Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Intermittent slow to fast speeds on a 350mbps cable connection

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      smegheed
      last edited by

      I'm trying to understand where a problem lies when using my openvpn connection.

      A little background first:

      I have 2 internet connections coming into the house. One is VDSL 80/20mbps the other is Cable 350/20mbps. I have a pfsense box with a i5-3330 and 6GB Ram in it.

      If I download a torrent say, CentOS-7-x86_64-DVD-1708.torrent, on the VDSL connection it flawlessly downloads at 76mbps. However if i do the same thing on the cable connection it does something weird. It fluctuates downloading anywhere between 3mbps to 377mbps.

      Sometimes right from the start I'll get nothing more 3mbps for a minute or so and then suddenly the speed will shoot right up to the max 377mbps stay there for a minute or 2 and then come back down to 3mbps again.

      Other times it starts off full speed for a couple of minutes and then goes down to 3mbps and stays there for the next 3 or 4 minutes then goes back up to full speed again till the files downloaded.

      Sometimes the whole thing only downloads at 3mbps and other times the whole thing downloads at full speed without issue as well.

      The only thing I've manage to correlate between this happening and not is this error message appearing:

      Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4088950 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

      I've done my best to change mtu settings and use mssfix along with lowering the encryption used as well as the port. Nothing helped.

      My openvpn provider is PIA.

      It seems to only affect the cable connection since i can keep all settings the same on the pfsense computer and just turn on or off the VDSL/cable router which both have the same gateway IP pfsense looks for(Just to clarify their not on at the same time). The VDSL has no slow down at all yet the cable does when using the same settings.

      It's becoming very frustrating not just not being able to fix the problem but also not even having a clue as to why it seems to intermittently come and go.

      I thought that maybe it was because the hardware, either the cable router or the computer running pfsense couldn't deal with loads of connections being made when torrenting at higher speeds or something like that but even if i limit them in Qbittorrent it does nothing.

      I've tried using a different cable router from the one provided as well by putting it in modem mode and using a Netgear R7000 but this didn't help either.

      The only thing 3 things i can see it being now is either some setting i'm not configuring right in pfsense, some sort of fault on my cable's physical connection going out of the house or something not being right at PIA's end.

      Since it seems like pfsense is the one having the authenticate/decrypt error i figured I'd see if anyone has any suggestions about to how to fix/what my problem might be here first.

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        If one connection works fine, but not the other, then I'd suspect the connection.  What happens if you go to speedtest.net when you think performance is bad?  Does it show different results from when things are OK?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • S
          smegheed
          last edited by

          Yes.

          If I use speedtest.net when everything is fine i download at full speed.

          If I use speedtest.net (same server) when everything is slow then its slow as well. Usually going no higher than 1mbps. It's like the whole connection has been infested with snails. Then suddenly a load of cheetahs chase them away again and not only does the torrent download at max speed but the speed test does again as well.

          I've tried downloading a torrent without the vpn and it performs at max speed on the pure cable connection time and time again. Is it possible for there to be a problem with the connection going out of the house that screws up the openvpn connection yet is ok otherwise? This is what gives me doubts about it being the cable connection itself. It seems to be specific to openvpn.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott
            last edited by

            It's hard to say where the problem is.  Given that the connection works fine otherwise, it could be something with OpenVPN at your end or at the server you're connecting to.  When it slows down, are you seeing any error conditions?  Why do you need a VPN for stuff like torrents?

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • S
              smegheed
              last edited by

              Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4088950 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

              Fills the pfsense openvpn logs when things slow down. They go away again when things speed up. Direct correlation.

              You've also just reminded me that sometimes i'll get a secure connection couldn't be made error message when trying to access a website while everything is slow.

              I want a vpn for everything, not just torrents. I value my privacy so intend to setup a secure openvpn connection to act as a gateway on my network for all my traffic except gaming. Downloading a torrent just happens to be what highlights my problem with the vpn connection.

              1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott
                last edited by

                This is where capturing packets comes in handy.  I prefer Wireshark.  I suspect the problem may be at the other end.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • S
                  smegheed
                  last edited by

                  I've just found 2 new error message after changing the verbosity level setting of the logs to 4.

                  I now also get this:
                  Recursive routing detected, drop tun packet to [AF_INET]

                  And this:
                  PID_ERR large diff [227] [SSL-0] [0000000000000000000000000000000000000000000000000000000000000000] 0:119399 0:119172 t=1519241409[0] r=[-4,64,15,375,1] sl=[29,64,64,528]

                  Spammed a number of times correlating to the slowdown.

                  1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott
                    last edited by

                    Recursive routing?  That could certainly cause problems.  I have no idea what the PID_ERR means.

                    Do a Google search on recursive routing for ideas.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • PippinP
                      Pippin
                      last edited by

                      Remove –persist-tun from the config.

                      I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                      Halton Arp

                      1 Reply Last reply Reply Quote 0
                      • S
                        smegheed
                        last edited by

                        I tried this but it didn't help with

                        PID_ERR large diff [227] [SSL-0]

                        or

                        Authenticate/Decrypt packet error: bad packet ID (may be a replay)

                        Everything still goes slow and fast intermittently.

                        Did you suggest it to help with the recursive problem?

                        If so I think I've already fixed that by not having the LAN IP be 10.0.0.x. Not sure i understood everything I read up about recursive routing but it seemed to be related to subnets and where things go on either the vpn or home network.

                        PIA gives a virtual address starting in 10.x.x.x so i took a guess and assumed having my LAN doing the same was a bad thing and the recursive error has gone now my LAN is on 192.168.1.x. Unfortunately the slow down wasn't affected by it. Still it's something. One less error to worry about.

                        After trying to look up the PID_ERR it generally takes me back to or is linked with the Authenticate/Decrypt packet error. I've tried all the suggestions goggle has to offer to fix this but nothing seems to have worked.

                        The only thing I'm left to conclude is that its either a PIA or ISP issue.

                        Thanks for the help though.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.