[SOLVED] Slow PIA VPN connection on pfsense 2.4b
-
EDIT
This was solve by going back to Pfsense 2.3.3 stable.
EDITHello
I recently bought a pfsense box and upgraded my internet connection to 100/100mbit from 30/30mbit
at first running the PIA VPN on pfsense was impossible because with the standard settings described in the PIA guide I only got around 0.5mbit download speed. Then I looked here on the pfsense forums and it seems there are a few others who have had speed issues as well.I found that I should add this:
fast-io
sndbuf 524288
rcvbuf 524288This gave me an increase to a maximum of 75/25mbit
but I'm still missing the last 25/75mbits and since I have no clue what the things I added to the client does I have no idea how to proceed.I have also tried disabling the PIA client in pfsense and testing with the PIA pc client and here it is maxing out my internet connection.
Its a homemade mini ITX pc with the following specs:
Asrock Intel J3455-ITX
2x4GB HyperX 1866MHz RAM
Pfsense 2.4bI'm running with same encryption level on both clients.
![PIA Settings 01.jpg](/public/imported_attachments/1/PIA Settings 01.jpg)
![PIA Settings 01.jpg_thumb](/public/imported_attachments/1/PIA Settings 01.jpg_thumb)
![PIA Settings 02.jpg](/public/imported_attachments/1/PIA Settings 02.jpg)
![PIA Settings 02.jpg_thumb](/public/imported_attachments/1/PIA Settings 02.jpg_thumb)
![Speedtest straight.JPG](/public/imported_attachments/1/Speedtest straight.JPG)
![Speedtest straight.JPG_thumb](/public/imported_attachments/1/Speedtest straight.JPG_thumb)
![Speedtest PCVPN.jpg](/public/imported_attachments/1/Speedtest PCVPN.jpg)
![Speedtest PCVPN.jpg_thumb](/public/imported_attachments/1/Speedtest PCVPN.jpg_thumb)
![Speedtest VPN.JPG](/public/imported_attachments/1/Speedtest VPN.JPG)
![Speedtest VPN.JPG_thumb](/public/imported_attachments/1/Speedtest VPN.JPG_thumb) -
No one? :'(
I just did a restore to a basic setup with WLAN I had of pfsense 2.4 and then updated to the latest build from the 19th of April.
Then tried going through the PIA setup guide once again, but I have the same problem as before.I have attached a screenshot of the speed I'm getting.
Please let me know if you need more information regarding other parts of my pfsense settings.
![Speedtest VPN default.JPG](/public/imported_attachments/1/Speedtest VPN default.JPG)
![Speedtest VPN default.JPG_thumb](/public/imported_attachments/1/Speedtest VPN default.JPG_thumb) -
Try these things one at a time and individually. If they don't help individually try them in combinations.
Under System / Advanced / Miscellaneous > Cryptographic Hardware : make sure you have AES-NI selected.
try using a different PIA server
try using the webconfigurator cert for your client certificate
try removing all of your custom options except "remote-cert-tls server"
try using port 1194
-
Try these things one at a time and individually. If they don't help individually try them in combinations.
Under System / Advanced / Miscellaneous > Cryptographic Hardware : make sure you have AES-NI selected.
try using a different PIA server
try using the webconfigurator cert for your client certificate
try removing all of your custom options except "remote-cert-tls server"
try using port 1194
AES-NI was selected.
Switching to port 1194 "broke" the VPN, meaning I was running on my ISP again.
There are no other certs available for me to choose other than the PIA cert i created.
Removing all custom options except "remote-cert-tls server" made the connection slow again.
The server I have selected is maxing my connection when I run it on my pc client, should I still try another server?
Another thing I've noticed is that my RTT is around 7-15 ms shouldn't it be less than 0? thought I might mention it, if it could help out.
![No VPN.JPG](/public/imported_attachments/1/No VPN.JPG)
![No VPN.JPG_thumb](/public/imported_attachments/1/No VPN.JPG_thumb)
![PIA PC VPN CLIENT.JPG](/public/imported_attachments/1/PIA PC VPN CLIENT.JPG)
![PIA PC VPN CLIENT.JPG_thumb](/public/imported_attachments/1/PIA PC VPN CLIENT.JPG_thumb)
![PFSENSE PIA VPN.JPG](/public/imported_attachments/1/PFSENSE PIA VPN.JPG)
![PFSENSE PIA VPN.JPG_thumb](/public/imported_attachments/1/PFSENSE PIA VPN.JPG_thumb)
![PFSENSE PIA VPN CUSTOMS REMOVED.JPG](/public/imported_attachments/1/PFSENSE PIA VPN CUSTOMS REMOVED.JPG)
![PFSENSE PIA VPN CUSTOMS REMOVED.JPG_thumb](/public/imported_attachments/1/PFSENSE PIA VPN CUSTOMS REMOVED.JPG_thumb)
-
No RTT can never be 0, it will always be greater.
Still try another server.
The webconfigurator certificate is on pfsense by default. If you really don't have it something is probably wrong, and you should do a clean install and restore config.
-
No RTT can never be 0, it will always be greater.
Still try another server.
The webconfigurator certificate is on pfsense by default. If you really don't have it something is probably wrong, and you should do a clean install and restore config.
oops what I ment was around 0.. I've seen tutorials on youtube where its been around 0.2 as i remember.
I found the certificate, tried it out, but didn't help. Will try a few different servers now.
-
sub 50ms RTT is pretty good for a VPN connection. sub 10ms is good for a normal WAN. Sub 1ms you will probably only ever see on your local network.
Honestly, your VPN settings look like they should work just fine. The fact that you could get higher speeds with tweaking on that server means it can give you those speeds.
I would still try a few different servers.But I think something is wrong with your box. Probably a config somewhere. That hardware is confirmed to get high VPN throughput.
Try backing up your config, and doing a clean install. Setup just the VPN and see if it works for you. If so then try restoring the config.xml
-
Ok so I have now tried 5 EU servers and one US server without any difference, they are all around 40-60/15-40mbps. (it seems to be my max speed today)
as per usual I turned off the pfsense vpn and tried without any vpn and also the pc client, with the same results as always = around 100/100mbpsAlso tried to remove:
fast-io
sndbuf 524288
rcvbuf 524288it made it worse every single time, around 5mbps down.
sub 50ms RTT is pretty good for a VPN connection. sub 10ms is good for a normal WAN. Sub 1ms you will probably only ever see on your local network.
Perfect, these numbers I'm well within of.
Honestly, your VPN settings look like they should work just fine. The fact that you could get higher speeds with tweaking on that server means it can give you those speeds.
I would still try a few different servers.But I think something is wrong with your box. Probably a config somewhere. That hardware is confirmed to get high VPN throughput.
Try backing up your config, and doing a clean install. Setup just the VPN and see if it works for you. If so then try restoring the config.xml
Would like to do that, but is it possible without a screen and keyboard? ::) I borrowed those two items when installing them last time, since my only pc is a laptop.
If not I will have to ask around ;D
-
Yeah you'll need a keyboard and screen.
You can try backing up your config, then Diagnostics / Factory defaults.
That will only fix it if it's a weird setting you've placed somewhere that's causing problems.
If somethings corrupted with the instal it won't help you, you'll need clean install for that.What other packages are you running?
-
Yeah you'll need a keyboard and screen.
You can try backing up your config, then Diagnostics / Factory defaults.
That will only fix it if it's a weird setting you've placed somewhere that's causing problems.
If somethings corrupted with the instal it won't help you, you'll need clean install for that.What other packages are you running?
I thought so much.. Will have to ask around then :)
Now that we are speaking about the possible reason being the install, I do remember that the system sometimes hangs and gives an error message while loading pfsense from a reboot. Never gave it much thought as it was the 2.4 beta and trying to run it mirrored on two USB's.
I unfortunately cannot remember what the error message was. but probably something about it couldn't find or load something.
I was running Suricata, but as it is very CPU hungry, I reverted back to a former backup before it was installed, to see if that was the problem.
-
Yeah you shouldn't be getting error messages even on 2.4 during boot.
I also run 2.4.0 BETA on USB sticks in raidz2 with a RAM disk and get no error messages.
-
Yeah you shouldn't be getting error messages even on 2.4 during boot.
I also run 2.4.0 BETA on USB sticks in raidz2 with a RAM disk and get no error messages.
Hopefully this is the reason (knock on wood) :D
So since I have 2 USB3 ports and 2 USB2 port available, how do I go about installing?
Because I've read somewhere here on the forum that USB3 ports are not a good idea.. -
I haven't heard that?
USB3.0 drives are often not recommended as install media because they tend to get hotter, but I don't know if that even matters.
I would leave the drives you'll install to in the 2.0 slots and put the one with the image in whatevers left over.
-
I haven't heard that?
USB3.0 drives are often not recommended as install media because they tend to get hotter, but I don't know if that even matters.
I would leave the drives you'll install to in the 2.0 slots and put the one with the image in whatevers left over.
Read it over on the hardware forum, but I cant find it now.
It might just be because they get hot.
Will try your suggestion(s) tomorrow, have ordered a screen and keyboard and if all fails with the usbs, I have a 256gb ssd I can donate to the "cause".
-
Do you use a RAM disk?
-
-
So during the installation of pfsense 2.4 I ran into the issue I also had the first time I installed it and that was that the installer hanged after I selected to reboot. See picture.
I waited aprox 10-15 mins for it to reboot and then forced it by unplugging the router. Is this normal, should I have waited longer?
In the next picture, this always show up during reboot. Is this normal?
![Dump devices does not exist.jpg_thumb](/public/imported_attachments/1/Dump devices does not exist.jpg_thumb)
![Dump devices does not exist.jpg](/public/imported_attachments/1/Dump devices does not exist.jpg) -
The "no suitable dump device found" error just means that you don't have swap, which is fine as long as that's the way you installed.
I'd try it again and leave it for 20-30min.
There are a few issues with reboot floating around, and there's an issue where reboot can hang for ~20min because it can't install packages but it will eventually continue the boot and then you can get packages installed once boot is complete. The 20 minute hang issue hopefully gets fixed….
So reinstall, let it start rebooting and just walk away, for a good bit of time.
For your hardware I don't think it's an issue but make sure you have latest BIOS/UEFI/firmware installed.
-
The "no suitable dump device found" error just means that you don't have swap, which is fine as long as that's the way you installed.
I did install without swap, so I can ignore that message in the future :)
I'd try it again and leave it for 20-30min.
There are a few issues with reboot floating around, and there's an issue where reboot can hang for ~20min because it can't install packages but it will eventually continue the boot and then you can get packages installed once boot is complete. The 20 minute hang issue hopefully gets fixed….
So reinstall, let it start rebooting and just walk away, for a good bit of time.
It just started its 20mins reboot countdown, so I'm crossing my fingers :)
For your hardware I don't think it's an issue but make sure you have latest BIOS/UEFI/firmware installed.
I am all ready, so shouldn't be a problem.
-
I'm now on 120 mins, no sign of it wanting to reboot..