Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Tunnel DL & UL Speed is Slow

    Scheduled Pinned Locked Moved OpenVPN
    20 Posts 4 Posters 2.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      limez17
      last edited by

      Dear All,

      Good day!
      I've got a working setup of pfSense OpenVPN Site-to-Site setup via UDP 1197.

      1. Tunnel ping and browsing speed is fast.
      2. Can download files if its small size(10mb below).
      3. UDP Fast I/O is both enabled in OpenVPN Server and Client.
      4. No crypto enabled.
      5. Server ISP(50/50) and client ISP(100/100) are both symmetric.
      6. Server and client pfSense hardware are identical. Specs is i3 4th gen, 4GB, 500GB HDD and Gigabit LANs.

      Issue:
      Whenever I tried to download to a file(1.6GB in size) server behind the OpenVPN server using my web browser. It always took 30 minutes for the download to finish.
      But when I tried to SCP a file(1.6GB in size) from a server behind the OpenVPN client to the file server behind the OpenVPN server, it always took around 7 minutes for the SCP(Port 22) to finish.

      Please help! Thank you in advance!

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott @limez17
        last edited by

        @limez17

        Unless you have different rules for them, ssh and http(s) should behave the same. As far as psSense & OpenVPN are concerned, the only difference between the 2 is the port number. Given that small files are OK suggests the problem is at the server or client and not the VPN.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        L 1 Reply Last reply Reply Quote 0
        • L Offline
          limez17 @JKnott
          last edited by

          Hi @JKnott,

          Thank you for your response on my thread.
          It's been a week now since I started to troubleshoot this issue. But still unable to resolve it.
          Do you have a pfSense OpenVPN setup? If yes, may I ask what is your configuration?

          JKnottJ 1 Reply Last reply Reply Quote 0
          • M Offline
            mcury Rebel Alliance
            last edited by

            Did you try with another browser? Probably yes, a week already in this problem...
            But if didn't, try it.

            My Synology NAS, when I use Firefox, some downloads don't finish.
            But when using Chrome, everything works fine.

            dead on arrival, nowhere to be found.

            L 2 Replies Last reply Reply Quote 0
            • L Offline
              limez17 @mcury
              last edited by

              Hi @mcury!

              Thank you for your response!
              So far i've tried only Brave and Google Chrome. Will try other browser too!
              ^_^

              1 Reply Last reply Reply Quote 0
              • JKnottJ Offline
                JKnott @limez17
                last edited by

                @limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

                Hi @JKnott,

                Thank you for your response on my thread.
                It's been a week now since I started to troubleshoot this issue. But still unable to resolve it.
                Do you have a pfSense OpenVPN setup? If yes, may I ask what is your configuration?

                Yes I do, but it's just a basic configuration, nothing special. All a VPN does is move packets from A to B. It doesn't even worry about stuff like TCP connections etc. In this regard, it's no different than an Ethernet NIC. Given that ssh works well, it's obvious that OpenVPN is working well too.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                L 1 Reply Last reply Reply Quote 0
                • L Offline
                  limez17 @JKnott
                  last edited by

                  Hi again @JKnott,

                  I strongly agree with you. I too is using just a basic configuration to move packets from A to B. But it got a little bit salty on the download part from Server to Client.

                  1 Reply Last reply Reply Quote 0
                  • kiokomanK Offline
                    kiokoman LAYER 8
                    last edited by

                    no traffic shaper involved i guess ?

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    L 1 Reply Last reply Reply Quote 0
                    • L Offline
                      limez17 @kiokoman
                      last edited by

                      @kiokoman none

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        limez17 @mcury
                        last edited by

                        @mcury I've tried internet explorer, edge, mozilla. Same result hehe

                        M 1 Reply Last reply Reply Quote 0
                        • M Offline
                          mcury Rebel Alliance @limez17
                          last edited by

                          @limez17 Have you tried IKE tunnel between sites to confirm if the problem is openvpn?
                          Setup an iperf server at the other side of the tunnel for a good test.

                          dead on arrival, nowhere to be found.

                          L 2 Replies Last reply Reply Quote 0
                          • L Offline
                            limez17 @mcury
                            last edited by

                            Hi @mcury,

                            Good day!
                            What is IKE? Also how to setup an iperf server?

                            M 1 Reply Last reply Reply Quote 0
                            • M Offline
                              mcury Rebel Alliance @limez17
                              last edited by

                              @limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

                              Hi @mcury,

                              Good day!
                              What is IKE? Also how to setup an iperf server?

                              ipsec tunnel. you need to setup phase1 and phase2? This rings nothing to you?
                              iperf is ez to google

                              dead on arrival, nowhere to be found.

                              L 1 Reply Last reply Reply Quote 0
                              • L Offline
                                limez17 @mcury
                                last edited by

                                @mcury found it, installing the iperf now hehe

                                1 Reply Last reply Reply Quote 0
                                • L Offline
                                  limez17 @mcury
                                  last edited by

                                  @mcury IPsec tunnel rings a bell. But I want to stick to OpenVPN. I'm planning to deploy OpenVPN client on a Rasbian Pi.
                                  But if not luck settling the score. Will try to putup an IPsec tunnel. Thank you for this recommendation. ^_^

                                  1 Reply Last reply Reply Quote 0
                                  • JKnottJ Offline
                                    JKnott
                                    last edited by

                                    @limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

                                    Also how to setup an iperf server?

                                    You may want to check my posts in another area here. The pfsense Package Manager installs v2 of iperf, which is obsolete and not compatible with the current v3. To install it, you have to run the command "pkg install iperf3". However, you'll have to run it from the command line, as it won't be available under Diagnostics.

                                    PfSense running on Qotom mini PC
                                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                    UniFi AC-Lite access point

                                    I haven't lost my mind. It's around here...somewhere...

                                    1 Reply Last reply Reply Quote 0
                                    • M Offline
                                      mcury Rebel Alliance
                                      last edited by

                                      Actually, running iperf on the firewall is not the best method of testing.
                                      You should install it into the server, or in a device at the server's network, and test from the other side, also not from the firewall.
                                      Test only the throughput..

                                      dead on arrival, nowhere to be found.

                                      L 1 Reply Last reply Reply Quote 0
                                      • L Offline
                                        limez17 @mcury
                                        last edited by

                                        Hi @mcury,

                                        I found the culprit. It turns out my ISP 20mbps internet is asymmetric.
                                        They advertised 20mbps fiber but the DL is the only 20mbps, UL is 8mbps.
                                        I will be testing on my other ISP which is verified symmetric 100mbps.
                                        Will provide feedback. Thank you!

                                        JKnottJ 1 Reply Last reply Reply Quote 0
                                        • JKnottJ Offline
                                          JKnott @limez17
                                          last edited by

                                          @limez17

                                          Asymmetric connections are typical on ADSL and cable, due to bandwidth limitations. However, I have no idea why they often use it on fibre, as so much bandwidth is available.

                                          Incidentally, the theoretical maximum bandwidth on fibre is about 2.5 petabits (2.5 million Gb). If you were to run 250 wavelengths, with DWDM, with each wavelength carrying 100 Gb/s, you use only 1% of that capacity. Fibre supports a LOT of bandwidth.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          L 1 Reply Last reply Reply Quote 0
                                          • L Offline
                                            limez17 @JKnott
                                            last edited by

                                            Hi @JKnott,

                                            Our telco company here in country is so greedy ☹

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.