Bypass ISP VPN Throttling



  • Running pfsense 2.4.5-p1 as a VPN client. Testing has indicated that my ISP is throttling my OpenVPN traffic.

    Connected directly to the modem using my desktop and bypassing the pfsense box, speed tests average about 900 Mbs without VPN, and about 130 Mbs with OpenVPN, which is a bit more than I get when connected to the VPN through the pfsense box, (understandable).

    Still connected directly to the modem and using obfuscation I can get up to 270 Mbs with Stunnel and average about 250 Mbs with SSH. These were the fastest obfuscation protocols supported by my VPN provider. The box running pfsense should be able to handle those speeds.

    I have little idea how to implement either Stunnel or SSH with my VPN configuration in pfsense and I am looking for help in doing so from the experts. I have multiple OpenVPN clients running as part of a Gateway Group for failover purposes, so any implementation would need to work with multiple instances.

    Any and all help invited and appreciated.


  • LAYER 8 Rebel Alliance

    Did you play with TLS Encryption and Authentication and/or using TCP port 443?
    However...I'd jangle my ISP nerves all day long if they throttle my VPN or any other stuff.

    -Rico



  • @Rico Yep, just got finished with that. Went back and forth a couple of times to make sure, and no change. I'm leaving "TLS Encryption and Authentication" enabled and local port on 443 for the primary VPN connection. (If it matters, pfsense won't allow the same local port to be used on more than one VPN connection, which is why 443 is only used on the primary.)


  • LAYER 8 Rebel Alliance

    Some more Ports you can try. 😊
    563, 853, 989, 990, 992, 993, 995, 5061, 6514, 6619

    -Rico



  • Thanks Rico, I tired about half of those but no luck. I understand they probably use "Deep Packet Inspection" to identify VPN protocols and throttle only those, no matter what ports are being used, and that seems likely what's happening here.

    Sooo, that takes me back to using either stunnel or SSH. Reviewing my speed tests, I realized that obfsproxy3 was almost as fast as stunnel and SSH, so that's another option.

    Is there no way to implement any of these with OVPN in pfsense?

    Thanks,


Log in to reply