PIA - bad speeds



  • I have an APU1D4 with the latest pfSense release.
    Since today I ordered a VPN package with Private Internet Access (PIA).
    I configured my pfSense box following this guide: https://www.privateinternetaccess.com/forum/discussion/21875/
    Everything is working and I'm connected through PIA but my speeds are terrible.
    I have a 150/15 connection and when I'm connected to PIA through my Mac (Tunnelblick client connected with OpenVPN PIA) I'm hitting 140/14 which is good imo. I little less connection speed is understandable.

    But when I connect my pfSense box to PIA and I'm not getting over the 20/14 on that same Mac.
    I checked the CPU and it not running at max (70% when doing a speedtest). Memory is low.
    Is there something I'm doing wrong? A little less speed is ok. But 20 instead of 150 mbit is not what I was expecting…

    I have tried these advanced option as stated here:
    https://forum.pfsense.org/index.php?topic=112877.msg633588#msg633588

    Getting 55 mbit with these settings.
    A little progres but still sh*t...



  • Think this 1 Ghz. CPU does not support AES-NI.

    What gives

    openvpn --show-engines
    

    on command line?



  • You'll want to try AES-128 as that is faster than BlowFish.

    I'm afraid that it's down to the hardware used. oVPN isn't multi-threaded. More often than not it boils down to a single core clock speed. Crypto support in the CPU does help, but right now we only see substantial gains with IPSec.



  • That's correct.
    This cpu does not support AES-NI.
    At the moment I'm not able to access my pfSense box but I can confirm its not supported.

    But is AES-NI really needed to get around the 150 mbit?



  • Unless oVPN becomes multi-threaded, there's not a whole lot one can do. My APU2C4 can push roughly 80 to 100Mbps.



  • Seriously?!  :o
    I did not know it was a drop in speed like that.
    That's a real pity for sure!



  • Yeah, that's encryption for you :)

    I've had my APU2C4 for the past week - It's a great little thing for sure. I had known that this wouldn't push more than 100Mbit via oVPN. Unfortunately, I now have the itch to repurpose my unRAID server (A HP MicroServer G8 with Xeon 1240v2)



  • I have tried aes128 and was pushing 70 mbit at max.
    That's more than half my speed. Pity!

    Thanks for your help though.