Upstream very low compared with downstream traffic with OpenVPN Client.

ramses.sevilla

Hi everyone,

I have installed a HA pfSense 2.4.4 with two WAN and one LAN.

Both WAN Interfaces are connected to two ISP lines with 250Mb/250Mb (Down/Up).

Both WAN Interfaces are serving a OpenVPN Server each one.

When I check the bandwith with speedtest.net from a PC in the LAN I obtain 250Mb/250Mb (Down/Up).

When I connect a OpenVPN Client to OpenVPN Server 1 (WAN1), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN2) and when I connect a OpenVPN Client to OpenVPN Server 2 (WAN2), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN1).

When I check the bandwith with speedtest.net from the OpenVPN Client in the WAN1/WAN2 I obtain 200Mb/50Mb (Down/Up).

Do you know why may be that the upstream is so low?

Regards and thanks,

Ramsés

stephenw10

Where are you connecting from to test that?

The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.

Steve

JKnott

@stephenw10

Actually, the VPN performance would be limited by the upload in both directions. For example, I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions, no matter what the download is capable of.

ramses.sevilla

@stephenw10 said in Upstream very low compared with downstream traffic with OpenVPN Client.:

Where are you connecting from to test that?
The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.
Steve

Hi Steve,

I'm connecting from Spain.

Regards

Pippin

Server side you have 250/250.
How much on client side, that's the question ;)

ramses.sevilla

Hi @Pippin

On client side no problem neither, I have 300Mb/300Mb

Regards

Gertjan

@JKnott said in Upstream very low compared with downstream traffic with OpenVPN Client.:

I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions,

What about 5 Mb/sec ?

I imagine something like this :

Someone from the outside world connects to your 75/10 Mb VPN server.
This some one executes a speed test, available on the net.
This connection comes in over the "75Mb/sec" VPN pipe, using the WAN interface.
And goes out over the same WAN interface pipe, over the 10Mb/sec pipe to the speed test server.
Then comes back over the 75Mb/sec WAN pipe.
Goes over the VPN 10Mb/sec pipe to the "some one".

The 75 and 10 pipe will get used each twice.
In theory, 10 Mb/sec will be cut in half. (right ?)

True, (VPN) compression could help here. And VPN traffic control will add some overhead.

JKnott

@Gertjan

If you are in fact going in and out through the same interface twice, then yes throughput will be cut in half.

ramses.sevilla

Hi @Gertjan

In that situation is correct but in my case I have two WAN with 250Mb/250Mb. The clients connect to WAN1 an goes to Internet trought the WAN2 or viceversa.

Regards

Pippin

So,

Client -> OVPNWAN1 -> OVPNWAN2 -> ???

Better draw a clear diagram...

stephenw10

Most tests only test in one direction at a time so whilst that traffic has to go in and out at the VPN server the reply traffic the other way is minimal so I would expect somewhere close to the line rate. But, yeah, any reply traffic there is will reduce the potential test rate.

Steve

ramses.sevilla

@Pippin this's the diagram:

Case 1.- Client -> Internet -> OVPN-WAN1 -> WAN2 -> Internet

Case 2.- Client -> Internet -> OVPN-WAN2 -> WAN1 -> Internet

Regards

pwood999

Assuming the Client is at a remote location, maybe the client VPN software is limiting the speed ?

ramses.sevilla

Hi @pwood999

I think that no because OpenVPN Client is installed by default and I think that isn't limited in any direction.

stephenw10

So to be clear you're seeing the same throughput when connecting via either WAN?

Steve

ramses.sevilla

Hi @stephenw10

I don't understand the question.

Regards

pwood999

If the Server has 250Mb/250Mb. and the Client side has 300Mb/300Mb then the issue must be either server or client performance, unless you have some other limiters configured.

ramses.sevilla

Hi @pwood999

This is clear, but what can I do?. This is the question...

Do I need to change any OVPN parameter?

No, I haven't configured any limiter on any side.

Regards

stephenw10

@ramses-sevilla said in Upstream very low compared with downstream traffic with OpenVPN Client.:

I don't understand the question.

You showed two connection cases, connecting via WAN1 or connecting via WAN2.

Do you see the same throughput restriction in both cases?

Steve

pwood999

What hardware are your HA PfSense pair running on ?
Are you using physical or virtual machines ?
What CPU & OS does the client PC use ?

Might be worth posting your OpenVPN configs (excluding public IP & secrets).

Also maybe this thread should be moved to OpenVPN forum ?