Intermittent slow to fast speeds on a 350mbps cable connection



  • I'm trying to understand where a problem lies when using my openvpn connection.

    A little background first:

    I have 2 internet connections coming into the house. One is VDSL 80/20mbps the other is Cable 350/20mbps. I have a pfsense box with a i5-3330 and 6GB Ram in it.

    If I download a torrent say, CentOS-7-x86_64-DVD-1708.torrent, on the VDSL connection it flawlessly downloads at 76mbps. However if i do the same thing on the cable connection it does something weird. It fluctuates downloading anywhere between 3mbps to 377mbps.

    Sometimes right from the start I'll get nothing more 3mbps for a minute or so and then suddenly the speed will shoot right up to the max 377mbps stay there for a minute or 2 and then come back down to 3mbps again.

    Other times it starts off full speed for a couple of minutes and then goes down to 3mbps and stays there for the next 3 or 4 minutes then goes back up to full speed again till the files downloaded.

    Sometimes the whole thing only downloads at 3mbps and other times the whole thing downloads at full speed without issue as well.

    The only thing I've manage to correlate between this happening and not is this error message appearing:

    Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4088950 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

    I've done my best to change mtu settings and use mssfix along with lowering the encryption used as well as the port. Nothing helped.

    My openvpn provider is PIA.

    It seems to only affect the cable connection since i can keep all settings the same on the pfsense computer and just turn on or off the VDSL/cable router which both have the same gateway IP pfsense looks for(Just to clarify their not on at the same time). The VDSL has no slow down at all yet the cable does when using the same settings.

    It's becoming very frustrating not just not being able to fix the problem but also not even having a clue as to why it seems to intermittently come and go.

    I thought that maybe it was because the hardware, either the cable router or the computer running pfsense couldn't deal with loads of connections being made when torrenting at higher speeds or something like that but even if i limit them in Qbittorrent it does nothing.

    I've tried using a different cable router from the one provided as well by putting it in modem mode and using a Netgear R7000 but this didn't help either.

    The only thing 3 things i can see it being now is either some setting i'm not configuring right in pfsense, some sort of fault on my cable's physical connection going out of the house or something not being right at PIA's end.

    Since it seems like pfsense is the one having the authenticate/decrypt error i figured I'd see if anyone has any suggestions about to how to fix/what my problem might be here first.



  • If one connection works fine, but not the other, then I'd suspect the connection.  What happens if you go to speedtest.net when you think performance is bad?  Does it show different results from when things are OK?



  • Yes.

    If I use speedtest.net when everything is fine i download at full speed.

    If I use speedtest.net (same server) when everything is slow then its slow as well. Usually going no higher than 1mbps. It's like the whole connection has been infested with snails. Then suddenly a load of cheetahs chase them away again and not only does the torrent download at max speed but the speed test does again as well.

    I've tried downloading a torrent without the vpn and it performs at max speed on the pure cable connection time and time again. Is it possible for there to be a problem with the connection going out of the house that screws up the openvpn connection yet is ok otherwise? This is what gives me doubts about it being the cable connection itself. It seems to be specific to openvpn.



  • It's hard to say where the problem is.  Given that the connection works fine otherwise, it could be something with OpenVPN at your end or at the server you're connecting to.  When it slows down, are you seeing any error conditions?  Why do you need a VPN for stuff like torrents?



  • Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4088950 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

    Fills the pfsense openvpn logs when things slow down. They go away again when things speed up. Direct correlation.

    You've also just reminded me that sometimes i'll get a secure connection couldn't be made error message when trying to access a website while everything is slow.

    I want a vpn for everything, not just torrents. I value my privacy so intend to setup a secure openvpn connection to act as a gateway on my network for all my traffic except gaming. Downloading a torrent just happens to be what highlights my problem with the vpn connection.



  • This is where capturing packets comes in handy.  I prefer Wireshark.  I suspect the problem may be at the other end.



  • I've just found 2 new error message after changing the verbosity level setting of the logs to 4.

    I now also get this:
    Recursive routing detected, drop tun packet to [AF_INET]

    And this:
    PID_ERR large diff [227] [SSL-0] [0000000000000000000000000000000000000000000000000000000000000000] 0:119399 0:119172 t=1519241409[0] r=[-4,64,15,375,1] sl=[29,64,64,528]

    Spammed a number of times correlating to the slowdown.



  • Recursive routing?  That could certainly cause problems.  I have no idea what the PID_ERR means.

    Do a Google search on recursive routing for ideas.



  • Remove –persist-tun from the config.



  • I tried this but it didn't help with

    PID_ERR large diff [227] [SSL-0]

    or

    Authenticate/Decrypt packet error: bad packet ID (may be a replay)

    Everything still goes slow and fast intermittently.

    Did you suggest it to help with the recursive problem?

    If so I think I've already fixed that by not having the LAN IP be 10.0.0.x. Not sure i understood everything I read up about recursive routing but it seemed to be related to subnets and where things go on either the vpn or home network.

    PIA gives a virtual address starting in 10.x.x.x so i took a guess and assumed having my LAN doing the same was a bad thing and the recursive error has gone now my LAN is on 192.168.1.x. Unfortunately the slow down wasn't affected by it. Still it's something. One less error to worry about.

    After trying to look up the PID_ERR it generally takes me back to or is linked with the Authenticate/Decrypt packet error. I've tried all the suggestions goggle has to offer to fix this but nothing seems to have worked.

    The only thing I'm left to conclude is that its either a PIA or ISP issue.

    Thanks for the help though.


Log in to reply