Jump to content
Not connected, Your IP: 18.207.254.88
d0gb0y23

pfsense 2.4.5 on qotom Q375G4 with AirVPN and Virgin Media

Recommended Posts

Hi folks,

I am writing becuse I can't get to the bottom of slow speeds with my pfsense setup... When I compare with Eddie 100Mb +, my pfsense box is only getting about 30Mb throughput. I have setup based on the latest guide at nguvu and everything is working, it's just not running at decent speeds.

If I use Eddie on my win10 machine, the connection is fine.

I'm not convinced is a VM issue, as Eddie is all good. I have AES-NI enabled in pfSense and Intel RDRAND engine selected for hardware crypto. My box is a Qotom Q375G4   Intel(R) Core(TM) i7-5550U CPU @ 2.00GHz.

The CPU *never* goes above 2% so I am not convinced hardware crypto is working.... I am baffled... I have been battling this for a year now and decided to start from scratch using the nguvu guide, but still my throughput sucks. Can anyone advise?

My AirVPN settings are:

tls-crypt, tls1.2

UDP - 443
AES-256-CBC 256bit /128bit block
AES-256-GCM
SHA512 (512bit)

Custom options:
client; persist-key; persist-tun; remote-cert-tls server; prng sha256 64; mlock; auth-nocache;

If anyone has any experience, maybe there is a setting I am missing or perhaps something in the bios, it feels like the hardware encryption isn't playing ball, but I can't figure out how to test it.

Any advice much appreciated, thank you...

Nick

 

Share this post


Link to post

Worth trying to adjust send/receive buffers on the openvpn config page like mentioned above, I had to put mine to 512k and even try 1 or 2 MiB with my VM connection and it was fine hitting full download speeds.

Worth also trying the settings found on the original
pfsense guide from pfsensefan (https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
:

Encryption Algorithm = [ AES-256-CBC (256 bit) ▼]

Auth Digest Algorithm = [ SHA1 (160 bit) ▼]


Also delete the advanced configuration>custom options box at bottom of openvpn config page and try it without anything in the box and then save and then try it again with the custom settings, see if that makes any difference.

Also try different UK airvpn servers, some perform better than others so try all of them Manchester, London, generally it's the ones closest to you which are best but not always I found.

Sometimes speed test sites are not going to show the full speed due to servers, vpn use etc so try downloading 3 Ubuntu iso torrent files with your torrent app or que up several free public torrents from here:

http://bt.etree.org/

This should max out your speed within minutes, I found these type of test much more reliable then speed test sites.

you can also try a file speed test here with large file button:
https://www.thinkbroadband.com/download

Really there is no reason why your 2ghz AES cpu can't max out your Virgin Media BB connection I hit over 200meg+ easily with my pfsense with 2.4ghz aes cpu, usually I found it was settings on the openvpn config page or the UK server I was using holding me back. Also to note Virgin media has been having major network issues across the UK this week its still down for many, and during lock down peroid the speeds have been up and down, I live in a high utilization area so can get capped by 50% at random times and usually after 6pm-10pm will auto get 50% capped (not sure if its same for yourself) so best to do heavy downloads in morning or early hours ie after 11.59pm midnight or 1am morning.
 

Share this post


Link to post
42 minutes ago, Lee47 said:

Worth trying to adjust send/receive buffers on the openvpn config page like mentioned above, I had to put mine to 512k and even try 1 or 2 MiB with my VM connection and it was fine hitting full download speeds.

Worth also trying the settings found on the original
pfsense guide from pfsensefan (https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
:

Encryption Algorithm = [ AES-256-CBC (256 bit) ▼]

Auth Digest Algorithm = [ SHA1 (160 bit) ▼]


Also delete the advanced configuration>custom options box at bottom of openvpn config page and try it without anything in the box and then save and then try it again with the custom settings, see if that makes any difference.

Also try different UK airvpn servers, some perform better than others so try all of them Manchester, London, generally it's the ones closest to you which are best but not always I found.

Sometimes speed test sites are not going to show the full speed due to servers, vpn use etc so try downloading 3 Ubuntu iso torrent files with your torrent app or que up several free public torrents from here:

http://bt.etree.org/

This should max out your speed within minutes, I found these type of test much more reliable then speed test sites.

you can also try a file speed test here with large file button:
https://www.thinkbroadband.com/download

Really there is no reason why your 2ghz AES cpu can't max out your Virgin Media BB connection I hit over 200meg+ easily with my pfsense with 2.4ghz aes cpu, usually I found it was settings on the openvpn config page or the UK server I was using holding me back. Also to note Virgin media has been having major network issues across the UK this week its still down for many, and during lock down peroid the speeds have been up and down, I live in a high utilization area so can get capped by 50% at random times and usually after 6pm-10pm will auto get 50% capped (not sure if its same for yourself) so best to do heavy downloads in morning or early hours ie after 11.59pm midnight or 1am morning.
 


those are old settings.  AES-256-GCM is faster. and SHA512 is for tls-crypt configs.

 

Share this post


Link to post

My buffer is set to 512kb... its weird because shortly after I posted that message I did get 120meg speeds... via Chow... it is, however, inconsistent, and I can't tell if its Virgin or AirVPN or both... Because the speeds can deviate over the course of a minute or two, its hard to check [I jump between Wifi networks, one is a clearnet]

Is it worth me sticking with a single Air server? Currently I use the UK address which I believe dynamically assigns the server.

I'll try increasing the buffer size when I return home... I've always had problems with Virgin at this address, the speeds fluctuate massively....

Thank you for your advice folks... much appreciated

Nick

Share this post


Link to post
2 hours ago, d0gb0y23 said:

My buffer is set to 512kb... its weird because shortly after I posted that message I did get 120meg speeds... via Chow... it is, however, inconsistent, and I can't tell if its Virgin or AirVPN or both... Because the speeds can deviate over the course of a minute or two, its hard to check [I jump between Wifi networks, one is a clearnet]

Is it worth me sticking with a single Air server? Currently I use the UK address which I believe dynamically assigns the server.

I'll try increasing the buffer size when I return home... I've always had problems with Virgin at this address, the speeds fluctuate massively....

Thank you for your advice folks... much appreciated

Nick


If you're connected to a server with plenty of bandwidth left and you get intermittent good speed then any speed fluctuation is your ISP.  I see it too and it's all down to my ISP changing routes or something along the way being congested. 

Share this post


Link to post

With Virgin, I found that UDP performed terribly on the speedtests, but TCP was much better...  it takes seconds to change it and try.....

Share this post


Link to post

I switched back to default for the buffer size. I've got 2 laptops side by side one on clearnet the other on airvpn, the airvpn is d/l from thinkbroadband.com at 1MB/sec, the clearnet laptop at 6MB/sec. 15MB/sec.. so it's not virgin... I am baffled... like I said totally incconsistent.

I thought VM weren't supposed to shape traffic anymore? Unless AirVPN is the problem...

So confused...

Share this post


Link to post

AirVPN server is nowhere near capacity...

EDIT: I have just run Eddie on the clearnet laptop and it's only getting 1MB/sec... does this suggest its an AirVPN issue?

TIA

Share this post


Link to post

ASUS-RT-AC86U

On 5/8/2020 at 3:05 PM, d0gb0y23 said:

 [I jump between Wifi networks, one is a clearnet]

 


Wi-Fi ? Wi-Fi won't be the best way to test bb speeds or problems I would advise direct Ethernet connection from hub 3 to laptop then air client and pfsense direct Ethernet to laptop Ethernet port also on the other laptop. Also try torrents they max out your connection (ubuntu) and give much more accurate speed test since speed test sites can be hit-and-miss.

VM claims no such throttling, but they do manage overall usage to be fair during peak times usually evenings (8ish) but this also depends on area and line speed.

also, your 1MB/sec are you by chance running torrents around the same time you got those results or on that day ?

Your getting full speeds without airvpn so it feels like it's not your bb or line at fault. Perhaps something else wrong with your pfsense configuration, I always found the original pfsense fan guide to work well when I used pfsense few months ago, guides found here :
 

Maybe worth a shot, you can use nguvu updated openvpn settings on his guide and try rest of pfsense fans guide, alternatively
if you want to try a much quicker pfsense setup other vpn providers like mullvad have their pfsense guide (google it) takes like 10 minutes to do and again use nguvu openvpn settings instead since there for air and updated pfsense build.

Sadly it's a lot of fault-finding to find the culprit, alternatively as the worst case scenario maybe try a Router like the
ASUS-RT-AC86U with Merlin firmware(maybe get from Amazon so you can return it), takes 10-15 mins to set up airvpn and it supports AES, you can easily hit 200meg with Virgin Media, this is what I did in the end since it was just quicker and easier and less headache than pfsense.


 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...