Weird slow OpenVpn connection

d.k

Before I switched to Pfsense I had a ASUS router where openvpn ran way faster! Now I get weird slow speeds nearly to unusable on Pfsense!

Here are the speedtests and the settings in screenshots!:
https://ibb.co/g98x8tz
https://ibb.co/ZVmYLRW
https://ibb.co/TkkT787
https://ibb.co/44pm3fx
https://ibb.co/rbRjctD
https://ibb.co/zVHtqLr
https://ibb.co/2M0ptd2
https://ibb.co/nzL9Zf0
https://ibb.co/gSPzbC4
https://ibb.co/BcYnxW2
https://ibb.co/0qmckDP
https://ibb.co/DzgSJKR
https://ibb.co/VBHj1zZ
https://ibb.co/48D0KbZ
https://ibb.co/K0YHdtr

I have read already a few articles where was suggested to enable hardware acceleration but it only helped a bit!

I would appreciate some help with that!

Gertjan

@d-k

How is your pfSense WAN set up ? Upstream ISP router ?

d.k

@Gertjan I am not sure if that is what you mean but:
The Pfsense is connected directly to the isp router (modem)!

Gertjan

@d-k said in Weird slow OpenVpn connection:

The Pfsense is connected directly to the isp router (modem)!

Humm , that was what I wanted to know.
Is it a router ?
Or a modem....
If its a router, your WAN IP of pfSense is a RFC1918 (= 10/8, 172.16/12, 192.168/16) and in that case its simple to place a switch between the pfSense WAN and the ISP router's LAN, so you can add wired PC or an Access Point.
When that done, install the OpenVPN connect app, set up the paramters (using as a connection IP, the WAN IP of pfSense) and now you've a wired connection directly. Now you have a OpenVPN access speed test, and you control the entire network.
Btw ; if you are still using a 'remote' test site like the classic Spedtest.net app, you still need your ISP WAN connection, if if that s*cks at that moment, then yeah, OpenVPN will look slow (also)

I'm pretty sure you'll sudden you'll see a full speed connection now, as you've eliminated the entire "ISP network and whatever you use as a so called 5G".

Btw : I've a 1 Gbit connection upstream down stream. Tested with my recent iPhone this morning my VPN connection.
125 Mbits up (from pfSense to my phone) and 25 mbits down (from my phone to pfSense).
Maybe normal, because everybody is working again this morning after the end-of-year holidays.
I've seen 3 times better also.

On what device is pfSense running ?

d.k

@Gertjan I use a slightly modified Dell Precision Tower 3620 with a 4 port nic intel! The nic is wan and lan!

I have 470 down and 20up!

d.k

@Gertjan I don’t understand why the connection is on that way better hardware so much slower then on the small slow ASUS router! Yes I indeed used mobile data network to connect but I used to do that and never had such a slow connection!

Gertjan

@d-k said in Weird slow OpenVpn connection:

Dell Precision Tower 3620 with a 4 port nic intel!

Without knowing more about your Dell, I'm pretty sure it has a 1 Gbits/sec BICs for a WAN and a LAN.
This device can easily completely fill up the up and down stream of your ISP.
And it will "eat through a VPN connection like cake".

@d-k said in Weird slow OpenVpn connection:

but I used to do that and never had such a slow connection!

Like me this morning.
Normally, a couple of hundreds of Mbits/sec and this morning, it was crawling.

Again, if you have a NAS or something like that, and you can connect a PC on the WAN side of pfSense, do a NAS transfer direcly (open up the ports on WAN first) and do also a OpenVPN test with a OpenVPN client on the PC and the OpenVPN server on pfSense.

You didn't add weird stuff like jumbo packets on WAN (just an example) or anything else special that is not 'default' ?

d.k

@Gertjan No pretty much everything should still be standard except firewall rules And Nat port forwarding!

Decepticon

I know it sounds strange, but try changing from UDP to TCP.

I have found that the very same OpenVPN tunnel on TCP works faster than UDP. I know it's supposed to be the other way around, but my real world experience has consistently been the opposite.

Alternatively, you might have an MTU issue. Either way, TCP may paradoxically speed things up.

d.k

@Decepticon I am already running on TCP!

This is the nic I use for wan and lan!

https://a.co/d/gvQPQjX

d.k

@Decepticon I also tried UDP Protocol and exact the same speed as TCP!

Decepticon

This post is deleted!

Decepticon

In that case, I don't know. My personal view is that pfSense makes OpenVPN much more complicated than it needs to be. Ideally, I'd just paste my OpenVPN configuration file into a field and it would work. Instead, pfSense breaks all the options into separate entries on a webpage. It may be that in one of those many options, you've changed something. Or it may be that your new hardware is just less capable than your old one when it comes to OpenVPN.

My best recommendation is to use Wireguard, which is way faster than OpenVPN. The implementation in pfSense is much easier to map to a configuration file.

d.k

@Decepticon Ok I’ll check it out thanks!

I also did a run from my computer and from 550up I went down to 50up that’s pretty interesting so it’s not the mobile network 5g connection that is the problem!

d.k

@Decepticon I found the issue I watched a second tutorial and saw that he didn’t use TCP and IPV6 on all interfaces (multidimensional) instead he used only TCP on IPv4 only! And that speeds up to the speed it should be!

Decepticon

@d-k

I'm glad that my suggestions pointed you in the right direction!

d.k

@Decepticon yup thanks!