Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway Group Issues with NordVPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      toddsherman
      last edited by

      I have a SG-4860 running 2.3.2-RELEASE-p1 and a 300 Mbps connection. NordVPN is my VPN provider and their instructions on OpenVPN is here: https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/ but they don't cover multiple tunnels. Full disclosure I'm generally somewhat technical, but new to pfSense and working with VPNs!

      I've already successfully connected to NordVPN with a single VPN client, although it's a bit lower than I expected with throughput between 25-35 Mbps. I've tried all 4 of the clients I created (see below) and they all range 10-40 Mbps.

      Broadly my goal is to maximize throughput while connected to OpenVPN. I've read one way to achieve this is have multiple tunnels connect via a Gateway Group in order to get increased throughput (for some activities than can utilize multiple connections). Since OpenVPN is single threaded, running 4 tunnels should take advantage of each core on the SG-4860 (Quad Core Intel Atom C2558 2.4 GHz).

      Basically, I'm seeing slower speed when I try and run this gateway group on the LAN firewall rule. However, it's difficult to find a reliable speed test because they seem to be all over the place. fast.com is probably blocking, speedtest.net shows speeds higher than my connection speed

      Any insights on how to do this properly would be very much so appreciated.

      Here is my pfSense configuration:

      CAs
      System > CAs > I've set up 4 CAs one each pointing to a NordVPN server (us534.nordvpn.com, us535.nordvpn.com, us536.nordvpn.com, us537.nordvpn.com).

      VPN Clients
      I've set up 4 corresponding VPN clients. Detail below - lots of settings omitted if blank.

      • Server mode: Peer to Peer (SSL/TLS)

      • Protocol: UDP

      • Device Mode: tun

      • Interface: WAN

      • Server host or address: us534.nordvpn.com

      • Server port: 1194

      • Proxy Auth. - Extra options: none

      • Server hostname resolution: checked

      • Compression: Enabled with Adaptive Compression

      • Disable IPv6: checked

      • Don't pull routes: checked

      Interfaces
      All interfaces shown are enabled.

      Firewall / NAT / Outbound
      Went with Hybrid Outbound and created a rule for each interface.

      System / Routing / Gateway Groups
      Kept them all tier 1.

      Firewall / Rules / LAN
      Created a rule for LAN that uses the NORDVPN gateway group.

      Update
      I've used this site to do speed test: https://web1.cachefly.net/speedtest/index.html
      While measuring LAN in pfSense I see speeds that are actually hard to believe. If the pfSense chart accurate? Are my firewall rules somehow not routing everything through VPN? (DNSleaktest does not reveal my ISP so I believe I'm behind VPN).

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.