Upstream very low compared with downstream traffic with OpenVPN Client.

ramses.sevilla · Oct 27, 2020, 1:48 PM

Hi everyone,

I have installed a HA pfSense 2.4.4 with two WAN and one LAN.

Both WAN Interfaces are connected to two ISP lines with 250Mb/250Mb (Down/Up).

Both WAN Interfaces are serving a OpenVPN Server each one.

When I check the bandwith with speedtest.net from a PC in the LAN I obtain 250Mb/250Mb (Down/Up).

When I connect a OpenVPN Client to OpenVPN Server 1 (WAN1), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN2) and when I connect a OpenVPN Client to OpenVPN Server 2 (WAN2), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN1).

When I check the bandwith with speedtest.net from the OpenVPN Client in the WAN1/WAN2 I obtain 200Mb/50Mb (Down/Up).

Do you know why may be that the upstream is so low?

Regards and thanks,

Ramsés

stephenw10 · Oct 28, 2020, 2:56 PM

Where are you connecting from to test that?

The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.

Steve

JKnott · Oct 28, 2020, 3:11 PM

@stephenw10

Actually, the VPN performance would be limited by the upload in both directions. For example, I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions, no matter what the download is capable of.

ramses.sevilla · Oct 28, 2020, 3:44 PM

@stephenw10 said in Upstream very low compared with downstream traffic with OpenVPN Client.:

Where are you connecting from to test that?
The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.
Steve

Hi Steve,

I'm connecting from Spain.

Regards

Pippin · Oct 28, 2020, 3:50 PM

Server side you have 250/250.
How much on client side, that's the question ;)

ramses.sevilla · Oct 28, 2020, 4:17 PM

Hi @Pippin

On client side no problem neither, I have 300Mb/300Mb

Regards

Gertjan · Oct 28, 2020, 4:32 PM

@JKnott said in Upstream very low compared with downstream traffic with OpenVPN Client.:

I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions,

What about 5 Mb/sec ?

I imagine something like this :

Someone from the outside world connects to your 75/10 Mb VPN server.
This some one executes a speed test, available on the net.
This connection comes in over the "75Mb/sec" VPN pipe, using the WAN interface.
And goes out over the same WAN interface pipe, over the 10Mb/sec pipe to the speed test server.
Then comes back over the 75Mb/sec WAN pipe.
Goes over the VPN 10Mb/sec pipe to the "some one".

The 75 and 10 pipe will get used each twice.
In theory, 10 Mb/sec will be cut in half. (right ?)

True, (VPN) compression could help here. And VPN traffic control will add some overhead.

JKnott · Oct 28, 2020, 4:52 PM

@Gertjan

If you are in fact going in and out through the same interface twice, then yes throughput will be cut in half.

ramses.sevilla · Oct 28, 2020, 4:56 PM

Hi @Gertjan

In that situation is correct but in my case I have two WAN with 250Mb/250Mb. The clients connect to WAN1 an goes to Internet trought the WAN2 or viceversa.

Regards

Pippin · Oct 28, 2020, 5:20 PM

So,

Client -> OVPNWAN1 -> OVPNWAN2 -> ???

Better draw a clear diagram...

stephenw10 · Oct 28, 2020, 5:24 PM

Most tests only test in one direction at a time so whilst that traffic has to go in and out at the VPN server the reply traffic the other way is minimal so I would expect somewhere close to the line rate. But, yeah, any reply traffic there is will reduce the potential test rate.

Steve

ramses.sevilla · Oct 29, 2020, 8:19 AM

@Pippin this's the diagram:

Case 1.- Client -> Internet -> OVPN-WAN1 -> WAN2 -> Internet

Case 2.- Client -> Internet -> OVPN-WAN2 -> WAN1 -> Internet

Regards

pwood999 · Oct 29, 2020, 10:54 AM

Assuming the Client is at a remote location, maybe the client VPN software is limiting the speed ?

ramses.sevilla · Oct 29, 2020, 12:39 PM

Hi @pwood999

I think that no because OpenVPN Client is installed by default and I think that isn't limited in any direction.

stephenw10 · Oct 29, 2020, 6:59 PM

So to be clear you're seeing the same throughput when connecting via either WAN?

Steve

ramses.sevilla · Oct 30, 2020, 11:01 AM

Hi @stephenw10

I don't understand the question.

Regards

pwood999 · Oct 30, 2020, 11:17 AM

If the Server has 250Mb/250Mb. and the Client side has 300Mb/300Mb then the issue must be either server or client performance, unless you have some other limiters configured.

ramses.sevilla · Oct 30, 2020, 12:02 PM

Hi @pwood999

This is clear, but what can I do?. This is the question...

Do I need to change any OVPN parameter?

No, I haven't configured any limiter on any side.

Regards

stephenw10 · Nov 4, 2020, 8:43 AM

@ramses-sevilla said in Upstream very low compared with downstream traffic with OpenVPN Client.:

I don't understand the question.

You showed two connection cases, connecting via WAN1 or connecting via WAN2.

Do you see the same throughput restriction in both cases?

Steve

pwood999 · Nov 4, 2020, 8:51 AM

What hardware are your HA PfSense pair running on ?
Are you using physical or virtual machines ?
What CPU & OS does the client PC use ?

Might be worth posting your OpenVPN configs (excluding public IP & secrets).

Also maybe this thread should be moved to OpenVPN forum ?