Extremely slow VPN connection using PIA



  • I've setup an OpenVPN client on my pfsense box using PIA as the provider, and am selectively routing traffic over it, rather than directing all traffic over it. This functions, but it is extremely slow. Without the VPN, I'm seeing speeds of between 20MBps-25MBps but once I route traffic over the VPN, it tops out at 6Mbps. The same application running in a container on my desktop using an OpenVPN client (also inside the container) to connect to the same VPN gateway sees about the same speeds as not using the VPN, almost no slow down.

    CPU usage on the router hits between 19-24% as reported on the dashboard. I've enabled AES-NI, and set the OpenVPN client to use it under the Hardware Crypto setting. Algorithm is AES-128-GCM. Send/Receive buffer is set to 2 MiB, if I set this lower the top-end speed drops significantly with every step-down.

    I'm running pfsense on a PCEngines APU2 - specifically the apu2d4. I have seen other blog posts and such showing these boards, with AES-NI enabled, get well over 80Mbps (edit: yes, I realize this is mbps and not MBps as (intentionally) used above, however this would still be closer to nearly double what I'm getting now) - so I'm wondering what I may be configuring wrong here. Using pfsense 2.4.4-RELEASE-p2



  • i had frequent speed issues/ disconnects with PIA> they always suggested the closest server to you. those were always the worst. i'd experiment with that

    how many different servers have you tried on the router? is the software connecting at 128 or 256? GCM



  • @bcruze said in Extremely slow VPN connection using PIA:

    i had frequent speed issues/ disconnects with PIA> they always suggested the closest server to you. those were always the worst. i'd experiment with that

    how many different servers have you tried on the router? is the software connecting at 128 or 256? GCM

    I'm using their netherlands gateway. When I use this server with the application + VPN client in the same container, I get 20-25MBps speeds I mentioned. The only change I'm aware of is where the VPN client is running (router vs. container).

    I understand most VPN providers will quote huge performance loss when running it on a router due to the anemic processors in most routers, but I don't think that's (wholly) the case here. The processor in the router has AES-NI which the old system I was running the container on before did not have.

    Configured to use 128 GCM.



  • i believe its the CPU that is the limitation

    https://www.firewallhardware.it/en/firewall-hardware-sizing-guide/


Log in to reply