Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow speeds with NordVPN Client on PFSense 2.4.5

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cielak221
      last edited by

      I could not get the NordVPN to work with 2.5.2 so I downgraded to 2.4.5.
      Now it works but the speeds are very low.
      I have followed this guide to setup the VPN client: https://support.nordvpn.com/Connectivity/Router/1620787982/pfSense-2-4-5-setup-with-NordVPN.htm

      My PFSense's box specs:
      2021-09-19 16_53_57-MLC-PFSENSE.localdomain - Status_ Dashboard and 1 more page - Personal - Microso.png

      Speeds measured from MacMini using NordVPN client from PFSENSE:
      2021-09-19 16_52_59-10.0.1.18 (MLC-MACMINI) - VNC Viewer.png
      Speeds measured from Windows PC with the NordVPN client connected to US#9373 server:
      2021-09-19 16_50_51-Window.png

      What could be causing the speeds to be so slow through the PFSense? What could I adjust in the OpenVPN client settings to improve the speeds?

      JeGrJ 1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator @cielak221
        last edited by JeGr

        @cielak221 You are testing with two different peers in your speedtest. I'd use the same one so I can actually compare the speeds - we don't know if the "blackburn tech" has just a slower connection.

        I'd also post my VPN config as otherwise one doesn't know what you have configured. Downgrading from 2.5.2 to 2.4.5 is nonsense, too. OpenVPN is OpenVPN - just because their documentation isn't up to date doesn't mean you have to downgrade your security. That's utter nonsense. Why should I downgrade my firewall to an older/less secure release to use some "cool VPN security".
        You don't have to downgrade your PC/installed version of the OpenVPN Client to 2.4.x either so why should you have to with pfSense? :)

        Just flew over their guide to setup - don't see anything that shouldn't work with pfSense 2.5.2 besides setting up nonsense options like supplying "remote-random" but only using one remote for their server. So I'd just follow the guide and check what the service will post in the logs and modify the client settings accordingly. I'm certain things like

        remote-random
        tls-client
        persist-key
        persist-tun
        

        are unneccesary as they are set by pfSense itself - no need to put them in adv. options. Also using the WebUI cert as a "dummy" is nonsense too. With 2.5.2 you can simply select "none" and just supply user/pass, that's what they do anyway as the never install/import an actual client certificate (so that won't be checked by their servers and is void). Setting the MTUs and MSSFIXes is fine I guess. Always depends on your end of the line. With a bad ISP or overhead that values could also be lower.

        I'd recommend to delete the VPN entry, upgrade to 2.5.2 again, make sure everything else (including a speedtest) is working as expected and then re-create their VPN again on 2.5.2. Shouldn't be too hard.

        Cheers
        \jens

        Edit: Also: check https://support.nordvpn.com/Connectivity/Router/1626958942/pfSense-2-5-Setup-with-NordVPN.htm instead of your 2.4.5 link :)

        Edit 2: please stop their guide after setting up the OpenVPN. The rest of it is just stupid if the tunnel doesn't work in the first place as you are guided to "cripple" your system to only ever use NordVPN ressources e.g. DNS servers etc etc and will destroy a working IPv6 configuration or the normal default LAN any any rule. For someone not knowing about policy based routing, DNS resolver internals or problems etc. that writeup is a pretty guide to destroy your working configuration and centralise everything over their infrastructure.

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 2
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.