PIA speeds and connection drops



  • I've been using PFsense for about 7 months now, I recently found out about PIA and how great it is! After following their website guide I got it to work but my speeds are inconsistent (40-50mb) and websites take long to load. I also have an OpenVPN server running if that makes any difference, I've looked around the forums and tried multiple scenarios with changing hardware acceleration or encryption with no luck.

    Guide followed: https://www.privateinternetaccess.com/pages/client-support/pfsense

    PIA server:
    NYC about 150 miles from my location

    Internet:
    Verizon fios 150 mb up/down

    Hardware:
    CPU = I5-2400S
    Mobo = Intel DQ77KB
    Ram = 8GB DDR3

    DNS Server:
    OpenDNS servers with a NAT rule forcing all traffic to OpenDNS servers, this is for web filtering purposes (kids are smarter than I thought!)

    When going to websites like fast.com or speedtest.com half the time it times out, I've added some screenshots.








  • I'm very new to pfSense myself (2 weeks), but I too am using PIA.  The first thing I would think would be to make sure that you DNS servers are set to use PIA's DNS servers (209.222.18.218 and
    209.222.18.222).  As for speeds, I found that using the host address mentioned by PIA, such as us-east.privateinternetaccess.com could sometimes result in slow connections.  I kept dropping my PIA connection and renewing it until I found an IP that gave good speeds.  I then replaced the us-east.privateinternetaccess.com entry in my PIA OpenVPN Client Server Host or Address with the actual IP that was pulled.  Now, I connect to the same IP that I know is fast for my area as opposed to a random one from us-east.privateinternetaccess.com that could be fast or slow.



  • I'll try the DNS options, I forgot to mentioned still can't get internet access on clients connecting to my Openvpn server… I've tried adding a rule in outbound for the 10.10.0.0 network but still no luck.



  • I think I have the same issue as you, at first, I thought it was underpowered hardware (APU2C4), but then when I migrated to a dedicated server appliance (Quad Core Xeon) It was exactly the same!

    The connection is sound, and when the fast.com eventually loads I pull my full line speed, or at least >200 Mbps

    I have tried NATing the address, and also creating an interface for more granular control. I will try and set the DNS servers to that of the VPN provider.

    Edit: I've just noticed you've got cryptodev enabled, its reccomended to disable this as it adds overhead, OpenVPN and OpenSSL already use AES-NI of the CPU.



  • So, I've looked into this, and I don't think it's a DNS issue. I have resolved it my end, after many attempts at getting it correct. I believe it to be pfSense/OpenVPN fighting between Gateways.

    What I did was, create an interface for a VPN Gateway and set the MTU and MSS within the interface settings, set the policy routing for the traffic I want over the VPN by setting the gateway to the VPN. What I did next was disable automatic gateway switching within pfSense. Then within the VPN Client settings disabled the ability of the VPN server to push routes.

    With the NAT settings, I did the VPN Gateway to the Local IP Address I want translating to the VPN IP Address.

    Voila! Web browsing is now as it should be, no time outs or long resolve times. For good measure, I simply rebooted the system.

    As above, if you'd like to stop DNS leaks you can set the DNS IP address within the General settings and apply it to the VPN Gateway that was created from the Interface.  Or apply it to all.



  • I think I'm good on the PIA VPN, I disabled my openVPN server and  enabled PIA VPN client then everything works perfectly.

    Current speeds 120-140 and everything loads fast as hell! very happy, now just need to figure out how to get the openVPN server working lol



  • Ok so I've got both to work, however if I go restart the client PIA service it crashes and I have to manually start it. This all happended after creating an interface for PIA_VPN, see the following shots.
    At first it wouldn't let me pick PIA_VPN interface unless I entered an IPV4_Tunnel then it would crash the VPN, I had to select DHCP to allow me creating one, it shows offline on the gateway but I'm getting an external IP for sure.










  • Mine shows offline as well, but is working.  I'm not sure about the crash you explained though.





  • Sweet! When I created the PIA_VPN interface the service would crash everytime I restarted, what option did you put under Ipv4 in the PIA_VPN interface? It wouldn't let me create it as "none" so I did DHCP and after that everytime I would restart vpn services it crashes.



  • When I created my PIA Interface it let me leave it as none for the IPv4 Configuration Type setting.


Log in to reply