How to troubleshoot poor vpn performance?

  • Hi,

    Since my last topic was like talking to myself, lets try again.

    How does one go about troubleshooting VPN performance issues?

    pfsense documentation is utterly useless on this point and never exceeds the level of "have you tried rebooting?".

    On my VPN is going full blast, reaching something like 60mbps. This matches the clients maximum network speed. However downloading a linux iso or downloading a game from steam leads to poor performance. HTTP downloads are ~400kbps with steam being around 10mbps.

    Obviously this is extremely weird. If performance was poor all across the board that'd make sense but it doesn't make sense for speedtest to get high speeds, browser downloads low speed and steam somewhere in the middle. The moment I turn off my vpn all those downloads reach much higher speeds.

    It's not an issue on the server's end either because the connection is more than fast enough and cpu usage in pfsense and on the host (running pfsense inside virtualbox) never come close to max out available resources.

    I've tried different ports, I tried different encryption levels, I've tried whatever setting I could find but performance outside speedtest is shit.

    What can I do to troubleshoot this issue?

  • Rebel Alliance Developer Netgate

    You might have to adjust the MSS of traffic to reduce the packet sizes inside the VPN in those cases. Try starting at 1300.

    You can try using the value under VPN > IPsec on the Advanced Settings tab for MSS Clamping, that also affects OpenVPN. If that doesn't help, check the OpenVPN man page, they have suggestions in there about setting/changing MSS and packet sizes.

    You can watch the CPU usage from the shell using "top -aSH" to see if there appears to be a hardware bottleneck.

  • Have you tried doing those same http downloads on the server itself with wget or curl and see how it performs?

Log in to reply