. Setting up `pf` to perform NAT between the two interfaces (`/etc/pf.conf`):
Bash:
set skip on lo0
nat on wlan0 from {wlan1:network} to any ->(wlan0)
pass in all
pass out allNow enable forwarding: `sysctl net.inet.ip.forwarding=1`.
Then run: `service pf onestart`.
5. Update `/etc/rc.conf` to start all services at boot time:
Bash:
hostapd_enable="YES"
dnsmasq_enable="YES"
gateway_enable="YES"
pf_enable="YES"6. Configure one or more machines to connect to the Pine board access point (`/etc/wpa_supplicant.conf):
Bash:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=2
ap_scan=1
fast_reauth=1
network={
ssid="spectre"
scan_ssid=1
psk="PASSPHRASE"
priority=1000
}Now the nasty symptoms. When I try to navigate to a heavy website (using one of my machines that connects to the
Pine board access point) images for example load extremely slowly, as if I were using a PPP dialup connection from the 90's.
Websites that are light (HN for example) load relatively quickly. One thing that is really puzzling me is this:
when I browse to a heavy website, my SSH connection to the Pine board DEGRADES significantly to the point that
sometimes I have to cancel loading the website to actually continue using the SSH connection to the Pine board.
If I inspect the Firefox console (network tab) I can see a lot of these errors: NS_ERROR_NET_PARTIAL_TRANSFER, NS_ERROR_FAILURE,
NS_BINDING_ABORTED. None of this happens when I connect directly to the mobile hotspot.
When I run `netstat -r4` in the Pine board, this is what I see (it takes between 5 and 6 seconds to complete):
Bash:
Internet:
Destination Gateway Flags Netif Expire
default 10.17.11.36 UGS wlan0
10.17.11.0/24 link#3 U wlan0
bluestar.local link#3 UHS lo0
localhost link#2 UH lo0
192.168.200.0/24 link#4 U wlan1
bluestar.local link#4 UHS lo0By the way I haven't mentioned so far, the Pine board is also running `avahi-daemon` as well as all my machines.
Mentioning this just in case, but I don't think it has anything to do with the setup.
Here are my thoughts:
* I'm not 100% sure if this a hardware problem. Dongles are relatively new and they seem
to work ok. One thing that I also tested is having one of the dongles a bit far away from the other
one through an USB cable extension, I thought that perhaps being so close to each other they could be
interfering (somehow) with one another. This was a silly assumption and produced no noticeable changes at all.
* Perhaps the given PF rule is not entirely correct and/or not performant?
The rule that I'm using was taken and adapted from this post: https://forums.freebsd.org/threads/pf-nat.77104/
* Do I need to adjust one or more networking settings through `sysctl`?
* Could it be a `dnsmasq` issue?
Which tools can I use to track down the problem? What things can I try to have a better insight?
My guess so far is that is either a `dnsmasq` and/or `pf` issue. I can't see any problems with the interface
and `hostapd` configuration.
Thanks in advance for reading this long post,
Lucas.
I hope between today and tomorrow have it running again. For some reason I couldn't upgrade from 13.1, an integrity check kept popping up when running `freebsd-update` and I couldn't do much about, I was expecting to be able to run `freebsd-update` and bring it to 14.3 but no luck.