OpenVPN Tunnel DL & UL Speed is Slow

limez17

Dear All,

Good day!
I've got a working setup of pfSense OpenVPN Site-to-Site setup via UDP 1197.

1. Tunnel ping and browsing speed is fast.
2. Can download files if its small size(10mb below).
3. UDP Fast I/O is both enabled in OpenVPN Server and Client.
4. No crypto enabled.
5. Server ISP(50/50) and client ISP(100/100) are both symmetric.
6. Server and client pfSense hardware are identical. Specs is i3 4th gen, 4GB, 500GB HDD and Gigabit LANs.

Issue:
Whenever I tried to download to a file(1.6GB in size) server behind the OpenVPN server using my web browser. It always took 30 minutes for the download to finish.
But when I tried to SCP a file(1.6GB in size) from a server behind the OpenVPN client to the file server behind the OpenVPN server, it always took around 7 minutes for the SCP(Port 22) to finish.

Please help! Thank you in advance!

JKnott

@limez17

Unless you have different rules for them, ssh and http(s) should behave the same. As far as psSense & OpenVPN are concerned, the only difference between the 2 is the port number. Given that small files are OK suggests the problem is at the server or client and not the VPN.

limez17

Hi @JKnott,

Thank you for your response on my thread.
It's been a week now since I started to troubleshoot this issue. But still unable to resolve it.
Do you have a pfSense OpenVPN setup? If yes, may I ask what is your configuration?

mcury

Did you try with another browser? Probably yes, a week already in this problem...
But if didn't, try it.

My Synology NAS, when I use Firefox, some downloads don't finish.
But when using Chrome, everything works fine.

limez17

Hi @mcury!

Thank you for your response!
So far i've tried only Brave and Google Chrome. Will try other browser too!
^_^

JKnott

@limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

Hi @JKnott,

Thank you for your response on my thread.
It's been a week now since I started to troubleshoot this issue. But still unable to resolve it.
Do you have a pfSense OpenVPN setup? If yes, may I ask what is your configuration?

Yes I do, but it's just a basic configuration, nothing special. All a VPN does is move packets from A to B. It doesn't even worry about stuff like TCP connections etc. In this regard, it's no different than an Ethernet NIC. Given that ssh works well, it's obvious that OpenVPN is working well too.

limez17

Hi again @JKnott,

I strongly agree with you. I too is using just a basic configuration to move packets from A to B. But it got a little bit salty on the download part from Server to Client.

kiokoman

no traffic shaper involved i guess ?

limez17

@kiokoman none

limez17

@mcury I've tried internet explorer, edge, mozilla. Same result hehe

mcury

@limez17 Have you tried IKE tunnel between sites to confirm if the problem is openvpn?
Setup an iperf server at the other side of the tunnel for a good test.

limez17

Hi @mcury,

Good day!
What is IKE? Also how to setup an iperf server?

mcury

@limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

Hi @mcury,

Good day!
What is IKE? Also how to setup an iperf server?

ipsec tunnel. you need to setup phase1 and phase2? This rings nothing to you?
iperf is ez to google

limez17

@mcury found it, installing the iperf now hehe

limez17

@mcury IPsec tunnel rings a bell. But I want to stick to OpenVPN. I'm planning to deploy OpenVPN client on a Rasbian Pi.
But if not luck settling the score. Will try to putup an IPsec tunnel. Thank you for this recommendation. ^_^

JKnott

@limez17 said in OpenVPN Tunnel DL & UL Speed is Slow:

Also how to setup an iperf server?

You may want to check my posts in another area here. The pfsense Package Manager installs v2 of iperf, which is obsolete and not compatible with the current v3. To install it, you have to run the command "pkg install iperf3". However, you'll have to run it from the command line, as it won't be available under Diagnostics.

mcury

Actually, running iperf on the firewall is not the best method of testing.
You should install it into the server, or in a device at the server's network, and test from the other side, also not from the firewall.
Test only the throughput..

limez17

Hi @mcury,

I found the culprit. It turns out my ISP 20mbps internet is asymmetric.
They advertised 20mbps fiber but the DL is the only 20mbps, UL is 8mbps.
I will be testing on my other ISP which is verified symmetric 100mbps.
Will provide feedback. Thank you!

JKnott

@limez17

Asymmetric connections are typical on ADSL and cable, due to bandwidth limitations. However, I have no idea why they often use it on fibre, as so much bandwidth is available.

Incidentally, the theoretical maximum bandwidth on fibre is about 2.5 petabits (2.5 million Gb). If you were to run 250 wavelengths, with DWDM, with each wavelength carrying 100 Gb/s, you use only 1% of that capacity. Fibre supports a LOT of bandwidth.

limez17

Hi @JKnott,

Our telco company here in country is so greedy