Good OVPN client setting for PIA?
-
Is anyone operating a speedy and reliable OVPN client to Private Internet Access with setting they could share? I've had a tunnel to them for years which worked fine until about 2 months ago. I now get occasional good performance (15ms ping, 100Mb) but mostly 500ms ping with ~5% packet loss and sub 1Mb throughput.
Their support has been no help (telling me to reboot or upgrade my hardware), and all sources of OVPN config settings that I've found don't appear to work. Note that I am in Switzerland and trying to use their Swiss endpoint.
Here is what I have in my OVPN client config in pfSense:
Server Mode: P2P (SSL/TLS)
DCO: unchecked
Device mode: tun - layer 3
Protocol: UDP
Interface: WAN
Local port: none
Server: swiss.privacy.network (note that they tell me to put a static IP in here, but no static IP I have tried has allowed the client to connect).
Server port: 1197
Proxy: none
Username: my username
Password: my password
Retry: unchecked
TLS Config: unchecked
TLS keydir: default
CA: my PIA CA
Client cert: none
Algo: AES-256-CBC
Fallback: AES-256-CBC
Auth: SHA256
HW Crypto: none
Server cert key validation: unchecked
Tunnel Network and Remote network: blank
Limit bandwidth: blank
Allow compression: Asymmetric
Compression: Adaptive LZO Legacy
Topo: Subnet
Type of service: unchecked
Don't pull: unchecked
Don't add: unchecked
Pull DNS: unchecked
Ping inactive: 0
Ping method: keepalive
Interval: 10
Timeout: 60
Custom options (note that pfSense says to separate these by semicolon, which breaks the client for me, so I use spaces): pull-filter ignore redirect-gateway
UDP Fast: unchecked
Exit notify: disabled
Buffer: 512Kb (their support recommended 300K)
Gateway: IPv4 only===============
The below is at the start of the .ovpn config file they sent me, but when I try to use the file as-is or try to introduce any of the settings into the pfSense "Custom options" field I immediately break the client and it refuses to connect. I don't understand the interdependencies of any of these...:
client
dev tun
proto udp
remote swiss.privacy.network 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass
compress
verb 1
reneg-sec 0I'm also happy to leave PIA if there is a better solution.