Slow speeds with NordVPN Client on PFSense 2.4.5
-
I could not get the NordVPN to work with 2.5.2 so I downgraded to 2.4.5.
Now it works but the speeds are very low.
I have followed this guide to setup the VPN client: https://support.nordvpn.com/Connectivity/Router/1620787982/pfSense-2-4-5-setup-with-NordVPN.htmMy PFSense's box specs:
Speeds measured from MacMini using NordVPN client from PFSENSE:
Speeds measured from Windows PC with the NordVPN client connected to US#9373 server:
What could be causing the speeds to be so slow through the PFSense? What could I adjust in the OpenVPN client settings to improve the speeds?
-
@cielak221 You are testing with two different peers in your speedtest. I'd use the same one so I can actually compare the speeds - we don't know if the "blackburn tech" has just a slower connection.
I'd also post my VPN config as otherwise one doesn't know what you have configured. Downgrading from 2.5.2 to 2.4.5 is nonsense, too. OpenVPN is OpenVPN - just because their documentation isn't up to date doesn't mean you have to downgrade your security. That's utter nonsense. Why should I downgrade my firewall to an older/less secure release to use some "cool VPN security".
You don't have to downgrade your PC/installed version of the OpenVPN Client to 2.4.x either so why should you have to with pfSense? :)Just flew over their guide to setup - don't see anything that shouldn't work with pfSense 2.5.2 besides setting up nonsense options like supplying "remote-random" but only using one remote for their server. So I'd just follow the guide and check what the service will post in the logs and modify the client settings accordingly. I'm certain things like
remote-random tls-client persist-key persist-tunare unneccesary as they are set by pfSense itself - no need to put them in adv. options. Also using the WebUI cert as a "dummy" is nonsense too. With 2.5.2 you can simply select "none" and just supply user/pass, that's what they do anyway as the never install/import an actual client certificate (so that won't be checked by their servers and is void). Setting the MTUs and MSSFIXes is fine I guess. Always depends on your end of the line. With a bad ISP or overhead that values could also be lower.
I'd recommend to delete the VPN entry, upgrade to 2.5.2 again, make sure everything else (including a speedtest) is working as expected and then re-create their VPN again on 2.5.2. Shouldn't be too hard.
Cheers
\jensEdit: Also: check https://support.nordvpn.com/Connectivity/Router/1626958942/pfSense-2-5-Setup-with-NordVPN.htm instead of your 2.4.5 link :)
Edit 2: please stop their guide after setting up the OpenVPN. The rest of it is just stupid if the tunnel doesn't work in the first place as you are guided to "cripple" your system to only ever use NordVPN ressources e.g. DNS servers etc etc and will destroy a working IPv6 configuration or the normal default LAN any any rule. For someone not knowing about policy based routing, DNS resolver internals or problems etc. that writeup is a pretty guide to destroy your working configuration and centralise everything over their infrastructure.
