Slow download using OpenVPN

sparkman123

I recently got OpenVPN to work on my box, however the download speed for my clients only 30% of my normal speed. I'm currently running my pfsense box as a client where my Cisco wireless router is serving as my edge router.

Interestingly, I have not noticed any reduction in upload speed, which makes me think that my problem might be solvable with some OS tuning. My regular connection is normally 30 down and 3 up (making my OpenVPN speed 9 down and 3 up).

I've already tried setting net.inet.ip.fastforwarding = 1 under "Tunables" and disabling/enabling the Hardware Offloading options under System->Advanced->Networking/Networking options.

I have also consulted and tried the recommended settings under this page:

https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

I have hardware crypto processing enabled

My hardware consists of the following:

Intel I3 7100U
Gigabyte GA-H110TN-GSM Plus (with two Intel NICS, since I read about how bad RealTek has been)
G.Skill Ripjaws 4GB F4-2133C15S-4GRS
ADATA 128GB SSD

pfsense recognizes my interfaces as igb0 and em0.

I'm running the windows openvpn client to connect.

From my research, this build should have been capable of handling gigabit OpenVPN, so not sure why it's having such a hard time with a low 30 meg down connection.

Thanks in advance.

JKnott

Are you downloading from elsewhere, through the server to a client?  Do you have an asymetric Internet connection?  If so, your download will be limited by the upload bandwidth.  Also, your data will be passing through your connection twice, ones from the 'net to the server and again, encrypted from the server to the client.

sparkman123

laptop1 -> pfsense box => cisco rtr
                                          ^
                                          ||
                                      laptop2

This is a barebones sketch of my network at home. Laptop1 is connected to my pfsense box, on a separate network. Pfsense box is connected directly to my cisco rtr, as is laptop2. I am VPNing into my pfsense box via the cisco rtr.

I am doing these throuput test via generic internet speed tests (testmy.net, etc). I will do a speed test, get results, then connect to the VPN and conduct them again.

Both laptop1 and laptop2, with no VPNing, will have 30 down and 3 up. When laptop2 VPNs in to the pfsense box, the speed goes down to 12 down 3 up.

@JKnott:

Do you have an asymetric Internet connection?  If so, your download will be limited by the upload bandwidth.

Yes, but since I'm all doing this locally, I believe I have mitigated this issue.

@JKnott:

Also, your data will be passing through your connection twice, ones from the 'net to the server and again, encrypted from the server to the client.

When I am VPNed in, I believe this is the case. But as I understand it, it shouldn't effect my speed, assuming that I'm getting proper throughput on my pfsense box. If this assumption is incorrect, please let me know.

sparkman123

So I managed to get this to work. I need to include some push directives on the server side that resized the send/receive buffers for clients.

I now have a separate problem- although I'm getting line speed through the VPN, I'm now having an issue with web browsing from behind the VPN and I'm not sure why. Specifically, http/s traffic in general is anywhere from 2 to 3 times slower at certain instances than when I don't use a VPN. There doesn't appear to be any particular constancy to when it slows down. I have configured unbound to do DNS queries via Cloudflare. I've been using a browser addon called "Page Load Time" which breaks down the webpage stage loads. Accordingly, I'm usually spending most of my time in "Connect", "Request", and "Response."