ANSWERED My isp is 300+ mbps but on AirVPN it's 10 mbps

[icedearth1776 0]

Greetings.

 

I have an intel processor so I have all the hardware crypto settings set for Intel / rd-rand.  Is this where the action is at or should I be looking elsewhere?

 

Thanks.

[go558a83nk 360]

Is this the action you're looking for?

 

[icedearth1776 0]

Umm.. maybe.  I'm connecting to the netherlands and my speeds are nowhere near what I see on that top ten list.

[nick75 25]

Hi,

 

First try servers close to you then go farther.

Also try these.

[icedearth1776 0]

Thanks for the tip!

 

So I used Eddie on my laptop and I get close to 200 mbps connecting to a server in the NL.  This bypasses pfsense. I'm only getting 10-20 mpbs in pfsense via openvpn when connected to the same server.  

 

I'm not sure what to look at to try to fix this.

[nick75 25]

Look there, you'll probably get more information.

What is the CPU of your pfsense box?

[go558a83nk 360]

Greetings.

 

I have an intel processor so I have all the hardware crypto settings set for Intel / rd-rand.  Is this where the action is at or should I be looking elsewhere?

 

Thanks.

 

so, actually, an AES-NI CPU is used by openvpn/openssl automatically.  In fact, many people find better performance completely disabling hardware crypto support in the advanced settings of pfsense.  Sounds crazy, but I tested it on my AMD CPU and performance is increased.

 

again, try selecting "none" in system>advanced>miscellaneous>cryptographic hardware.  Also select "none" for hardware crypto in the openvpn client setup.  Then reboot.

 

However, your speeds are so diminished as compared to Eddie that I suspect something else needs to be fixed first.

[icedearth1776 0]

Look there, you'll probably get more information.

What is the CPU of your pfsense box?

 

It's an Intel Core i7 4785T.  Yes, that was the awesome guide I followed.

 

When I get home I'll try it without the hardware crypto and see what happens.  Does Eddie use hardware crypto by default?

[icedearth1776 0]

 

Greetings.

 

I have an intel processor so I have all the hardware crypto settings set for Intel / rd-rand.  Is this where the action is at or should I be looking elsewhere?

 

Thanks.

 

so, actually, an AES-NI CPU is used by openvpn/openssl automatically.  In fact, many people find better performance completely disabling hardware crypto support in the advanced settings of pfsense.  Sounds crazy, but I tested it on my AMD CPU and performance is increased.

 

again, try selecting "none" in system>advanced>miscellaneous>cryptographic hardware.  Also select "none" for hardware crypto in the openvpn client setup.  Then reboot.

 

However, your speeds are so diminished as compared to Eddie that I suspect something else needs to be fixed first.

 

I will try turning hardware crypto off tonight but yes, I wonder what could possibly need fixing... I'll have a look at the switch tonight.. maybe something is up with auto-negotiation or who knows what else...

[icedearth1776 0]

Update: I disabled crypto in both places and now my downloads are hovering around 50-60.  It's an improvement! But I am under the impression I would take about a 10-50% hit, so I was expecting speeds around 150 at least.

 

Hmm.. I'm at a loss, not sure what to look at.

 

EDIT: I completely ignored the recommendation to try to find local servers.  I just tried this and yes, there is even a larger improvement.  But I'm in a habit of not choosing local servers, and with Eddie I'm getting 110, with pfsense/openvpn, I'm getting 60.

[go558a83nk 360]

Update: I disabled crypto in both places and now my downloads are hovering around 50-60.  It's an improvement! But I am under the impression I would take about a 10-50% hit, so I was expecting speeds around 150 at least.

 

Hmm.. I'm at a loss, not sure what to look at.

 

EDIT: I completely ignored the recommendation to try to find local servers.  I just tried this and yes, there is even a larger improvement.  But I'm in a habit of not choosing local servers, and with Eddie I'm getting 110, with pfsense/openvpn, I'm getting 60.

 

Are pfsense and eddie using the exact same port and protocol?  Have you tried messing with mssfix settings, receive and send buffer in pfsense?

[icedearth1776 0]

 

Update: I disabled crypto in both places and now my downloads are hovering around 50-60. It's an improvement! But I am under the impression I would take about a 10-50% hit, so I was expecting speeds around 150 at least.

 

Hmm.. I'm at a loss, not sure what to look at.

 

EDIT: I completely ignored the recommendation to try to find local servers. I just tried this and yes, there is even a larger improvement. But I'm in a habit of not choosing local servers, and with Eddie I'm getting 110, with pfsense/openvpn, I'm getting 60.

Are pfsense and eddie using the exact same port and protocol? Have you tried messing with mssfix settings, receive and send buffer in pfsense?

 

 

Sent from my iPhone using Tapatalk

[icedearth1776 0]

Wait where are these settings?

 

 

Sent from my iPhone using Tapatalk

[go558a83nk 360]

Wait where are these settings?

 

 

Sent from my iPhone using Tapatalk

 

those are settings you'd write in the custom options of the openvpn client

[icedearth1776 0]

Oh right.  I remember pasting it there, but rather nonchalantly.... So if I find anything that differs from Eddie, I suppose changing it accordingly would be in good order.

[icedearth1776 0]

Whoa! mssfix 1450; made all of the difference, thanks.  Now I'm above 130!

 

I will need to read up on it.

[icedearth1776 0]

Ok, not sure what happened here but I added a few other settings such as 

 

tun-mtu 1500;
keepalive 5 15;

 

and then speeds went back down to 10mbps.  I reverted to what I had before with simpy mssfix 1450, and now I'm unable to replicate the 150 mbps speeds as it's now stuck again in the 10-20 mpbs range.