Odd openVPN speed difference



  • I have a speed issue that makes no sense to me. I am using IPVanish and connecting as a client with the intention of having all the house computers go through the VPN.
    When Connecting to my ISP, with no VPN, I get 75Mbit down and 35Mbit upload speed. If I run the app from IPvanish on one of my PCs, I get around 40Mbit down and 25up.
    When I use my pfsense box to connect I am currently getting 19Mbit down and 25 Mbit UP!

    My system is net- modem -pfsense box -router as accesspoint -computers.

    I followed the setup  from http://forum.pfsense.org/index.php/topic,66467.0.html

    I have also changed  net.inet.ip.fastforwarding IP Fastforwarding (1)

    Which seems to help with the upload speed.

    Are these kind of speed drops normal or am I missing something in the setup out of utter noobocity? If I can get the pfsense to match the performance of the windows app I will be more than happy. Any suggestions ?
    Thanks
    S

    This is my config file.
    fast-io;route-delay 2;tun-mtu 1500;persist-key;persist-tun;persist-remote-ip;auth-user-pass /conf/ipvanish.auth;verb 3;auth SHA256;keysize 256;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;

    This is my openvpn logfile from a manual restart (its upside down)

    Apr 5 02:04:11 openvpn[88160]: Initialization Sequence Completed
    Apr 5 02:04:11 openvpn[88160]: /sbin/route add -net 128.0.0.0 172.20.32.1 128.0.0.0
    Apr 5 02:04:11 openvpn[88160]: /sbin/route add -net 0.0.0.0 172.20.32.1 128.0.0.0
    Apr 5 02:04:11 openvpn[88160]: /sbin/route add -net 103.16.26.193 192.168.0.1 255.255.255.255
    Apr 5 02:04:09 openvpn[88160]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 172.20.32.127 255.255.248.0 init
    Apr 5 02:04:09 openvpn[88160]: /sbin/route add -net 172.20.32.0 172.20.32.127 255.255.248.0
    Apr 5 02:04:09 openvpn[88160]: /sbin/ifconfig ovpnc1 172.20.32.127 172.20.32.127 mtu 1500 netmask 255.255.248.0 up
    Apr 5 02:04:09 openvpn[88160]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Apr 5 02:04:09 openvpn[88160]: TUN/TAP device /dev/tun1 opened
    Apr 5 02:04:09 openvpn[88160]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Apr 5 02:04:09 openvpn[88160]: ROUTE_GATEWAY 192.168.0.1
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: route-related options modified
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: route options modified
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: –ifconfig/up options modified
    Apr 5 02:04:09 openvpn[88160]: Socket Buffers: R=[65536->262144] S=[65536->65536]
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: –sndbuf/--rcvbuf options modified
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: explicit notify parm(s) modified
    Apr 5 02:04:09 openvpn[88160]: OPTIONS IMPORT: timers and/or timeouts modified
    Apr 5 02:04:09 openvpn[88160]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.32.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.32.127 255.255.248.0'
    Apr 5 02:04:09 openvpn[88160]: SENT CONTROL [hkg-c01.ipvanish.com]: 'PUSH_REQUEST' (status=1)
    Apr 5 02:04:06 openvpn[88160]: [hkg-c01.ipvanish.com] Peer Connection Initiated with [AF_INET]103.16.26.193:443
    Apr 5 02:04:06 openvpn[88160]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Apr 5 02:04:06 openvpn[88160]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Apr 5 02:04:06 openvpn[88160]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Apr 5 02:04:06 openvpn[88160]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Apr 5 02:04:06 openvpn[88160]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Apr 5 02:04:06 openvpn[88160]: VERIFY OK: depth=0, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=hkg-c01.ipvanish.com, emailAddress=support@ipvanish.com
    Apr 5 02:04:06 openvpn[88160]: VERIFY OK: depth=1, C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
    Apr 5 02:04:06 openvpn[88160]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Apr 5 02:04:06 openvpn[88160]: TLS: Initial packet from [AF_INET]103.16.26.193:443, sid=6a5c053c ab493169
    Apr 5 02:04:06 openvpn[88160]: UDPv4 link remote: [AF_INET]103.16.26.193:443
    Apr 5 02:04:06 openvpn[88160]: UDPv4 link local (bound): [AF_INET]192.168.0.2
    Apr 5 02:04:05 openvpn[87825]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Apr 5 02:04:05 openvpn[87825]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 5 02:04:05 openvpn[87825]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Apr 5 02:04:05 openvpn[87825]: WARNING: file '/conf/ipvanish.auth' is group or others accessible
    Apr 5 02:04:05 openvpn[87825]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Apr 5 02:04:05 openvpn[87825]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 27 2014
    Apr 5 02:04:05 openvpn[97253]: SIGTERM[soft,exit-with-notification] received, process exiting
    Apr 5 02:04:05 openvpn[97253]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1570 172.20.32.127 255.255.248.0 init
    Apr 5 02:04:05 openvpn[97253]: Closing TUN/TAP interface
    Apr 5 02:04:05 openvpn[97253]: /sbin/route delete -net 128.0.0.0 172.20.32.1 128.0.0.0
    Apr 5 02:04:05 openvpn[97253]: /sbin/route delete -net 0.0.0.0 172.20.32.1 128.0.0.0
    Apr 5 02:04:05 openvpn[97253]: /sbin/route delete -net 103.16.26.193 192.168.0.1 255.255.255.255
    Apr 5 02:04:00 openvpn[97253]: SIGTERM received, sending exit notification to peer
    Apr 5 02:04:00 openvpn[97253]: event_wait : Interrupted system call (code=4)



  • What version of pfsense are you using?

    Just tried with the latest version 2.1.1-RELEASE and its not working with IP vanish. It gets an IP address fine but  nothing more.



  • using the current 2.1.1, originally setup on 2.1.0. both connect ok.

    Try following the tutorial I linked above.

    I am having an issue with speeds and also an odd time out fail to reconnect issue.


Log in to reply