John Galea's Blog

My blog on Gadgets and the like

Fenix 3 and waypoints

One of my readers contacted me with questions about how Garmin handled waypoints and it got me thinking, ya I struggled with that too … maybe others are … Thus this post. Waypoints are a remembered location. A waypoint can be obtained from other people, or can be created on the Fenix. If created on the Fenix the naming process on the device is a tad clumsy. I created a naming convention where the first three letters are used for the location. So if I’m out at Palgrave mountain biking for example all of the waypoints for their start with PAL. This can be helpful in grouping them. Although, Garmin on the Fenix, do not allow you to sort your waypoints alphabetically they are ONLY sorted by closeness to your current location. This is a real problem if your trying to work with your waypoints on the Fenix not at the location. Other Garmins did have sort alphabetically, no idea why Garmin didn’t include this on the Fenix.

Ok so you now have waypoints on your Fenix now what … Well shockingly the waypoints are not handled on Garmin connect web site or the connect app. Managing (delete, add, rename etc) and backing up waypoints is done on Garmin Basecamp on your PC/Mac or on the Fenix.

Waypoints can be used to navigate distance/direction from your current location (as the crow flies). This to me is a SUPER hugely important feature. How to get back to that sweet single track you found, or more importantly how to get back to your car. The fenix 3 doesn’t have maps on it, so of course there could very well be a deep ravine between you and where you wanna go … so you have to keep that in mind. The other thing you can do is make a “course” on your Fenix or on basecamp that takes you from waypoint to waypoint. You will not get a map of how to get there, but you will know the distance/direction to the next waypoint. And it will complete and move onto the next waypoint automatically. This can be problematic if the waypoints are tightly packed together (close to each other).

Basecamp, is also how I took my existing waypoints from my previous Garmin onto the Fenix. It worked pretty well. Basecamp can be downloaded from the Garmin website and is free. Editing, renaming, deleting etc is all best done on Basecamp.

This current situation (Garmin Connect ignoring waypoints), has been this way a LONG time. I’m not sure it will change, so the best we can do for now is understand it …

I also have another post on Navigating with the Fenix 3.

Advertisements

May 8, 2018 Posted by | GPS Stuff | Leave a comment

Workoutdoors app mini review

I recently discovered a new app for my Apple Series 1 Watch WorkOutDoors. This app bring full vector maps to exercise tracking. You can pan and zoom around the map as well as see bread crumbs of were you’ve been exercise.

At the end exercise you get a terrific summary of the workout. In my case it was a hike and I got a summary of distance, number of steps, heart rate etc. Even apps like Strava don’t give you a map like this! The app on a series one (which does not have a GPS) uses the GPS on the phone. Quite impressive.

Comparing the distance with another exercise app called RunGPS it is 8.3 Vs 8.13km, within 2% of each other, which is quite good. RunGPS track of the same exercise.

Once complete you can export the exercise as a GPX, that can be then imported into Garmin connect or Strava. I tried Garmin and it came through ok, but the walk got interpreted as uncategorized. Here’s the workout on Garmin connect.

When Garmin in turn linked in with Strava it came over as a ride.

Imported directly into Strava the app gives you the opportunity to change it from a ride.

All in all the app works well, but the exciting thing about this app is what is coming. I spoke with the author of the app and he tells me he is adding waypoint and navigation support. This would be game changing and it would be the only app on an Apple watch capable of that. He also said direct export to something like Strava is also on the todo list.

May 3, 2018 Posted by | Uncategorized | Leave a comment

PFSense open source Firewall

Ok, I will warn you straight off, this is going to be a tekkie post, sure to bore many. But if your one of the few that eats bits for breakfast … enjoy! I have to admit, even as an IT guy with pretty good network knowledge this project challenged me.

Routers sit there out of the internet, exposed. The result of this is that they get hacked. Manufacturers stop updating firmware and plugging vulnerabilities because in the end, there is no motivation for them to spend the effort/$$s. Instead they want you to buy a new router every so many years. And the cycle goes on. And the firewall on routers is not always impervious … If you don’t believe this, after you’ve setup Pfsense see how many hacks get through your existing router!

This product attempts to fix this issue by putting another layer between your precious laptops, phones, gadgets etc and your likely leaking router. Or so the story goes. Frankly when a colleague of mine, Jeff, starting talking about this topic I had to admit the fascination of it alluding me, all the while he was enthusiastic and embracing of Pfsense. Now given I think Jeff is a bright fellow, so I decided to dive in and see what I could see … And frankly, it’s the winter, I’m not snowboarding, my gf is out of town, and I’m bored, so I decided to burn some cycles. And burn some cycles this will … Setting up Pfsense is no small feat. So let’s jump in. We will take this in small steps, enabling functionality as we go. I’ve written, updated and rewritten this article a number of times as I’ve learned more and more. In all I’ve been at this almost a month, but don’t fret, you can start small and add features until you get the functionality set you want.

Introduction

So what is Pfsense you ask? It is a Linux (FreeBSD to be exact) Open source, extensible, highly configurable firewall. By default, it does not have some advanced features (like intrusion detection, anti virus etc), but these can be added through a fairly extensive list of package add ons. Pfsense can run on super small appliances, or it can be loaded on just about any old PC you have laying around. I chose to load it as a HyperV VM at first so that it costs me nothing, and I can assign it as much or as little resources as I want to … In the end the hardware resources for this firewall are quite low. I gave it 2G memory and 4 VCPU 20G and that was more than enough. In reality you really only need a couple G drive space for it to run off. As a VM I can also move around the networking that Pfsense has quickly and easily allowing me to implement it as it goes! I downloaded an ISO (which stupidly was Gzipped) and installed it from there. Installation was quick and painless. Once up you simply tell Pfsense which network has your internet (the WAN) and which has internal network (the LAN). You will need (and want) two network cards for Pfsense. IPs for these networks can be super simply setup. It’s worth noting, that Pfsense becomes your gateway out to the internet, so if it’s down … so’s most of your internal network. I did notice that they have obsoleted the 32 bit version of Pfsense at 2.35. Going forward you will need a 64 bit x86 processor. Pfsense could have, but does not allow you to have the two subnets on the same NIC which would have been helpful, but compromising from a security point of view. Pfsense can also implement all DSL PPOE authentication, allowing you to put your modem in what’s called bridge mode. Although I’ve not done this, to allow me to fall back quickly by turning the Bell modem, a SmartRG SR505, back on anytime and abandon Pfsense.

Getting started

Step one of getting it up and able to act as a firewall is pretty easy. My Router will remain on the perimeter with IP in the 192.168.1.x range. I chose to setup the LAN as 192.168.2.x. I can slowly migrate clients from the 192.168.1.x exposed side to the 192.168.2.x behind the firewall side. Pfsense is setup initially to be pretty lenient and allow pretty much everything outbound. This makes setup and admin much easier. You can choose whether this is how you want to leave it, or start adding rules blocking outbound stuff. I’ve seen other firewalls that take the opposite approach and deny all, but this becomes a headache pretty quickly. If your going to have anything that is serving in the home (web server for example) you will need to assign a static IP to the WAN (192.168.1.x) side of Pfsense. If Pfsense is going to be DHCP duty then the lan side (192.168.2.x) will also end up with a static IP. By allowing Pfsense to do DHCP (instead of your router) DNS inside your home can be comprehensive. Something that never quite worked right on my previous setup.

Configuring inbound NATs (and static IPs)

Next step is setting up your inbound rules. For me I have inbound RDP, as well as a web server. So first off you have to create static IPs (DHCP reservations) for any hosts that are going to serve. This is easily done from Status > DHCP Leases and click the + sign to add a static mapping. Or you can add them yourself Services > DHCP server down the bottom. The static IPs are based on MAC addresses of the network cards. First off you have to go to your router and repoint any incoming rules and move them to point to the IP address on the WAN side of Pfsense. Within Pfsense you then add Firewall > NAT for each server you want to host. I had some difficulty in that I had a VPN running on the one host which blocked the incoming NAT. This cost a NUMBER of hours to sort out, but in debugging I poked around a lot. I found Canyouseeme very valuable in testing externally inbound ports.

Outbound VPN

Ok now your ready for the next feature … outbound VPN. If you do any form of P2P you want a VPN if for no other reason than to avoid nagging from your provider. I found a great guide for setting up PureVPN for Pfsense. The VPN setup is done using OpenVPN. The setup was not at all straight forward and honestly took a while to get working. The one thing missing in this doc was the compression setting which was LZO Compression Legacy.

Now with this setup ALL traffic will go through the VPN. This isn’t what I want. What I really want is for any traffic for the one host that I run P2P on to go through VPN. So to take care of that I added an additional interface for the VPN. Interfaces > Assignments, add. This adds something it calls OPT1. Then in System > routing you now see a gateway for the VPN. Lastly you can now create a firewall rule that triggers on requests from that host and passes it to the VPN gateway instead of the default gateway.

You can use tools like IP chicken, or Whats my ip address to help debug when your connected to VPN and not.

Status > system logs can show you any errors VPN might be having. The status of the VPN connection can be seen at Status > OpenVPN.

The default for OpenVPN client is to have all communications go out the VPN once setup (as I mentioned above). In the configuring of the client you can remove this and then route the traffic you want to the VPN through rules.

I had one MAJOR issue with the VPN on Pfsense. I want what is called an internet kill switch. Ie if the VPN is down, then I want no traffic outbound outside of the VPN. At this point I’ve been unsuccessful in getting this working. What ought to be simple rules, just don’t seem to be working.

It’s worth mentioning that if you create a VPN on the PC then that PC is directly exposed to all other members of the same VPN. So it’s important to insure your running a firewall at the very least. By moving the VPN onto PFsense it removes this exposure. It is important that you turn Snort on (more on this later) on the VPN interface.

Dynamic DNS

Next up I added Pfsense updating dyndns which was super trivial. This allows Pfsense to update dyndns instead of my client. This became super important if ALL internal traffic is going through the VPN, because it will end up updating dyndns with your VPN IP since this would be all your internal network was aware of.

Ad/Malware/Ransomware blocking

With a fully functioning firewall we can now look into exploiting some additional functionality. I had read a bit about PiHole which is an ad/malware blocking DNS server that can be setup in a separate VM. Well it turns out you can do the same thing in Pfsense using PfblockerNG. There are two sides to PfBlockerNG. The first which for now I don’t care about looks for incoming hackers. The second replaces the DNS forwarder that normally is in use for internal DNS requests and replaces it by a DNS resolver. The DNS resolver has the ability to add lists to it that it will in turn reroute to an internal IP address, in effect blocking that IP (called DNSBL). There are lists of “bad” sites that can be obtained from PiHole. These are then manually added as feeds into DNSBL and the Pfblocked goes out and updates them daily. This gives you PiHole like functionality for free! To test if this is working go into one of the lists that you added as feeds and find a URL. Then simply ping that URL. If you get 10.10.10.1 (the default for DNSBL) as the IP address back for that URL DNSBL is working perfectly! I had a major issue that I had DNSSEC turned on which requires a secure DNS server. As it turns out the DNS servers I use are not compatible with DNSSEC so outbound was being blocked. Turning DNSSEC fixed the issue. I originally turned on another function of Pfblocker called DNSBL easylist, but I found that blocked too many things to be useful so turned it back off. Even Google calendar stopped working. I also had issues in that most clients will cache dns requests. So to flush this on windows you have to enter:
ipconfig /flushdns (as an admin)
I ran into one oddity which is that if you stop Pfblocker, I had to manually tell Pfblocker to back out and resync the DNSBL feeds to get it working again if you then enable it.

Tuning DNSBL

Once your have turned on Ad/malware blocking you may see that there are sites being blocked that you don’t want blocked. These can be easily tuned to allow those domains. By going into Pfblocker, then alerts you can see what is being blocked as well as which list it was on. These domains can then easily be clicked on to add to a whitelist. This white list allows these domains through. Or you can manually add them to the Pfblocker, DNSBL, custom domain whitelists. And you can add domains, and include subdomains to allow. Once they are on the whitelist you will need to force a reload for them to start working, by Pfblocker, Update, force. Then you can test to see if that site is now not being blocked. Using this method you can fine tune what you want and not want to allow.

Blocking hackers/web robots

Now that the more important DNSBL is setup and running we can look at blocking known incoming attacking web sites. There are lists for this just like there are for DNSBL. These are configured in PFBlocker, IPV4 tab.

This in turn creates an incoming firewall rule to block these IPs.

To test this I added my own external IP address to the block list and then attempted a connect. Sure enough it was blocked and shows in the alerts as being blocked.

This web site had a couple of lists of bad guys to add to PfBlocker! Now this is entirely based on the sources IPs. As you can imagine bad guys can change their IPs so this is somewhat like chasing your tail. This is not to be confused with something like Snort that is more algorithmic detection based. This would also not detect anything like a port scan of your host. You can also use this feature to block web robots/spiders/crawlers from indexing your web site and adding it to search engines. You can also control well behaved spiders using Robots.txt on your web site.

In the end I don’t see much point to this part of Pfblocker.

Snort

It is quite common for hackers to try and see if they can get into networks and poke around using everything from known exploits to hacking tools etc. There are apps called Intrusion detection sensors (IDS) and prevention that attempt to use known patterns to identify and block these prods. Snort is one of these. Setting up Snort is a multi step process.

Step 1 install Snort

First install it from the packages list. It will consume additional memory, processor and disk space, but it ended up being less than I thought …

Step 2 tell Snort what interface to listen on

Once installed you need to tell Snort what interfaces you want it to listen on. At the very least I recommend your VPN and WAN (internet connection). Remember that outbound VPN is it’s own connection, and people doing bad things maybe also using VPN so it’s not a bad place to keep an eye on as well. And, the VPN drills a hole directly through your router/firewall so this is a place Snort is actually extremely helpful. And lastly snort can watch for bad things coming out of your internal network … like viruses and the like. In fact the packet inspection, and pattern recognition in Snort can very much be compared to anti virus, and the positive thing is these are blocked at the perimeter of your network. When defining your network (especially your external network) be sure and check block offenders. What’s the point in seeing an intrusion and doing nothing? Don’t forget to press save.

Step 3 tell Snort what to look for

Once the network is defined you need to go into WAN categories and tell it what you want it to look for. I just turned them all on, which annoyingly there is no enable all button.

Step 4 is Global setting

This defines what Snort does for all networks. I also created an account on Snort.org which allows me to download patterns from Snort itself. Be sure and set an update interval for the patterns to insure you have the most current. I chose daily. I also again just basically turned on all of the available sources for known threats. I can always revisit this if it becomes to slow/burdensome.

Step 5 go get updates

By going into Updates next you can download all of the patterns so Snort knows what to be looking for. This would happen according to the update frequency you set above but this just lets you kick it.

Step 6 start it

At this point Snort is ready to go, but you have to manually start it. Go back to interfaces and start Snort. I hadn’t noticed this at first, and was wondering why it seemed to be doing nothing πŸ™‚ DOH. Snort can take a few minutes to get started so be patient.

Once started it will look like this and is good to go:

Test it

Ok so it’s installed, and configured but is it doing anything? I read lots of articles about how to test Snort. There were many way too complicated answers to this stupidly simple question. Well it’s actually pretty easy to test. Just use a port scanner, pscan, nmap whatever. Now just point that scan at the interface you enabled Snort to watch and let it rip. In short order Snort will jump into action. You can see this in Snort, alerts.

From this interface you can click the red x under source interface to remove this block (assuming you enabled block), or you could also click the red x under SID to remove that rule if you decided it was blocking something you didn’t want blocked. You can see what the IP that the offender was using along with the rule that triggered this alert. Under the blocked tab you can see all IPs that Snort has triggered on and subsequently blocked. Again here you can click the red x to remove the block. Now it’s worth noting that if you were doing this by RDP you have now just lost contact with the host you were testing from πŸ™‚ Don’t forget to unblock your test machine. And with that you’ve tested Snort …

Tuning Snort

Because Snort actively blocks sites it’s important to keep an eye at least at first at what it is alerting on. I found it was alerting on, and then blocking my VPN provider which in turn broke my VPN. It had false positive triggered. So I had to go into the alerts, disable the rule that was causing a false positive and then unblock my VPN provider. I also had issues that Snort was triggering on P2P, which in a corporate environment is bad, but at home is good, so I simply told it to ignore those.

You can create pass lists for IPs you always want ignored, but setting this up is WAY less than obvious. It takes 4 steps. 1) create a firewall alias with all the IPs for a given interface you want to allow. 2) create a passlist that points to the alias you just created. 3) tell sort the passlist for a given interface 4) restart snort.

It’s worth noting the obvious, that any thing that Snort detects as an attack, is something that went through your router (in my current setup where Pfsense is behind my router, ie double Natd).

If you find anything not working, a web site, an app, whatever, start by disabling snort and see if it is the culprit. Then you can look at tuning it. One area of snort that is ENTIRELY problematic is the http_inspect function provided by OpenAppid. I highly recommend you just disable these. So many web sites will false positive trigger and then be blocked by this.

Inbound VPN using OpenVPN

Next up I thought I would look at OpenVPN to be able to setup a VPN externally into my network. I started with this official guide to get going. It recommended using the wizards within OpenVPN and I didn’t at first and had no end of issues. Then I discovered (and it’s in the guide but I missed it) that you need to add a package to Pfsense to allow you to export your OpenVPN connection. This allows you to create simple install files to test out OpenVPN. I found tweaking and making changes to your OpenVPN server was easiest dealt with by downloading the install files and running them. If all that had changed was the config, then that’s all it installed. It ought to be possible to just export the configuration but I had no luck with that on Windows. Then I had issues with DNS resolver not working. These were fixed by creating an access list for the subnet of the VPN clients, in my case I had chosen 192.168.3.x. With this fixed and working I was able to get at my internal network remotely. This also means ad blocking would now also work with my VPN clients. It also means I can refer to my internal machines by their names rather than their IPs from VPN clients. The last thing not working was internet traffic through the VPN tunnel. Ie all remote internet traffic would go through my internet connection. This I had issues with and could not find the solution. And then I found this article that pointed to the fact that I needed to create an outbound NAT rule to allow VPN traffic externally. And like that … le voila it was done!
It’s worth noting that I tried to setup IPSEC/L2TP but could not find a group of setting that windows would live with and gave up. I had no end of performance issues with OpenVPN, and in the end got the best results by dialing down from SSL/TLS to Remote access User auth. This still used TLS for authentication making it harder to hack into my VPN. I also dialed down the encryption. The greyed out one was too slow, in spite of trying a number of different hardware solutions.

It’s worth noting, that if you decide to pass all of your remote traffic through your home you will be limited by the slowest part of your service speed. So in my case I was roughly 24Mb/s down and 7 Mb/s up. But remember, for a remote client this gets reversed. So the fastest you could possibly dream of would be 7Mb/s. Not great. So, my decision was simply to leave remote clients using their own internet connection for external communications. Internal would still go through VPN, and ad blocking etc still work. Of course you do loose the protection of Snort. To tell the remote client to use their own external connection turn this off:

To be able to use internal DNS names as well as ad blocking for remote hosts, be sure and turn on block outside DNS.

Connecting to OpenVPN with an iPhone/iPad

There is a client export package that can be installed on Pfsense that makes setting up clients super easy. Once this is done you go to VPN/OpenVPN/client export and select OpenVPNconnect. This will allow you to save an ovpn file that has everything you need. Go to your iPhone/iPad and install OpenVPN connect app. Now email yourself the ovpn file you previous downloaded. Go into the default iOS mail app and click on the attachment. Click Copy to open vpn.

Then import it into OpenVPN. Now your ready to test. I found one odd anomaly which is that you can not logon twice with the same VPN userid. It hands out the same IP address thus kicking others off. The simple solution is to have separate accounts per device.

Traffic shaping

Traffic shaping is something I’ve had in the past and like it. The theory is to prioritize those things that are important. Like web browsing. And de-prioritize unimportant things like torrents. I played with this a LOT and got no where. In fact, I had it cause MAJOR performance issues. For now, I’ve turned this off.

Clustering

Since Pfsense now becomes essential in the home I decided to look into clustering Pfsense. To do this you start out with two fully functioning, fully setup Pfsenses. The easiest way to do this is to set one up, then do a base install on the second, install all packages, and then backup from the primary and restore to the backup. Test both to make sure they are working. Once confirmed your ready to start. The first step is to setup System > high availability sync. This keeps the settings etc in sync between the two boxes. To do this go to the primary, tell it what interface to sync on, I recommend the LAN. Some people talk about needing a dedicated interface, and ya that would be nice, but not necessary in a home environment. Add the IP address of the backup Lan IP. Add the sync config to ip to the backup lan IP. No idea why you have to do this twice. And give it the remote system username/password. Same you would use to logon to the web interface. On the backup box enter only the sync peer. And with that you can see sync working or not in Status system logs. Your now ready for the next phase adding VIPs. To make a seemless fail over your going to need a WAN (if you care about incoming) and a LAN VIP. These are called CARP VIPs. I had HyperV issues, but solved them (enabled MAC address spoofing) and I also had issues on my USB ethernet adapter not working with CARP.

Once I had CARP up I wanted to do some testing to insure it was actually working. I found I had to make a few adjustments to my settings. All incoming NATs had to be moved from the WAN address to the WAN VIP. DHCP had to be modified to add the default route and DNS server to be the LAN VIP rather than the server IP address. The DHCP changes have to be made manually on both servers this does NOT replicate.

It’s worth noting that the way this works is a master/slave relationship. The master, or primary if you prefer is the dominant server and will always take over when it’s available. The slave just sits there waiting to take over. Fail over and fail back happens pretty quickly. Any changes to the slave server in the area of things like firewalls will be completely over ridden when the master comes back online. Hard failures like a server completely dieing are picked up perfectly. Softer fails are hit and miss from my experience.

Site to site VPN using OpenVPN

Ok so just when you think your done … a bud wanted to play with site to site VPN. Why the heck not. This allows you to virtually join networks across the internet. So machines in his home can see mine and vice versa. Now the biggest limitation of this is going to be (as before) your internet speeds. None the less, on we go. So first you setup one Pfsense as a server (the other will be considered the client). It needs to hand out an IP address in a unique subnet. It can NOT share the subnet that your other VPNs are using. Your going to be setting up a peer to peer shared key. It will also have to be on a unique port (can’t share a port with your client OpenVPN setup). You will need to insure there are no overlapping subnets (that you want to share) between the two homes. You configure each end with the subnets of your networks. And from there you configure the client with the same parameters as the server and point the client at the IP or name of the other side. You will need to open the firewall on the server side to allow the incoming port. You can see the status of the tunnel Status, OpenVPN. Errors can be seen in the System logs. Once done you can simply ping first of all the gateway on the other side of the tunnel, and then an IP in the other location. If you want to get fancy you can add DNS to each side so that names resolve as well. And with that, the homes are digitally connected. The tunnel will stay relatively connected, but I have noticed delays when it has been used for a bit while it reconnects.

Hardware testing

If your like me you have a number of older physical boxes in your pile doing little to nothing. Seemed like a great place to play with Pfsense. Again this BURNED A LOT of time!

I dug out an old Asus ASROCK media player I have. It’s based on a dual core atom 330 processor. I got lucky and this one is 64 bit. I decided to put Pfsense on a 8G USB stick. The media player only has one NIC so I used a USB ethernet I had laying around. I also wanted to play with WIFI but I ran into an issue that my Realtek RTL8188 but couldn’t get it going on the 64 bit version of Pfsense. The driver ignored it. Migrating from my VM to the physical box was super simple. You simply backup your old configuration making sure you choose backup all. On the new box do a vanilla install. Be sure and add any packages you want on the new box that you had on the old one. Then use the restore function. If the NICs are different it will simply reask which NICs are which. I had to manually redownload the Pfblocker/Snort rules but that would have been done on the schedule anyway …

Now that you have a functioning Pfsense box you may want to benchmark it. So to do this I popped one of my machines in front of Pfsense, attached to the router and ran Speed test to get a baseline of my internet. I then ran the same test behind Pfsense. My performance was awful. 24.85/7.33 MB/s (down/up) and behind my physical Pfsense box I only got 9.57/4.81. So I looked at the dashboard and saw that processor, and memory seemed to be fine. This left hard drive as the likely culprit. I ran:
geom disk list
To get a list of disks and then ran:
diskinfo -c da0
to benchmark the drive. I discovered the USB key that I was using, and how it was connected was resulting in REALLY bad performance. Like 2.5MB/s vs what ought be 40MB/s or so. So I moved it back to a hard drive. With this resolved the performance improved a bit. At first I’d given up on Atom, but eventually discovered it was traffic shaping causing the poor performance and simply disabled it, I’m not convinced it was doing anything anyway.

By the way I used DSL reports to benchmark my internet speeds but you could also use Source Forge’s too.

Going back to my VM I ran the same test on the VM which was configured as 2 virtual CPUs running on a i7 860, and 3G memory. This time the performance over my 25Mb/s DSL connection was much better and showed little to no slow down.

Performance testing

So now I got curious as to how hard this could be pushed, so I went back to my VM. I setup a web server on one machine, and a web browser on another. I used a Ramdrive to host the content Imdisk so the question of the hard drive being the bottle neck was removed. Using H2testw I was able to measure the Ramdrive as being capable of 389/293 MByte/s (write/read). So on with the test. Locally the content was served up at 166MB/s. Remotely, not through Pfsense this got 150MB/s. It’s worth noting that the second machine is a VM on the same box so the connection is a virtual 10Mb/s adapter. So with 150MB/s as the now bar I was curious to see how multi threaded the firewall is, using a VM allowed me to change the number of CPUs. With 2/4/6/8 VCPUs I got 104/106/120/118 MB/s. So as you can see it scaled relatively well right up to 6 VCPUs. What this tells you, is the firewall is very well multi threaded, able to take advantage of multi core processors!

In running some of this I found a few tools worth pointing out. First of all there is a tool you can install that will tell you your incoming speed test. It removes the router and anything downstream. It’s a way of telling basically your line speed in. From a pfsense command line you need to install the tool:
pkg install py27-speedtest-cli
and then you can run the test anytime by running:
speedtest-cli

Second there’s a network bandwidth tool call iperf that you can use to test speeds between computers without having other bottlenecks like hard drives etc in the way. iperf is can be downloadfor windows amongst others. To add ipferf to pfsense install it from the web based package manager. To use iperf you start iperf on the receiving end by running:
iperf -s
then run it on the other end:
iperf -c host -p port

You will get back a bandwidth between the two.

On Redhat to install iPerf:
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install iperf

Selecting hardware

I saw a guy on a forum ask a simple question … what’s the best hardware to run Pfsense on? The smart ass answer that came back is the one you already have πŸ™‚ That said, its quite true. The ones I played with were for exactly that reason, I already had the box available.

A VM is a great choice and allows you the max flexibility in network configuration as well as resource changing (memory/processor). But I have to say I have had issues with VMs. I could not for the life of me get Pfsense clustering to work, the VIPs refused to come online externally, until … I finally read an article on Best practices for FreeBSD on Hyperv which directly addressed CARP and solved the problem (it was MAC address spoofing had to be enabled). And CPU utilization just seems bizarre to me. I have more experience with Vmware and the way they allocated VCPUs makes a whole lot more sense to me. I would see Pfsense showing the CPUs pretty busy but the physical CPUs still being inactive. Temperature on the VMs never showed on the dashboard of Pfsense.

I tried for a LONG time to get Pfsense to run an older dual core Pentium 4, P4D. I could get the older 32 bit version of Pfsense running, but the 32 bit version is end of life. And since there is no support for taking configurations backed up on the 64 bit version and restoring them on the 32 bit (I tried and it restored but had bizarre issues). The 64 bit would oddly install but just not boot. So this was out. Although, the performance on the P4D on the 32 bit version was quite adequate. Using Windows Server 2018R2 and HyperV I was able to get Pfsense running on the P4D. Performance was adequate but just barely. The processor lived at higher than 50% for a lot of the time and sometimes even peaking around 90+. And this in turn generated a LOT of heat which caused the fans to scream. So in the end this became a net but useless experiment. More time successfully killed!

I had an old Xeon Dell, a poweredge. This box seemed like it would have all the horsepower. Interestingly enough, the performance on this box was not night and day better and certainly didn’t justify the cost of running this HUGE box for nothing.

I also had a quad core atom box and this ran fine as long as I had traffic shaping turned off (as discussed above) and dialed down the VPN requirements.

Going forward Pfsense (2.5 and above) have stated that a CPU having the AES instruction set is a requirement, so if your buying hardware be sure and look for that.

Buying hardware

As I come to the end of the journey I love the functionality that pfsense gives so it’s time to make it permanent and give it a home of it’s own. There are lots of dedicated boxes that make perfect Pfsense machines. Like Qotom Q3554

But this is more money than I want to spend. So I looked for and found a refurb desktop with a Core i5 processor that has AES support so it’s good going forward from Laptopsforless for $149. And if I bore of Pfsense it has many uses in the home. I bought a HP Elite 8200 i5-2400 3.1GHz. With 4 memory slots, a max memory of 32G, and lots of PCI slots there’s lots of room for growth for future uses!

Costs

PCs that run 24×7 can start to become expensive if you aren’t paying attention, so I thought I’d take a look at what my HP Elite 8200 might be consuming. So I bought a Kuman 15A/1800W Plug Power Meter from Amazon. Over the period of almost 2 days I got an average of 44W, which is quite low for a desktop. By comparison my Dell Poweredge SC1430 that I was originally thinking of using consumed a whopping 160W. Translating this into $$s using an average cost of hydro of 8.9 cents/KWh we get an annual cost to keep Pfsense running on this hardware of ~$35 per year. Now the dell would up this to $125, or by buying the new system I saved $90 a year. Or in other words the system was paid for in 1.9 years!

Power management

I played with power management enabling PowerD from within System/Advanced/Misc and put it on min performance (max power saving) and set the drive time out to the min, but didn’t see any decrease in power consumed. So for my system this did not seem to help.

Automated backup

I found a great tool that you can run from a Windows box that you can use to automatically backup and download your pfsense settings. Given the amount of time I have into this … yay!

March 29, 2018 Posted by | Uncategorized | Leave a comment

Advanced elements Firefly AE 1020 mini review

My gf was looking to get an inflatable kayak for the spring and one of these popped up on Kijiji and thus we have this post. At this point I own an Advnaced Frame AE1012 and tried out a AE 1009 Expedition so this makes the third in the company’s product offerings I’ve touched. At this point I haven’t had the Firefly in the water so can’t comment on handling yet. But let’s have a quick look at it and I’ll update the post when I get it in the water. Compared to mine this one is quite a bit shorter, and lighter.


The difference once inflated is quite significant. There’s a whole lot less of the boat behind you. The one we got according to the hull ID is a 2014 and did not come with a seat. (The Hull Id # is located on the kayak and begins with XZE. The last two digits are the ones that will tell us what year it was made in.) I spoke with Advanced elements and they told me “The firefly seat was added in 2016, so your year does not have the seat option. It also does not have a seat buckle to add a seat unfortunately.” I’ve found the company to quite responsive and helpful, excellent customer service.

There’s a lot less to inflate than my boat, 2 chambers (+ floor) Vs 6 (+ floor) . There’s no combing that you could possibly attach a skirt to, or to deflect water out of the cockpit. There’s no dry storage area (same thing on mine). It does however have velcro straps on the deck to hold the oar while you are carrying/launching the boat. Mine doesn’t. Overall the material used seems similar to mine and should be reasonably durable. The inflation chambers use a clever valve that make it easy to inflate and deflate the boat (same as on mine). Overall the boat is super fast to inflate/deflate.

The lack of a seat may be a limiting factor, I guess we will see. Not sure why Advanced elements didn’t think of that. Overall this looks like an excellent beginner boat. Super light, easy to setup. We’ll see how it handles. I can’t wait for the warmer weather to get back on the water!!
Entire manual for the boat is available for download.

March 6, 2018 Posted by | Uncategorized | Leave a comment

Amazon dot review

A friend of mine bought an Amazon dot … the first question I asked was why? Then he said do you want to play with it first? Um, sure I thought. So let’s start with what is it. Well first of all it’s a voice activated digital assistant. Think SIRI. You can ask it things like what’s today’s weather. From this point of view given I have an iPhone I don’t see a value. But frankly at $69 it’s cheap enough there doesn’t need to be a lot of value to have one. Setup is pretty easy but be aware it’s impossible from what I can see to set one of these up without an Apple phone/tablet or Android phone/tablet. And even using it without these is not going to be all that rich an experience. Now for someone tech savvy enough to want one of these that’s not a huge barrier, but they could have provided a web interface to interact with it, but they didn’t. And seeing what the dot is playing is seen entirely on your phone/tablet since there is no screen on the dot.

Taking a step back lets look at the physicals. What you have is a round device a little thicker and larger than a hockey puck. Jack wise there is a micro USB plug which goes into a 5.2V 1.8A 9W adapter. In general I saw it drawing around .5A so around 2.5W. So not a whole lot of power. It also has a 3.5mm audio plug you can plug into a stereo. On the top of the device is a mute, volume up/down, and and activation button that calls up Alexa if you don’t want to use voice commands. There lights that go around the outside of the device that have a bunch of meanings. These can be disabled using the devices do not disturb mode. And if this is in the bedroom I HIGHLY recommend you look at this before it inevitably wakes you.

So give me some examples of what you can ask it? Well the list is long but as mentioned above, the weather. If you link your calendar you can ask it your calendar. You can get Alexa to add items to a shopping list that you can see on the phone and share with family members. You can add timers, alarms etc. There is no way that I can see to get emails or text messages from your phone. You can use Alexa to make voice calls to other Alexa enabled devices. You can also make phone calls using your contacts from your phone.

You can ask it other things and it will go out and try and find answers for you. I do find SIRI more conversational than Alexa (which is what the assistant is called). The mic in the dot is really quite good and picks up your voice from quite a distance. Miles better than the mic on iphone which was never meant to be used from across the room. By the way, Apple has a similar device that rocks a whopping $349 price tag. Pass, even if it is an amazing speaker, I’ll still be using my home stereo.

The dot can connect via bluetooth to a home stereo. This opens a few new possibilities for the device. You can use it to play music from Amazon music, find radio stations on tunein and the like. I couldn’t get the radio player Canada skill to work for whatever reason. Paired with the home stereo the sound worked very well. Tunein sadly did not identify the song playing, a HUGE miss for me. I long for a music player with something other than basics, like lyrics, who is the band, what is the song, what’s there discography etc. Not here. Now if your stereo is smart enough to have bluetooth, it probably already has an internet radio player built in. So this is largely a wash. But it does sound fine. Amazon music player does identify the song playing. The dot switched seamlessly back to the internal speaker when the bluetooth disconnected. Well done.

There’s supposed to be a way to pair the dot and my amazon fire TV but I couldn’t get this working. Nor do I see it all that useful.

My Radio WIFI thermostat was not supported so that functionality was out.

The dot can add new “skills” that can add additional functionality you can call on. I like that the device is extensible.

So in the end, it is a neat device, but I’m not sure there is enough room in my digital world for it. And what I don’t need is another gadget that I don’t use. So I won’t be grabbing one … for now. Now if something in a similar price range that used siri and fit into the Apple eco system existed, that I would buy.

March 3, 2018 Posted by | Uncategorized | Leave a comment

PNY 3000 battery pack

I last blogged about a Mocreo 2500 mAH battery pack. It worked well … so well my daughter took it 😦 On to find another one. The worst feature of the Mocreo was that it was a micro USB cable with a converter to lightning. The converter and the cable were a little precarious, although 6 months later it was still working well. So this time I wanted a battery pack that had native lightning cable. This particular battery pack is quite well designed. A little more pudgy than the Mocreo, but all in all not that back in size at all. You can have it in your pocket and for the most part not notice it’s there. They have deisgned it well in that it has both a cable on the one side that is micro USB and on the other is a lightning. Both cables are well designed and rigid enough as to feel durable. If there is a complanint it’s that they did nothing to label which is micro USB and which is lightning, but this is a nit pick. They also included lights to show the level of charge of the pack, a welcome addition.

So let’s look at specs. They are pretty clear that the pack can put out 5V 1A from either cable. This pack once plugged in requires you to press a button to get the charging started. 1A is fine for older iPhones and is the same amount of current the stock charger even with the iPhone 8 comes with. So what you get is a comparable to plugged in charge speed. Almost all newer Android phones and even the iPhone 8 can use higher current to give you a quick charge. So this battery pack will not do that (nor do they suggest it will). The pack lives precisely up to what it says and delivers a solid 1A. On a deep discharge cycle the phone went from 9 to 70% on an iPhone 8 in an hour. The Iphone slows charging down beyond that. Overall the pack can charge the iPhone 8 from dead once. This comes out to an efficiency of around 60%.

From a recharge point of view again the specs are pretty clear that this can only take 1A in, so your looking at a slow recharge. These battery packs do not seem to have caught up to the phones quick charge improvements. Recharge time from dead was well over 3 hours.

For the price on Amazon ~$20 this is a very good battery pack. Well designed, well executed, cheap price, fast ship.

March 1, 2018 Posted by | Uncategorized | Leave a comment

Tracking ski/board on the Fenix 3

I took a little hiatus from snow boarding but went to get back into it. Fortunately I checked ahead and found the ski/board app was missing from my Fenix. I searched and searched and could not find how to add it back. It turns out you can not do it from the phone, from what I can see. On the watch select settings, app, scroll down and select add. Then select Alpine ski. This adds the ski/board app onto the Fenix. Once there this app works very well. It can easily tell going down hill Vs being on the lift. It tacks the number of runs you got in and then the stats for each and every run. You do get a map of the run as well. The runs are visible in the Splits on Garmin connect. And at the end of your day you get moving time, elevation, and speed. The stats that come out of it are very good. If there is anything missing it’s that you don’t get the run names, or at least I didn’t but I was at a small private hill. Here’s some examples of the data you get. The whole data set is here for you. Of course temperature being on your wrist and under a jacket at bogus.

I did find it super easy to interrupt your recording, jacket cuffs, glove cuffs can all push on the buttons. I found it necessary to lock the Garmin which you can do by pressing and holding the power button and then selecting lock. Unlocking is done by pushing and holding the power button.

All in all it works well, and I was impressed.

February 6, 2018 Posted by | Uncategorized | Leave a comment

Should I upgrade my Fenix 3 or should I buy a Fenix 3

This is a topic I see discussed frequently so I thought I would summarize everything I could think of on the subject, sort of a what’s new in the Fenix 5 (as well as other options) compare with the Fenix 3. I am the proud and happy owner of Fenix 3 (non-HR) and find myself pondering just this question. The Fenix 3 is an awesome watch. I use to completely love it’s smart watch function, well until I bought an Apple watch. But when it comes to activity tracking, back end website, navigation etc nothing beats Garmin. As a weekend warrior, weekends were made for my Garmin.

The Fenix 5 has now been on the market for a little while now so it’s been a real temptation for me, knowing there is something better out there … Like an itch you just wanna scratch :). Given my Fenix 3 does not have a heart rate monitor it means I have to either wear a chest strap or a wrist based HR in addition to the Fenix like my Scosche Rhythm+ or my Garmin Vivosmart HR (which can broadcast heart rate over to the fenix). So this added convenience would be a plus for me. And because it has no HR sensor it means I don’t get any all day heart rate data from the Fenix 3. Of course if you have a Fenix 3 HR then this particular point does not apply, but everything else will. I will also toss into the mix the Forerunner 645 and 935 into the thoughts as well …

Longevity
At this point Garmin are only releasing minor bug fixes for the Fenix 3/HR. No end of life date has been set (that I know of) for the Fenix 3, but one can see the writing on the wall, no future enhancements are likely in the cards for the Fenix 3. The Fenix 5 by comparison has seen additional functionality (HRV/VO2 etc) added since it’s announcement.

Additionally the building blocks of all apps, widgets and watch faces is called Connect IQ. From connect IQ 2.0 and going forward the Fenix 3/HR are not supported. So this means that certain apps/widgets/watch faces will not work. This is unlikely to change and is likely a permanent limitation going forward. DCR article on ConnectiQ.

Additional metrics
There are a number of additional metrics that the Fenix 5 offers that the Fenix 3/HR are likely to never offer. These include VO2Max, and HRV, and of course by wearing a heart rate monitor all day you also get your resting heart rate. The Fenix 3 HR does resting too just to be clear. Unfortunately the Fenix 5 hides the HRV behind an algorithm and calls it an all day stress score making this particular stat USELESS IMHO.

The Fenix 5 has an improved heart rate sensor over the Fenix 3 HR in that it gives more frequent checking of the heart rate. “A notable change to the Fenix 5 series is the updated optical HR sensor in relation to 24Γ—7 monitoring. While the Fenix 3 HR had an optical sensor, and it also monitored your HR 24Γ—7, it didn’t quite update as frequently as it could have. Sometimes it’d be every few seconds, and yet other times it’d be hours in between updates (during workouts, it was always every second). With the Fenix 5 however, the optical sensor has been reengineered to sample every 1-2 seconds.” from DC Rainmaker’s Fenix 5 review.

There are multiple sizes of Fenix 5 so if you don’t like the size of the Fenix 3 you can choose a smaller one. Here are the dimensions (shamelessly pilfered from DCRainmaker):
Fenix 5S 42.0 x 42.0 x 14.5 mm – 67g
Fenix 5Β  47.0 x 47.0 x 15.5 mm – 87g
Fenix 5X Β  51.0 x 51.0 x 17.5 mm – 98g
Fenix 3 HR Β 51.5 x 51.5 x 16.0 mm – 86g
Fenix 3 51.0 x 51.0 x 15.5 mm – 85g Sapphire with rubber strap instead of metal
FR935 47.0 x 47.0 x 13.9 mm – 49g
FR645 42.5 x 42.5 x 13.5 mm – 42g

The Forerunner 935 is for all purposes a Fenix 5 plastic.

The Fenix 5X also supports full topographic maps, a brand new feature and only available on this model.

All Fenix 5’s support bluetooth sensors (heart rate, wheel and cadence), something the Fenix 3 (and all previous Garmins) did not. Of course if you already have ANT+ sensors this is a yawner … The FR935/645 also support BT sensors.

Sapphire glass is available on the Fenix 3 and mine is a Sapphire. Sapphire makes the glass a LOT more resistant to scratches and breaking, IE more durable.
Fenix 5S: – offered in regular glass and Sapphire glass
Fenix 5: – offered in regular glass and Sapphire glass
Fenix 5X: – all are Sapphire glass
Neither the FR 935/FR645 are available with Sapphire

WIFI is a feature that the Fenix 3 has and it allows you to sync, and keep your Fenix up to date over WIFI. It’s convenient but not a big deal IMHO. All Sapphire models of the Fenix 5 have WIFI, non Sapphire do not. The FR 935 and FR645 also have WIFI .

None of the Fenix support the new wireless payment system Garmin Pay, the FR645 does.

None of the Fenix support storing and listening to music without a phone, only the FR645 does (if you get the music model). Be aware though, listening to music has a DRAMATIC effect on battery life. By Garmin’s specs battery life in GPS mode drops from 12 hours down to a mere 5 when playing music (and GPS). Honestly this shocks me, but it is what they say.

All of the devices support Garmins new quick release bands, even the older Fenix 3.

Here’s a detailed comparison of all of the devices on DCRainmaker.

What’s next?
Now we move into my opinion and is entirely speculative. To state the obvious, I do not work for Garmin, however it seems to me, having a flagship product (the Fenix) that does not support a Flagship feature (Garmin Pay) is something Garmin will address. All reports indicate the Fenix does NOT have the hardware to support NFC. So it needs a new rev of the hardware.

It is worth noting, that the battery life on the FR645 is 14 hours, Vs 20 hours for the Fenix 3, and 24 hours for the Forerunner 935. And one can only imagine this will decrease over time, and will be less in the cold. So sadly the FR645 would be marginal for my use during a day of snowboarding.

Price:
I live in Canada so these prices represent that. And doing an exhausting search for the lowest price is not all that useful. Not to mention prices change all the time. So to that end this point is almost useless. But here it is none the less. I am going to use GPS City for pricing. I’ve dealt with them a couple of times and have been happy with them. Good price, reasonable business practices, reasonable priced shipping, and reasonable shipping time.
Fenix 3 $460 (with rubber band)
Fenix 3 HR $419 (with stainless steel band)
Fenix 5 $719 (non Sapphire)
Fenix 5 $849 Sapphire
Fenix 5X $849 Sapphire
Fenix 5S $719
Forerunner 645 Music $559
Forerunner 645 No Music $498.51
Forerunner 935 $679

Given this pricing here are my thoughts … if you were buying today there is no point to a Fenix 3, might as well get the Fenix 3 HR (less money for more features, the wrist HR monitor).

Price delta to the Forerunner 645 Vs Fenix 3 HR = $79.51
If you can live with the decreased battery life the 645 would seem an obvious choice.

Price delta for Forerunner Music Vs non $60.49
Price delta to Fenix 5 Vs Fenix 3 HR $300
Price delta between the Fenix 5 and the FR 935 $40

Give the pricing if you were to buy the Fenix 5 Sapphire you might as well get the Fenix 5X, same price (assuming you can live with the size boost).

Given the price difference between the FR935 and the Fenix 5, you might as well get the Fenix 5 for better durability (plastic vs metal case).

January 25, 2018 Posted by | Activity Trackers, GPS Stuff | 1 Comment

Garmin Fenix 3 VO2 Max

I was doing a little reading on the Fenix 3 and VO2 max and thought I’d share. For cycling you need a power meter (which I don’t have) and a heart rate monitor. For running however you need to run continuously to at least 70% max HR effort for 10 or more minutes. Finding Vo2 is also challenging it’s on Garmin connect but buried behind your 7 day running stats, or on the device in your stats. It does not however seem to put Vo2 Max in Apple Health. A number of other Garmin devices pickup VO2 max on a simple brisk walk (as does the Apple watch) but no joy for the Fenix 3. This article was helpful. Fenix 3 manual on VO2Max.

January 9, 2018 Posted by | Uncategorized | Leave a comment

iPhone 8 wireless charging

As I’ve mentioned a few times in previous posts I love the convenience of wireless charging. The market however is in a state of complete and utter chaos, and Apple has done nothing to make things better, and in ways made things worse. the iPhone 8 apparently supports 7.5W wireless charging. But what does that even mean? Is that input wattage to the coil, input wattage to the phone? Apple itself, today do not even offer an official charge pad, apparently one is coming in the new year. We are already 3 months past the release of the iPhone 8, come on Apple get your ducks in a row.

So I’ve been trying to sort that out. The plethora of options available on Amazon and other places is dizzying. A fact made worse by the fact that chargers attempt to be a broad product with support for multiple phones. Reading specs from the products, if they even bother giving them isn’t helpful either. Reading reviews from other people go into more detail about the nice light or the physicals of the charger Vs the details of it’s charge speed, or heaven forbid actual details. I really wish I could find a wireless charger for the iPhone 8, that included a power adapter, and came right out and said that it support the iPhone 8’s 7.5W.

As in the past be careful you get a multi coil charger or you have to get the phone on exactly the right place to get it to charge.

So let’s have a look at what I have been able to find … First off lets set a baseline, the iPhone’s default 5W charger. Below 60% the charger charges the phone at a rate of around 1%/min. So this gives a nice easy number to relate to. As the charge rises above 60% the phone slows down the charge rate, and slows down again at 80%. By 90% it’s down to .5%/min. This is important to note when trying to measure the charge rate of your phone on any charger.

What’s also important is to insure you are using the correct power adapter for your wireless charger. Sometimes they are quite clear on what you need to use … other times, not so much.

So on with what I have found … These results are with the iPhone 8, so your results on a different phone may have completely different results. Sorry … That’s the Qi industry right now. By the way, I have included links to Amazon where I can to help you out. But be aware, these do not pay me in any way.

One of the first multi coil chargers I bought is DoCooler 6300. It turned out to be not a bad charger being able to get an average charge rate of 0.57%/hr and a peak of around 0.63%/hr. So this is around 57% the speed of the wired charger. This seems to be hard to find these days.

Next up I tried one of my favorite chargers, an Itian. It has been beside my bed and I use it pretty much every night. A subtle light, a nice angle, and multi coil make it super easy to use. This one was only able to get 0.36%/hr average and a max of 0.45. So this was about 36% the speed of wired. Now since I use this one at night, I’m not bothered by it’s charge rate, but if your looking to put a quick boost into your iPhone 8, this is not the charger for you. Amazon Link. Interestingly enough when I was using my Getto iPhone 6 Qi wireless case this was one of the faster chargers. An example of what’s good for one phone, sucks for another.

Next up comes a new one, that claims to be a quick charger, a Seneo. In conversations with the company they encouraged the use of a QC 2.0 adapter (Qualcom Quick charge). QC can put out 9V 2A so 18 Watts of power. I tested this one on a 5V 2A as well as 9V 2A and got the exact same numbers 0.57%/hr average with a peak of 0.63. So to call this quick is rubbish. Further conversations led them to admit that it does not quick charge an iPhone 8. So, don’t rush out on this one, as you can see it’s no better than the rest, but I guess it does work, just not so fast. Amazon Link.

By the way I bought an Aukey 5 port USB adapter that includes a QC2 port and found it to be a very useful device to have around rather than multiple adapters. Amazon link.

Next up I looked at a charger that claimed it supported Apple’s 7.5W charge mode. A Qi 10W Fast Wireless Charging Pad from Kcpella. In fact their rep said in answer to the question: “Yep.This fast wireless charger output power is 10W. In our lab test yesterday, it supports iPhone 8/ iPhone 8 Plus / iPhone X for 7.5W charging if using QC2.0 / QC3.0 adapter.” So on with the results. I was able to get 0.8%/hr average and it was spot on consistent when plugged into a QC 2 charger. It dropped down to 0.6%/hr with a 5V 2A charger. So this would be about 80% the speed of wired. So this is definitely faster than most but not as good as I was hoping for. At it’s peak I was able to see 9V 0.7A or 6.3W being drawn from the adapter. So comparing this to 80% of a 5W wired charger the losses due to wireless drop down to 26% Vs what I have seen in the past of 50% losses. So a fairly efficient charger. So is this the face of a fast charger for Apple? Well without having a benchmark from Apple who friggin knows. And how we get from 7.5W advertised down to 5.4W measured I don’t really get either. Amazon link.

Next up I looked at a Wofalodata car charger that explicitly says it supports the iPhone 8. Humorously though the arms push on the volume control of the iPhone 8. DOH. This was hands down the slowest coming in at an average of only 0.42%/hr with a max of 0.6%/hr or about 42% of wired. So while this held the charge of the phone even using an intensive app like Waze, it was just barely keeping up. Better than nothing I suppose. Amazon link although I DO NOT RECOMMEND this for the iPhone 8 due to the issue with the volume control. That goodness for the fantastic return policy of Amazon.

Here’s a table of the data:

And this graph shows you the difference in charge between wired, and the fastest Vs slowest wireless charge speeds over time

So for now, the Kcpella is the fastest kid on the block (if plugged into a QC 2 adapter) … BUT … always remember the iPhone 8 also supports wired Quick charge.

December 21, 2017 Posted by | Uncategorized | Leave a comment