Jump to content
Not connected, Your IP: 18.204.42.98
Panja

pfSense install - speeds are rather slow

Recommended Posts

what kind of hardware do you have

if your at that speeds you sound like you are using higher send and receive buffers.  thats a good start

Share this post


Link to post

you need to try different datacenters for different routes.  all the NL servers are in the same datacenter I think.

Does your CPU support AES-NI?

Share this post


Link to post

My pfSense box has the following hardware:

Processor: i5-5250U (2C, 4T)
Ram: 8GB ram
AES-NI CPU Crypto: Yes (active)
Hardware crypto: AES-CBC,AES-XTS,AES-GCM,AES-ICM

I will have a look with different servers and diffenct DC's.
I will test some more!

Share this post


Link to post
On 11/30/2019 at 1:08 PM, Air4141841 said:

what kind of hardware do you have

if your at that speeds you sound like you are using higher send and receive buffers.  thats a good start


What size do you suggest?
I'm already using 512KB.

The problem seems to be always happening in the evening hours (CET).
Just tried 3 of the recommended (server status page) servers in NL and all give me max 30mbit.
On my laptop without AirVPN I'm hitting 250mbit without problems.

Share this post


Link to post
3 minutes ago, Panja said:

What size do you suggest?
I'm already using 512KB.

The problem seems to be always happening in the evening hours (CET).
Just tried 3 of the recommended (server status page) servers in NL and all give me max 30mbit.
On my laptop without AirVPN I'm hitting 250mbit without problems.


quit trying the same NL datacenter. obviously your route is poor and is especially congested during peak hours (evening). 

try other datacenters.

Share this post


Link to post

Ok, I will try others.
But shouldn't the route be better if the DC is close by instead of further away?

Share this post


Link to post
13 minutes ago, Panja said:

Ok, I will try others.
But shouldn't the route be better if the DC is close by instead of further away?


it could be that the route is overloaded or your ISP has poor bandwidth to whatever intermediate network(s) is used.

Share this post


Link to post

I see! Thanks for clearing that up. I've tried a BE server now and getting better speeds.

Share this post


Link to post
17 minutes ago, Panja said:

But shouldn't the route be better if the DC is close by instead of further away?


On the internet we're all interconnected by fiber. If you let light carry your messages, it will travel with light speed obviously. The only problem are all the devices in between, routing and switching: They delay it, sometimes by quite a bit.
In general, but only in general, the farther you and your destination are located, the more of these devices you might need to traverse. BUT, these devices are usually strong backbones who can handle a tremendous amount of data, so sometimes you might even have a better connection to a server a bit farther away, just like I experienced a few years ago in Germany connecting to Switzerland.

These router interconnections are happening on the basis of agreements between organizations or other entities who are in control of certain Autonomous Systems, or AS. Between those AS, there are two kinds of agreements: Transmit and Peering. While you pay a usually better connected AS owner than yourself to forward your traffic, peering is done mutually with lower cost, i.e., both agree to forward the other's traffic - and they publically make it known. Hence, they are publically viewable, for example on HE's BGP toolkit. While this is not the Holy Grail (it certainly has it's weaknesses), it gives a much better idea of how well you are connected to certain servers. So when I started making sure the servers I connect to have a direct BGP route to the AS of AirVPN's servers, throughput problems were rarely seen, even if it meant to connect to Switzerland instead of Frankfurt (which is nearer to my physical location).

Also what can happen with geographically closer servers is that an ISP in Germany for example might route traffic through a US east coast server because it's cheaper, less loaded or simply because the ISP doesn't "trust" the only big peering provider in Germany he has an agreement with (= ranks it down or so). The BGP toolkit can uncover this to some extent. Routing outside your ISP is quite a stage for politics.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

That's a great write up!
Many thanks. It makes things clearer to me.

The only "problem" I'm facing now is that my clients/users are now in BE.
So for instance Google gives results for BE websites.
Of course this is a layer 8 problem. 😉
But I will have to explain wife and kids how to use it.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...