OpenVPN Server slow Download speeds to Android & Windows clients
-
I am running a pfsense VPS on vultr.com
I am seeing nasty speed results on Download speeds over OpenVPN. I am forcing all client traffic through the vpn connection. If I reinstall the vps with Debian and install OpenVPN server on it I get much better results around 50mbps DL and 30 - 40 UP. However I do need to use pfsense for a different project and it would be nice to have an all in one vps.(no vpn) Home network speed test
Download: 89mbps
Upload: 53mbps(with vpn) Home network speed test
Download: 200kbps <-> 1mbps
Upload: 30mbps <-> 35mbpsClients: ( vpn client obtained form pfsense client export page )
Windows 10 PC ( i7-7700 / 8GB DDR4 / 120GB SSD )
Samsung Galaxy Note 9 - openvpn Connect app
Server Info
CPU: 1v core
RAM: 512MB
NET: 1 GB/s - Speed test 884.90mbps DL / 554.49mbps UP
OS: Pfsense
Version: 2.4.4-RELEASE (amd64)
WAN port MTU: 5000Tweaks made to pfsense settings
System /Advanced/Miscellaneous
-- Cryptographic & Thermal Hardware --
Cryptographic Hardware: AES-NI CPU-based AccelerationSystem /Advanced/System Tunables
net.inet.ip.fastforwarding: 1
VPN Server settings
-- General Information --
Server mode: Remote Access (SSL/TLS+ User Atuh)
Protocol: UDP on 1pv4
Device Mode: tun - Layer 3 Tunnel Mode
Interface: WAN
Local Port: 443 ( have tested other ports no change )-- Cryptographic Settings --
TLS Configuration: (check) Use a TLS Key
TLS Key: key file here
TLS Key Usage Mode: TLS Authentication
Peer Certificate Authority: (cert is selected)
Peer Certificate Revocation list: ( No Certificate Revocation Lists defined )
Server certificate: (cert is selected)
DH Parameter Length: 2048 bit
ECDH Curve: Use Default
Encryption Algorithm: AES-128-CBC (128 bit key, 128 bit block)
Enable NCP: (check) Enable Negotiable Cryptographic Parameters
NCP Algorithms: AES-128-GCM
Auth digest algorithm: SHA256 (256-bit)
Hardware Crypto: Intel RDRAND engine - RAND
Certificate Depth: One (Client+Server)
Strict User-CN Matching: -blank--- Tunnel Settings --
IPv4 Tunnel Network: 10.80.0.0/24
IPv6 Tunnel Network: -blank-
Redirect IPv4 Gateway: (checked)
Redirect IPv6 Gateway: -blank-
IPv6 Local network(s): -blank-
Concurrent connections: -blank-
Compression: Adaptive LZO Compression [Legacy style, comp-lzo adaptive]
Push Compression: (checked)
Type-of-Service: -blank-
Inter-client communication: -blank-
Duplicate Connection: -blank--- Client Settings --
Dynamic IP: (checked)
Topology: Subnet -- One IP address per client in a common subnet-- Advanced Client Settings --
DNS Default Domain: -blank-
DNS Server enable: -blank-
Block Outside DNS: -blank-
Force DNS cache update: -blank-
NTP Server enable: -blank-
NetBIOS enable: -blank--- Advanced Configuration --
Custom options:
sndbuf 524288 rcvbuf 524288 tun-mtu 1500 mssfix 1400 fast-ioUDP Fast I/O: (checked)
Send/Receive Buffer: 512 KiB ( I have moved this all the way up to 2mb - No change )
Gateway creation: IPv4 only
Verbosity level: default -
I seem to have fixed my slow speeds with the following:
I am now getting 40mbps download and 30 upload over vpn.
System/Advanced/Networking
-- Network Interfaces --
Hardware Checksum Offloading: (checked)
Open VPN Server config
-- Advanced Configuration --
Custom options:fragment 0 mssfix 0