-
Hi everyone,
I have installed a HA pfSense 2.4.4 with two WAN and one LAN.
Both WAN Interfaces are connected to two ISP lines with 250Mb/250Mb (Down/Up).
Both WAN Interfaces are serving a OpenVPN Server each one.
When I check the bandwith with speedtest.net from a PC in the LAN I obtain 250Mb/250Mb (Down/Up).
When I connect a OpenVPN Client to OpenVPN Server 1 (WAN1), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN2) and when I connect a OpenVPN Client to OpenVPN Server 2 (WAN2), and send all traffic through the VPN, the traffic input/output by the otrher WAN interface (WAN1).
When I check the bandwith with speedtest.net from the OpenVPN Client in the WAN1/WAN2 I obtain 200Mb/50Mb (Down/Up).
Do you know why may be that the upstream is so low?
Regards and thanks,
Ramsés
-
Where are you connecting from to test that?
The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.
Steve
-
Actually, the VPN performance would be limited by the upload in both directions. For example, I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions, no matter what the download is capable of.
-
@stephenw10 said in Upstream very low compared with downstream traffic with OpenVPN Client.:
Where are you connecting from to test that?
The upload speed in the VPN would still be limited by the local upload bandwidth at some remote test site.
SteveHi Steve,
I'm connecting from Spain.
Regards
-
Server side you have 250/250.
How much on client side, that's the question ;) -
-
@JKnott said in Upstream very low compared with downstream traffic with OpenVPN Client.:
I have a 75/10 Mb package. If my VPN were connected to someone else with the same configuration, that VPN would be limited to 10 Mb in both directions,
What about 5 Mb/sec ?
I imagine something like this :
Someone from the outside world connects to your 75/10 Mb VPN server.
This some one executes a speed test, available on the net.
This connection comes in over the "75Mb/sec" VPN pipe, using the WAN interface.
And goes out over the same WAN interface pipe, over the 10Mb/sec pipe to the speed test server.
Then comes back over the 75Mb/sec WAN pipe.
Goes over the VPN 10Mb/sec pipe to the "some one".The 75 and 10 pipe will get used each twice.
In theory, 10 Mb/sec will be cut in half. (right ?)True, (VPN) compression could help here. And VPN traffic control will add some overhead.
-
If you are in fact going in and out through the same interface twice, then yes throughput will be cut in half.
-
Hi @Gertjan
In that situation is correct but in my case I have two WAN with 250Mb/250Mb. The clients connect to WAN1 an goes to Internet trought the WAN2 or viceversa.
Regards
-
So,
Client -> OVPNWAN1 -> OVPNWAN2 -> ???
Better draw a clear diagram...
-
Most tests only test in one direction at a time so whilst that traffic has to go in and out at the VPN server the reply traffic the other way is minimal so I would expect somewhere close to the line rate. But, yeah, any reply traffic there is will reduce the potential test rate.
Steve
-
@Pippin this's the diagram:
Case 1.- Client -> Internet -> OVPN-WAN1 -> WAN2 -> Internet
Case 2.- Client -> Internet -> OVPN-WAN2 -> WAN1 -> Internet
Regards
-
Assuming the Client is at a remote location, maybe the client VPN software is limiting the speed ?
-
Hi @pwood999
I think that no because OpenVPN Client is installed by default and I think that isn't limited in any direction.
-
So to be clear you're seeing the same throughput when connecting via either WAN?
Steve
-
-
If the Server has 250Mb/250Mb. and the Client side has 300Mb/300Mb then the issue must be either server or client performance, unless you have some other limiters configured.
-
Hi @pwood999
This is clear, but what can I do?. This is the question...
Do I need to change any OVPN parameter?
No, I haven't configured any limiter on any side.
Regards
-
@ramses-sevilla said in Upstream very low compared with downstream traffic with OpenVPN Client.:
I don't understand the question.
You showed two connection cases, connecting via WAN1 or connecting via WAN2.
Do you see the same throughput restriction in both cases?
Steve
-
What hardware are your HA PfSense pair running on ?
Are you using physical or virtual machines ?
What CPU & OS does the client PC use ?Might be worth posting your OpenVPN configs (excluding public IP & secrets).
Also maybe this thread should be moved to OpenVPN forum ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.