SG-3100 OpenVPN Download slow (and it is SG slowing it)
-
i don't use that provider. but 2 things you can try.
1. change your ncp algorithm to CBC 128 and 256. remove what you have.
2. change compression to LZO compressioni use PIA. and i get i would say 95% of my full download speed.
i am no expert at OpenVPN. but i have been tinkering with it on and off for about 2 years now on my sg 2200 router
also. have you downloaded the configuration files here: https://protonvpn.com/support/linux-vpn-setup/ ? open the file and match your openvpn configuration
Unfortunately this does not change the speed. Maybe I will give PIA a try for non essential VPN stuff
-
Do you have 'BSD Crypto Device' selected in System > Advanced > Miscellaneous.
And also in the OpenVPN client settings?Steve
-
I am running Proton VPN but on a custom built pfsense box.
On my box I can get a little over 300mbps.
I know this isn't exactly what you were looking for but it at least proves out that pfsense\openvpn is capable of the faster speeds.
I am curious to see what the max speed the 3100 will do on proton vpn.
-
It won't do 300Mbps OpenVPN, I would expect to see the full 85Mbps here though. I have tested it at 95-100Mbps. It will do far more using IPSec if the VPN service supports that.
However in the above log we can see:
Mar 11 07:22:01 openvpn 59802 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mar 11 07:22:01 openvpn 59802 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit keyIt's using the NCP Algorithms as they take priority over the specified algorithms. However the cesa hardware crypto in the SG-3100 only accelerates AES-CBC so those should be set in NCP as suggested above by bcruze.
Steve
-
It won't do 300Mbps OpenVPN, I would expect to see the full 85Mbps here though. I have tested it at 95-100Mbps. It will do far more using IPSec if the VPN service supports that.
However in the above log we can see:
Mar 11 07:22:01 openvpn 59802 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mar 11 07:22:01 openvpn 59802 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit keyIt's using the NCP Algorithms as they take priority over the specified algorithms. However the cesa hardware crypto in the SG-3100 only accelerates AES-CBC so those should be set in NCP as suggested above by bcruze.
Steve
I'm learning here but -GCM on my SG-3100 provides about 145Mbps on average. Compared to hardware acceleration with -CBC I think I come out ahead. I have tested both and see about 95Mbps with -CBC as well.
-
Hmm, that's an interesting result. I'll have to retest.
Steve
-
A question not asked
Are you paying for the service or using the free one?
The free service has limited speeds it appears
-
sorry for beeing quite but did not have the time to test. I now bought PIA and tested several of their nodes and was able to get full 100 Mbit download with the tipps from above but only when disabeling hardware crypto. If I could post something to help development please drop me a message!
-
Disabling it in OpenVPN or in System > Advanced > Misc?
Did you end up using AES-CBC or -GCM?
Steve
-
I should add that my comments above with CBC vs GCM are my experience running the OpenVPN server on my SG-3100. I do use PIA as well but do not use it via config within the 3100. That said, when I connect to PIA I am using their OpenVPN option and it does now look like they are using GCM but so far as I know I have no control or option to decide what is used. Its certificate based. Is there a choice? A different server maybe based on the settings I want?
-
i've always followed the directions and use CBC:
Mar 24 21:08:24 openvpn 15361 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 24 21:08:24 openvpn 15361 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 24 21:08:24 openvpn 15361 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit keyOK so a line above i do see this: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
but i enabled 128 and 256 GCM for NCP Algorithms and it still connected as CBC
shrug
-
Disabling it in OpenVPN or in System > Advanced > Misc?
In the OpenVPN client settings
Did you end up using AES-CBC or -GCM?
I can use both in the settings and get full speed (10,5 MB/s) as long as I do NOT enable Hardware Crypto. If I enable it I do not get more the 7 to 8 MB/s
