Looking for ways to obfuscate OpenVPN traffic from PFSense to Private Internet Access to avoid throttling - Socks5 Proxy the way??

Popolou

@cotton Which is the VM box incidentally and are you running it in bridged mode?

cotton

@Popolou It's the Hub 5 and yes, running in bridged mode with a single Cat6 cable from the router into the SG-3100 WAN port.

Popolou

@cotton said in Looking for ways to obfuscate OpenVPN traffic from PFSense to Private Internet Access to avoid throttling - Socks5 Proxy the way??:

THIS IS WHERE IT GETS INTERESTING

Test 3 I went back to the rule routing traffic straight out the WAN and connected to the PIA Netherlands VPN thorugh the Windows Client.
Windows client setting using OpenVPN, UDP, AES-128-GCM
Internet IP address is 89.149.24.177
5.4 Mbps
5.9 Mbps
4.8 Mbps

Plug a laptop directly into the VM box and use PIA's client to connect to the VPN network over TCP 443. Worth to see if that makes a difference.

cotton

@Popolou Thanks for the suggestion, that's the same unfortunately.

A couple of questions:

1. Is there a way to configure an authenticated SOCKS5 proxy in the OpenVPN client config page? That way I can use the PIA SOCKS5 proxy to route traffic over

2. Is there any plans to allow "scramble obfuscate" to be used within the custom options of the OpenVPN client config page in PFSense?

Popolou

@johnpoz said in Looking for ways to obfuscate OpenVPN traffic from PFSense to Private Internet Access to avoid throttling - Socks5 Proxy the way??:

Have you tried maybe the wireguard option that pia offers?

Did you get a similar result?

cotton

@Popolou Ideally that's what I'm after doing from the PFSense box. From reading online PIA don't offer the option to export manual config files for Wireguard directly from the site and you need to do something from a Linux box to extract the Public & Private keys.

I'm useless with Linux so I'm currently trying every other way possible before attempting :)

Popolou

@cotton Yes, i see here what you mean. It may come to that however.

You might want to try a test using their Windows client app as you did for Test 3 if in case it does indeed solve your issues first.

cotton

@Popolou Sorry I see what you mean, yes Wireguard is miles faster than OpenVPN when using the PIA app.

I connect to UK Manchester with OpenVPN UDP configured in the settings and I get 74 Mbps max. Connecting to the same region via Wireguard and small packets I can get 312 Mbps, and as a control test, with no VPN connected I get 762 Mbps.

So VMB still throttling the Wireguard traffic, but it's over four times faster than OpenVPN so seems like a sensible trade-off.

Popolou

@cotton Yes, i'd agree with that. You may want to find a crash course in linux after all!

Curiously, that speed discrepancy between OVPN and WG would suggest something else at play here than throttling. What i mean to say is that those two speeds would more likely have been quite similar if there was an intention to restrict VPN use across the VM network.

cotton

@Popolou Ok so I put my big boy pants on and installed Ubuntu on a Hyper-V VM. After following the instructions here (https://github.com/pia-foss/manual-connections) I was able to generate .conf files for PIA Southampton, London, Manchester and Amsterdam. From there I extracted the public and private keys to setup the tunnel in Wireguard on my Netgate device.

So far, Wireguard through Southampton is working an absolute treat for me. Still over four times as fast as when connecting to the same PIA region over OpenVPN.

Popolou

@cotton "Great success"...if you know what i mean.