WAN failover && blue AP using raspberry pi

hello to all,
I have the existing setup:

ipfire core on a raspi model 3b+
red pppoe wan
green lan
blue wlan
OpenVPN server with occasionally maximum 2 clients!
My existing bandwidth is 11/100 Mbps but I only get 11/75 Mbps(1km from ISP’s cabin)!
I also have some firewall rules for allowing OpenVPN connections to my network and geolocation blocking as well!
The overall experience so far(running this 24/7 for somewhat 1 year now!) is very smooth and never have encountered disconnections/delays/random restarts neither to my bandwidth nor to the ipfire server!! Also I have IPS with Emerging Threats Community Ruleset running only on Green.
The hardware monitoring is showing that even at the high peaks of the day the memory/CPU bandwidth is more than enough!!!

So the problems that I have is these:

  1. with the default wireless card of the pi, the blue network acts slow(logical) and also because I run captive portal with disclaimers, the redirect sometimes never happens. The weirdest is that most of the times the “blue” clients don’t receive ip from the DCHP server that I, of course run and have set it up! Even if I plug a network usb adapter like a TP-LINK tl-wn721n the same things seems to occur!
    Is there something that I missing OR maybe the TP-LINK is uncapable for acting as an AP ?

  2. I need to connect a USB 3G stick to one of the ports to make a High Availability in case that my primary red wan connection fails(i run also a DAHUA NVR on the network and an IP alarm system so that is the need for)! I already saw the compatible modems list here wiki.ipfire.org - Network Adapter Hardware Compatibility List but because I don’t have pci slots on my pi that is
    not an option for me! I have one 3g modem stick from Vodafone that when I connect to my raspi via USB this strange thing happens…
    The connection on wan gets dropped(all clients lose connection to the internet) and also the entire ipfire server is inaccessible(ssh/https)!
    So I cannot really tell/see what is happening as I have the raspi headless. The green led on the USB flashes as normal though! The logical consumption here is that this USB 3g modem is NOT compatible and that is OK but why the ipfire seems to reroute everything through this?
    Is it maybe a settings problem that I need to have preconfigured(you are able to access its webface from a windows machine) on my USB modem before I try to connect it in my raspi?
    Also is it better to, maybe buy a 3g/4g modem that has a wan port on it and maybe bridge that to a usb 3.0 ethernet adapter? (I would like to avoid that if I could and make it through a USB modem directly!!!)

Please forgive if here is not the appropriate section but I’m totally new to the forum!

Konstantinos - Welcome to the IPFire Community!

This is just my 2 cents worth…

It has been a long time since I used a RPI3B+ as a firewall. I only had red & green networks and I would only use it for AT&T U-verse connections (50 Mbps down / 5 Mbps up). No IPS, no VPN, etc. I found they are OK for slow connections (like AT&T).

Once you add a BLUE network, and OpenVPN and IPS (and maybe Geolocation and Captive Portal), then you may be overloading such a little machine.

I seem to remember that all of the USB connections and the Ethernet connection all share the same bus and that was the main issue. Please research this (my memory is old!)

The other issue is power supplies. I found some of the third party power supplies don’t work as well as hoped - they are too poorly made! Once I purchase the real Raspberry Pi power supplies, then all work much better!

Hi Jon and thank you for the reply!
You are correct, raspi is not a serious piece of hardware(at least 3b+) and i also have some mini PC’s with dual gigabit LANs laying around that I could use to try ipfire on a x86 system. Also my power supply is this https://spaceboy.io/store/spigen-essential-f401-000ad23962-4xusb-wall-charger-black/ so I think with 2 X 2,4A simultaneously connections is more than enough for just one more USB Wi-Fi adapter on the raspi. Of course and out of the question that will outperform my little raspi(nvme/ddr4 ram/multithreading CPU/AES-NI etc…) but the thing is that till now never have issues on the pi and in the hardware monitor I never saw the system to reach its ram/CPU limits even on the highest traffic days along with simultaneously 1 VPN connection constantly! CPU/RAM stays beneath 40% all time!!! Never needed to reboot because of a freezing on the system!!! I admit that maybe the IPS/IDS not performing as expected(so I could turn it off) but the blue WLAN should perform quit well as the other 3 connections(red/green/OpenVPN(purple I think… :confused: )). I mean is only for the guests after all(maximum 2-3 clients at a time!)… All my personal wireless devices go through an 802.11AC AP through a gigabit L2 managed switch and drops in the same green LAN. So taking these into consideration it should be very easy for this little guy to handle BLUE wlan with a DHCP server and some kind of Captive Portal. From all the above is just not seem to be a hardware issue! Maybe is the BUS thing that you mentioned…
Raspi 3b+ uses a Gigabit Ethernet over USB 2.0 (maximum throughput 300Mbps) and also
Product: Raspberry Pi 3 Model B+
Recommended PSU current capacity: 2.5A # that’s OK!
Maximum total USB peripheral current draw: 1.2A # already have a USB to gigabit ethernet adapter so along with another USB Wi-Fi adapter maybe that’s too much??? :confused:
Typical bare-board active current consumption: 500mA # irrelevant

In all models prior to the Pi 4, the USB ports connect to a combo hub/Ethernet chip, which is itself a USB device connected to the single upstream USB port on BCM2835 SOC

so maybe is this after all… :confused:

1 Like

I also have a NAS(gigabit ethernet again) and I only get 40MB/s read/writes with SMB in my network. I know that the NAS can really max out at 100MB/s, at least was able to(my brother use to have it on his home-different network than mine) but in mine gets only those slow speeds. I haven’t use it for couple of years now, so I don’t exactly know if is the routers(ipfire) bandwidth speed or some other issue with the hardware. The disks read/writes are tested 125MB/s and the NAS and my PC goes through the same gigabit L2 managed switch as the ipfire and all the cabling is brand new and CAT6! Is it possible that the slow raspi causing this?

It depends where the NAS is on your network.

If the client is GREEN and the NAS is GREEN, then the raspi would play little to no role. To prove, you can give the NAS and the client a static IP and then turn off the raspi. The two should still talk to each other just fine.

so YES, you were totally correct, as the issue was a problematic ethernet adapter on my PC, which after I replaced, now the smb speeds are maximing out as supposed to!

thanks again!

1 Like