Jump to content
Not connected, Your IP: 44.200.77.59
d0gb0y23

pfsense 2.4.5 on qotom Q375G4 with AirVPN and Virgin Media

Recommended Posts

Hi folks,

I am writing becuse I can't get to the bottom of slow speeds with my pfsense setup... When I compare with Eddie 100Mb +, my pfsense box is only getting about 30Mb throughput. I have setup based on the latest guide at nguvu and everything is working, it's just not running at decent speeds.

If I use Eddie on my win10 machine, the connection is fine.

I'm not convinced is a VM issue, as Eddie is all good. I have AES-NI enabled in pfSense and Intel RDRAND engine selected for hardware crypto. My box is a Qotom Q375G4   Intel(R) Core(TM) i7-5550U CPU @ 2.00GHz.

The CPU *never* goes above 2% so I am not convinced hardware crypto is working.... I am baffled... I have been battling this for a year now and decided to start from scratch using the nguvu guide, but still my throughput sucks. Can anyone advise?

My AirVPN settings are:

tls-crypt, tls1.2

UDP - 443
AES-256-CBC 256bit /128bit block
AES-256-GCM
SHA512 (512bit)

Custom options:
client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache;

If anyone has any experience, maybe there is a setting I am missing or perhaps something in the bios, it feels like the hardware encryption isn't playing ball, but I can't figure out how to test it.

Any advice much appreciated, thank you...

Nick

 

Share this post


Link to post

Worth trying to adjust send/receive buffers on the openvpn config page like mentioned above, I had to put mine to 512k and even try 1 or 2 MiB with my VM connection and it was fine hitting full download speeds.

Worth also trying the settings found on the original
pfsense guide from pfsensefan (https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
:

Encryption Algorithm = [ AES-256-CBC (256 bit) ▼]

Auth Digest Algorithm = [ SHA1 (160 bit) ▼]


Also delete the advanced configuration>custom options box at bottom of openvpn config page and try it without anything in the box and then save and then try it again with the custom settings, see if that makes any difference.

Also try different UK airvpn servers, some perform better than others so try all of them Manchester, London, generally it's the ones closest to you which are best but not always I found.

Sometimes speed test sites are not going to show the full speed due to servers, vpn use etc so try downloading 3 Ubuntu iso torrent files with your torrent app or que up several free public torrents from here:

http://bt.etree.org/

This should max out your speed within minutes, I found these type of test much more reliable then speed test sites.

you can also try a file speed test here with large file button:
https://www.thinkbroadband.com/download

Really there is no reason why your 2ghz AES cpu can't max out your Virgin Media BB connection I hit over 200meg+ easily with my pfsense with 2.4ghz aes cpu, usually I found it was settings on the openvpn config page or the UK server I was using holding me back. Also to note Virgin media has been having major network issues across the UK this week its still down for many, and during lock down peroid the speeds have been up and down, I live in a high utilization area so can get capped by 50% at random times and usually after 6pm-10pm will auto get 50% capped (not sure if its same for yourself) so best to do heavy downloads in morning or early hours ie after 11.59pm midnight or 1am morning.
 

Share this post


Link to post
42 minutes ago, Lee47 said:

Worth trying to adjust send/receive buffers on the openvpn config page like mentioned above, I had to put mine to 512k and even try 1 or 2 MiB with my VM connection and it was fine hitting full download speeds.

Worth also trying the settings found on the original
pfsense guide from pfsensefan (https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
:

Encryption Algorithm = [ AES-256-CBC (256 bit) ▼]

Auth Digest Algorithm = [ SHA1 (160 bit) ▼]


Also delete the advanced configuration>custom options box at bottom of openvpn config page and try it without anything in the box and then save and then try it again with the custom settings, see if that makes any difference.

Also try different UK airvpn servers, some perform better than others so try all of them Manchester, London, generally it's the ones closest to you which are best but not always I found.

Sometimes speed test sites are not going to show the full speed due to servers, vpn use etc so try downloading 3 Ubuntu iso torrent files with your torrent app or que up several free public torrents from here:

http://bt.etree.org/

This should max out your speed within minutes, I found these type of test much more reliable then speed test sites.

you can also try a file speed test here with large file button:
https://www.thinkbroadband.com/download

Really there is no reason why your 2ghz AES cpu can't max out your Virgin Media BB connection I hit over 200meg+ easily with my pfsense with 2.4ghz aes cpu, usually I found it was settings on the openvpn config page or the UK server I was using holding me back. Also to note Virgin media has been having major network issues across the UK this week its still down for many, and during lock down peroid the speeds have been up and down, I live in a high utilization area so can get capped by 50% at random times and usually after 6pm-10pm will auto get 50% capped (not sure if its same for yourself) so best to do heavy downloads in morning or early hours ie after 11.59pm midnight or 1am morning.
 


those are old settings.  AES-256-GCM is faster. and SHA512 is for tls-crypt configs.

 

Share this post


Link to post

My buffer is set to 512kb... its weird because shortly after I posted that message I did get 120meg speeds... via Chow... it is, however, inconsistent, and I can't tell if its Virgin or AirVPN or both... Because the speeds can deviate over the course of a minute or two, its hard to check [I jump between Wifi networks, one is a clearnet]

Is it worth me sticking with a single Air server? Currently I use the UK address which I believe dynamically assigns the server.

I'll try increasing the buffer size when I return home... I've always had problems with Virgin at this address, the speeds fluctuate massively....

Thank you for your advice folks... much appreciated

Nick

Share this post


Link to post
2 hours ago, d0gb0y23 said:

My buffer is set to 512kb... its weird because shortly after I posted that message I did get 120meg speeds... via Chow... it is, however, inconsistent, and I can't tell if its Virgin or AirVPN or both... Because the speeds can deviate over the course of a minute or two, its hard to check [I jump between Wifi networks, one is a clearnet]

Is it worth me sticking with a single Air server? Currently I use the UK address which I believe dynamically assigns the server.

I'll try increasing the buffer size when I return home... I've always had problems with Virgin at this address, the speeds fluctuate massively....

Thank you for your advice folks... much appreciated

Nick


If you're connected to a server with plenty of bandwidth left and you get intermittent good speed then any speed fluctuation is your ISP.  I see it too and it's all down to my ISP changing routes or something along the way being congested. 

Share this post


Link to post

With Virgin, I found that UDP performed terribly on the speedtests, but TCP was much better...  it takes seconds to change it and try.....

Share this post


Link to post

I switched back to default for the buffer size. I've got 2 laptops side by side one on clearnet the other on airvpn, the airvpn is d/l from thinkbroadband.com at 1MB/sec, the clearnet laptop at 6MB/sec. 15MB/sec.. so it's not virgin... I am baffled... like I said totally incconsistent.

I thought VM weren't supposed to shape traffic anymore? Unless AirVPN is the problem...

So confused...

Share this post


Link to post

AirVPN server is nowhere near capacity...

EDIT: I have just run Eddie on the clearnet laptop and it's only getting 1MB/sec... does this suggest its an AirVPN issue?

TIA

Share this post


Link to post

ASUS-RT-AC86U

On 5/8/2020 at 3:05 PM, d0gb0y23 said:

 [I jump between Wifi networks, one is a clearnet]

 


Wi-Fi ? Wi-Fi won't be the best way to test bb speeds or problems I would advise direct Ethernet connection from hub 3 to laptop then air client and pfsense direct Ethernet to laptop Ethernet port also on the other laptop. Also try torrents they max out your connection (ubuntu) and give much more accurate speed test since speed test sites can be hit-and-miss.

VM claims no such throttling, but they do manage overall usage to be fair during peak times usually evenings (8ish) but this also depends on area and line speed.

also, your 1MB/sec are you by chance running torrents around the same time you got those results or on that day ?

Your getting full speeds without airvpn so it feels like it's not your bb or line at fault. Perhaps something else wrong with your pfsense configuration, I always found the original pfsense fan guide to work well when I used pfsense few months ago, guides found here :
 

Maybe worth a shot, you can use nguvu updated openvpn settings on his guide and try rest of pfsense fans guide, alternatively
if you want to try a much quicker pfsense setup other vpn providers like mullvad have their pfsense guide (google it) takes like 10 minutes to do and again use nguvu openvpn settings instead since there for air and updated pfsense build.

Sadly it's a lot of fault-finding to find the culprit, alternatively as the worst case scenario maybe try a Router like the
ASUS-RT-AC86U with Merlin firmware(maybe get from Amazon so you can return it), takes 10-15 mins to set up airvpn and it supports AES, you can easily hit 200meg with Virgin Media, this is what I did in the end since it was just quicker and easier and less headache than pfsense.


 

Share this post


Link to post

Try your settings with AES-NI disabled everywhere. I had to replace my pfsense box (which was AES-NI enabled) with one which isn't and the speed increase in not subtle! I can't explain why, but I accept it. Settings (Hardware and OpenVPN) use the BSD crypto settings. CPU never goes over 15% when maxing out connection. Worth a try

Share this post


Link to post

I'm going to try BT's fibre offering on a trial and see if that helps... I did try with all encryption disabled, but there was no difference. I feel like this may be a Virgin Media Super Hub/ Puma6 issue, so I am going to try another ISP :)

Nick

Share this post


Link to post
On 5/27/2020 at 3:18 PM, d0gb0y23 said:

I'm going to try BT's fibre offering on a trial and see if that helps... I did try with all encryption disabled, but there was no difference. I feel like this may be a Virgin Media Super Hub/ Puma6 issue, so I am going to try another ISP :)

Nick


Virgin can be quite sketchy with details even if they claim they do not throttle or block or limit vpns or protocols, many claims they still do. They still claim the pumagate issues are fixed with the firmware but many still see the lag and issues and this still exist on the new hub 4 even.

I have a high utilization area (not sure if you are in one) but basically if virgin is the only high speed bb provider on your street it means the whole street will be on it so naturally you may get speed drops in evenings and peak times like 5pm-12 midnight time frame. I get a 50-70% speed drop during 6-11pm daily due to this.

If you have BT fibre offering a trial then I too would recommend this option.

Share this post


Link to post

well, I've had BTs engineers miss 3 appointments... so still waiting on that fibre.

VM is clearly over-subscribed in my area, they are sending an engineer out to test the co-ax, but we also have a clearnet that suffers from the same problems. I have been running a BQM from thinkbroadband on my line for a week now, and it is terrible [clearnet as opposed to airvpn].

Waiting patiently to compare with BT, side by side with VM. And then hopefully this will be over.
 

d57304ceefd2dc3af779d7b1ecb70b361b2f9fe6-10-06-2020.png

Share this post


Link to post
On 6/10/2020 at 12:24 PM, d0gb0y23 said:

well, I've had BTs engineers miss 3 appointments... so still waiting on that fibre.

VM is clearly over-subscribed in my area, they are sending an engineer out to test the co-ax, but we also have a clearnet that suffers from the same problems. I have been running a BQM from thinkbroadband on my line for a week now, and it is terrible [clearnet as opposed to airvpn].

Waiting patiently to compare with BT, side by side with VM. And then hopefully this will be over.
 

d57304ceefd2dc3af779d7b1ecb70b361b2f9fe6-10-06-2020.png


yeah that is unacceptable packet loss even on clear net, feels like a line fault though since it should be much more stable perhaps the engineer needs to redo the entire wiring again in the home. Its a tricky one if BT gave me even 100meg bb fiber speeds id 100% leap on that over even a 500meg bb virgin connection, quality over quantity !

 

Share this post


Link to post

Well BT has been great since a bumpy start, solid 500meg through wired clearnet, Airvpn languishing sometimes, but peaking at 250, I assume thats server issues... Need to set up a wired link through the VPN vlan and produce some proper results.

But at least our radio plays without issue now!

Share this post


Link to post
2 minutes ago, d0gb0y23 said:

Well BT has been great since a bumpy start, solid 500meg through wired clearnet, Airvpn languishing sometimes, but peaking at 250, I assume thats server issues... Need to set up a wired link through the VPN vlan and produce some proper results.

But at least our radio plays without issue now!


Lucky you are with BT so much better and reliable at least. I think it was said a while back hopefully someone can correct me but you probably won't peak 500meg I think if the air server is shared with others you may find 250-350 is the norm. Maybe try a more empty server or less busy one and give it a go, also the new openvpn beta is supposed to be faster I think its in the new eddie beta client or wintun driver.


 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...