Awfully slow transfer speeds from remote NAS over ZeroTier

rheuer22

Hi,

I’m facing a weird issue with transfer speeds from a NAS hosted at a remote location. The NAS is hosted on a symmetrical 1G fiber connection, and I’m connecting to it via ZeroTier client to mount the volume on my desktop. However, I’ve been experiencing download transfer speed problems.

At home, I have a pfSense router with a 400mbps download link. When I try to copy a folder from the NAS that’s several gigabytes in size, I only get 355kb/s or even slower. Sometimes, it briefly increases to 2mb/s but then crashes down again.

To rule out an ISP issue, I decided to bypass the pfSense router and connect directly to an extra router I had plugged into my modem- the problem disappeared, and my download speeds significantly improved to 16mb/s. So its definitely a pfSense issue, I first thought it was the firewall. I looked at drop logs and saw a bunch of UDP drops from host addresses from ZeroTier (the NAS was one of them), so I explicitly allowed those, but the problem still persisted.. so now im kinda stumped.

Also keep in mind that this is only an issue from this specific setup. Ive tested this on my MacBook and another windows PC as well. I also don't have transfer issues from anywhere else over WAN, and network speed test results are great.

If I am missing something obvious or if anyone has any guidance please let me know. Id greatly appreciate it!

stephenw10

That's 355 KB/s (kilo-Bytes per second) or 2.8Mbps. That's still far short of 400Mbps though. I assume you mean 16MB/s (128Mbps) without pfSense. Still well below 400 but obviously much higher.

What traffic did you actually see blocked?
Just passing that traffic would not usually help because of NAT but the fact anything is blocked could be a clue.

Such a restriction usually points to something low level like a bad link somewhere. Do you see the expected speeds when not using the VPN?

rheuer22

@stephenw10 Correct, 16MB/s aka 128mbps which is far less than what I am getting, but much faster than before. UDP traffic from the NAS was being blocked over WAN.

I cannot access the NAS without VPN, so there is no way to test that theory. Network works great, I haven't had any speed issues until I got this set up.

stephenw10

But you see the expected WAN speeds up and down at both ends? Through pfSense?

rheuer22

@stephenw10 I was able to resolve this after more troubleshooting. thanks!

bmeeks

@rheuer22 said in Awfully slow transfer speeds from remote NAS over ZeroTier:

@stephenw10 I was able to resolve this after more troubleshooting. thanks!

For someone in the future who might have a similar issue and finds this thread via a search, would you mind sharing what you found that resolved the slow remote transfer speeds for you?

Gertjan

@rheuer22 said in Awfully slow transfer speeds from remote NAS over ZeroTier:

I cannot access the NAS without VPN, so there is no way to test that theory. Network works great, I haven't had any speed issues until I got this set up.

But you can do this : https://forum.netgate.com/topic/195855/weird-slow-openvpn-connection/4 and suddenly you have a full 1 Giga bits /sec or 125 Mbytes / sec connection between your test device (using OpenVPN, or, why not testing without it also while you're at it), pfSense in the middle, and a NAS on the pfSense LAN.
I'm pretty sure that that pfSense (the OpenVPN process actually) can handle just fine many M bytes / sec. It's more a "what processor do you use ?" question.
And its always a "how did you set it up question"

rheuer22

@bmeeks I was able to resolve after turning on UPnP & NAT-PMP on pfSense. I didn't realize ZT would need to have that on to dynamically map external ports and avoid NAT traversal.

bmeeks

@rheuer22 said in Awfully slow transfer speeds from remote NAS over ZeroTier:

@bmeeks I was able to resolve after turning on UPnP & NAT-PMP on pfSense. I didn't realize ZT would need to have that on to dynamically map external ports and avoid NAT traversal.

Thanks for the follow-up. Just thought it would be helpful to another user in the future that might experience the same issue to find a solution in your thread.

I know I have personally found threads on other forums when searching where the problem matched something I was experiencing at the time, but the original poster closed out their discussion thread with the equivalent of "I solved it", but without saying how .

rheuer22

@bmeeks No problem! I should have posted the solution initially. Makes sense, it will be helpful for others!

stephenw10

Yup good to know that about zerotier, I wouldn't have thought it was required.

Gblenn

@stephenw10 said in Awfully slow transfer speeds from remote NAS over ZeroTier:

Yup good to know that about zerotier, I wouldn't have thought it was required.

According to the documentation, it is not required for holepunching, but they do refer to challenges with symmetric NAT.
https://docs.zerotier.com/corporate-firewalls/#:~:text=Default%20zerotier%2Done%20listening%20ports,ZeroTier%20hole%20punching%20to%20work))

@rheuer22 Perhaps try to set Static Port (Hybrid outbound rules), to see if that has a similar effect?