Gateway Group Issues with NordVPN
I have a SG-4860 running 2.3.2-RELEASE-p1 and a 300 Mbps connection. NordVPN is my VPN provider and their instructions on OpenVPN is here: https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/ but they don't cover multiple tunnels. Full disclosure I'm generally somewhat technical, but new to pfSense and working with VPNs!
I've already successfully connected to NordVPN with a single VPN client, although it's a bit lower than I expected with throughput between 25-35 Mbps. I've tried all 4 of the clients I created (see below) and they all range 10-40 Mbps.
Broadly my goal is to maximize throughput while connected to OpenVPN. I've read one way to achieve this is have multiple tunnels connect via a Gateway Group in order to get increased throughput (for some activities than can utilize multiple connections). Since OpenVPN is single threaded, running 4 tunnels should take advantage of each core on the SG-4860 (Quad Core Intel Atom C2558 2.4 GHz).
Basically, I'm seeing slower speed when I try and run this gateway group on the LAN firewall rule. However, it's difficult to find a reliable speed test because they seem to be all over the place. fast.com is probably blocking, speedtest.net shows speeds higher than my connection speed
Any insights on how to do this properly would be very much so appreciated.
Here is my pfSense configuration:
I've set up 4 corresponding VPN clients. Detail below - lots of settings omitted if blank.
Server mode: Peer to Peer (SSL/TLS)
Device Mode: tun
Server host or address: us534.nordvpn.com
Server port: 1194
Proxy Auth. - Extra options: none
Server hostname resolution: checked
Compression: Enabled with Adaptive Compression
Disable IPv6: checked
Don't pull routes: checked
All interfaces shown are enabled.
Firewall / NAT / Outbound
Went with Hybrid Outbound and created a rule for each interface.
System / Routing / Gateway Groups
Kept them all tier 1.
Firewall / Rules / LAN
Created a rule for LAN that uses the NORDVPN gateway group.
I've used this site to do speed test: https://web1.cachefly.net/speedtest/index.html
While measuring LAN in pfSense I see speeds that are actually hard to believe. If the pfSense chart accurate? Are my firewall rules somehow not routing everything through VPN? (DNSleaktest does not reveal my ISP so I believe I'm behind VPN).