Jump to content
Not connected, Your IP: 18.216.156.226

Recommended Posts

5 hours ago, Shiver Me Whiskers said:

@Staff Time to bring those 10gbit servers 😉
1.0gbit is not enough anymore... hehe !


Definitely! Coincidentally, in a completely different context, I've just had to check the connection speed from a DitigalOcean droplet in Frankfurt to a server in Barcelona (~700mi, ~1125km):

speedtestfrankfurt.png.088522fd6a2089c7e0a27f8b79118fab.png

I nearly fell off my chair. Of course this is without any kind of encryption, but you're not going to get anywhere near these kind of figures on 1.0Gbps servers!

Share this post


Link to post
6 hours ago, Staff said:
@Shiver Me Whiskers

Hello!

The previous record did not last long, apparently. :) If you don't mind, which connection protocol, cipher and port did you pick?

Kind regards
 
Hello, I'm a bit of a noob when it comes to these things ;)

I downloaded Eddie 2.19.5, installed it on Windows 10, connected, and started downloading...
It used "wintun", and I think connected via AES-256-GCM
. 2020.11.19 16:28:18 - Eddie version: 2.19.5 / windows_x64, System: Windows, Name: Windows 10 Enterprise, Version: Microsoft Windows NT 10.0.19042.0, Mono/.Net: v4.0.30319
. 2020.11.19 16:28:19 - Tun Driver - 0901: 9.24.3; wintun: 0.8
. 2020.11.19 16:28:19 - OpenVPN - Version: 2.5.0 - OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10 (C:\Program Files\AirVPN\openvpn.exe)
. 2020.11.19 16:28:19 - SSH - Version: plink 0.73
. 2020.11.19 16:28:19 -     Build platform: 64-bit x86 Windows
. 2020.11.19 16:28:19 -     Compiler: clang 7.0.0 (tags/RELEASE_700/final), emulating Visual Studio 2013 (12.0), _MSC_VER=1800
. 2020.11.19 16:28:19 -     Source commit: 745ed3ad3beaf52fc623827e770b3a068b238dd5 (C:\Program Files\AirVPN\plink.exe)
. 2020.11.19 16:28:19 - SSL - Version: stunnel 5.56 (C:\Program Files\AirVPN\stunnel.exe)
I 2020.11.19 16:28:20 - Ready
. 2020.11.19 16:28:20 - Collect information about AirVPN completed
I 2020.11.19 16:28:22 - Session starting.
I 2020.11.19 16:28:22 - Checking authorization ...
! 2020.11.19 16:28:22 - Connecting to Tarazed (Netherlands, Alblasserdam)
. 2020.11.19 16:28:23 - OpenVPN > OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
. 2020.11.19 16:28:23 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit
. 2020.11.19 16:28:23 - OpenVPN > library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
. 2020.11.19 16:28:23 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2020.11.19 16:28:23 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2020.11.19 16:28:23 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2020.11.19 16:28:23 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2020.11.19 16:28:23 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.135:443
. 2020.11.19 16:28:23 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2020.11.19 16:28:23 - OpenVPN > UDP link local: (not bound)
. 2020.11.19 16:28:23 - OpenVPN > UDP link remote: [AF_INET]213.152.161.135:443
. 2020.11.19 16:28:23 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.161.135:443, sid=f7f5cc8d 3b14c77f
. 2020.11.19 16:28:23 - OpenVPN > VERIFY KU OK
. 2020.11.19 16:28:23 - OpenVPN > Validating certificate extended key usage
. 2020.11.19 16:28:23 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2020.11.19 16:28:23 - OpenVPN > VERIFY EKU OK
. 2020.11.19 16:28:23 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Tarazed, emailAddress=info@airvpn.org
. 2020.11.19 16:28:23 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
. 2020.11.19 16:28:23 - OpenVPN > [Tarazed] Peer Connection Initiated with [AF_INET]213.152.161.135:443
...
. 2020.11.19 16:28:23 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'
. 2020.11.19 16:28:23 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2020.11.19 16:28:23 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
...
. 2020.11.19 16:28:23 - OpenVPN > open_tun
. 2020.11.19 16:28:23 - OpenVPN > wintun device [WinTUN] opened
...
! 2020.11.19 16:28:31 - Connected.
. 2020.11.19 16:28:31 - OpenVPN > Initialization Sequence Completed

(removed some unimportant stuff especially at the end to keep the log to keep it short, I have over 10 NIC devices due to use of VMs, makes the log huge)

ISP is KPN (Netherlands), fiber, so I am pretty close to your VPN servers, 1 gbit plan ( 1000/500 )

Computer config: AMD Ryzen 7 3700X, DDR4-3733 CL16, 2.5 gbits LAN all the way to the KPN Router (that came with the plan, didn't use any fancy expensive router)
I think the AMD CPU has very good AES acceleration, because during those transfer I barely noticed any CPU utilization at all... like 20% on one single core ?
 

Share this post


Link to post
28 minutes ago, Shiver Me Whiskers said:

Computer config: AMD Ryzen 7 3700X, DDR4-3733 CL16, 2.5 gbits LAN all the way to the KPN Router (that came with the plan, didn't use any fancy expensive router)
I think the AMD CPU has very good AES acceleration, because during those transfer I barely noticed any CPU utilization at all... like 20% on one single core ?


Hello!

Yes, of course, it's plausible. OpenVPN runs in a single core so you will see load on one core only AES New Instructions are nowadays well implemented in all desktop CPUs and SSL libraries such as OpenSSL are built to fully use them whenever possible.
Quote


I think it's safe to say that this is the fastest commercial VPN in the world right now 😉


We hope so! 😎

On the server side we mitigate OpenVPN multi-threading lack by running multiple daemons. Each daemon "runs in a core" and our servers balance with a round robin algorithm the incoming client connections. Therefore a server can use all the cores.. Although each client connects to a single daemon (except in special configurations such as https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ ), of course, load balancing provides remarkable "distributed benefits" anyway.

Kind regards

Share this post


Link to post

I think I am the new record holder 😀 730Mbps on Sharatan server! Connecting to VPN server on Ubuntu 20.04 with UDP 443 and cipher AES-256-GCM (tested on a 1Gbps up and down fiber line) Surprises me that these speeds are possible on OpenVPN

Screenshot from 2020-11-28 12-42-49.png

Screenshot from 2020-11-28 12-43-07.png

Share this post


Link to post
@User of AirVPN

Congratulations! We confirm (and anyone connecting to the server monitor can do the same) that today we have had a 1.4 Gbit/s peak on Sharatan, so you were devouring most of the bandwidth. :D
 
Quote


Connecting to VPN server on Ubuntu 20.04 with UDP 443 and cipher AES-256-GCM (tested on a 1Gbps up and down fiber line) Surprises me that these speeds are possible on OpenVPN


Can you also state the CPU, if you don't mind?

Kind regards
 

Share this post


Link to post
9 hours ago, Staff said:
@User of AirVPN

Congratulations! We confirm (and anyone connecting to the server monitor can do the same) that today we have had a 1.4 Gbit/s peak on Sharatan, so you were devouring most of the bandwidth. :D
 
Can you also state the CPU, if you don't mind?

Kind regards
 
Sure, the CPU is an Intel i7-7700HQ

Share this post


Link to post

Wow. Those speeds are fantastic! Good job!

I've really been trying to get higher speeds but I haven't been able to get above 500mbps on Windows 10 with Wintun (best case scenario). I've got a 1gbit line.

Does anyone know any settings I could try to get above that? I'm currently using UDP on port 443 with AES-256-GCM cipher.

Thanks in advance.

Share this post


Link to post
@SomewhatSane

Hello!

Try to enlarge buffers to 1 MB or even 2 MB. Directives to set OpenVPN buffer size:
rcvbuf x
sndbuf y

where x and y are in bytes.

For example, for 1 MB buffers:
rcvbuf 1232896
sndbuf 1232896


It must also be said that, in order to beat 500 Mbit/s, you need some luck, i.e. you need finding a server that in some moment has a very low bandwidth requirement by other clients.

Also, if you have an AES-NI supporting system but a less powerful CPU, try AES-128-GCM.

Kind regards
 

Share this post


Link to post

How are you people getting that speed? I'm on a fiber KPN 500/500 and I can't get the speed higher than 130Mbps with Eddie on Windows 10 Pro.
I have changed the protocol and I have added the mssfix in the openvpn global thingy. If someone can help me, please :)

Share this post


Link to post

@AirVPN-User-1337

Please make sure that you are using the new Wintun driver that is present with OpenVPN 2.5. In Eddie, I think you can enable the use of it by selecting it in the Advanced section of the Settings window.

Share this post


Link to post

Hi,

I have latest Eddie 20.19.7 installed on two machines - exact same Eddie settings, both hardwired on a Fiber line 1000/1000:

(1) Win 10, i5 @ 2.67 GHz - max dl speed 20-25 MB/s
(2) Win 10, i7 @ 2.80 GHz - max dl speed 40-50 MB/s

note: all dl speeds are real downloads, not speedtest which can be very unreliable.

Is it safe to assume that the slower speed on the i5 machine is due to the slower CPU ?
Anything I can do to improve dl speed, like changing AES encryption ?

already increased buffer in the OpenVPN directives:

rcvbuf 1232896
sndbuf 1232896

Thanks.

Share this post


Link to post
@pfolk

Hello!

Do you already use wintun driver, especially on the i5 machine? If not, try it, as the TAP-Windows driver is infamous to cause bottlenecks on some (but not all) Windows systems. The performance on the i7 based machine is fine (400 Mbit/s), but the one on the i5 based machine (200 Mbit/s) seems a little low and you might have a cap caused by the TAP driver (if you haven't already switched to wintun). Which exact i5 processor do you have?

Buffer size is fine.

Make sure to use AES and not CHACHA20 as your systems should support AES-NI.

Kind regards
 

Share this post


Link to post
@Staff

re i5 CPU:
it's an i5 750 @ 2.67 GHz

re TAP driver:
this is what I have under Settings > Advanced > M$ Windows Only, I have these settings applied - lmk if incorrect please:
> use Wintun driver (OpenVPN >= 2.5): check
> force TAP interface UP: check (should I uncheck this ?)
> force usage of bundled plink.exe: check
> experimental: uncheck
> disable driver upgrade: uncheck
OpenVPN custom path: is empty

re AES:
where do I set or enable this ?

Thanks.

Share this post


Link to post
@pfolk

Hello!


Settings to use wintun driver are correct. A specific Data Channel cipher can be defined by directive "data-ciphers". Check your Eddie log to see which Data Channel cipher is used (if in doubt please open a ticket and send a log to the support team).

Eddie can accept custom directives in "Preferences" > "OVPN Directives" window. Some examples with ciphers supported by our servers (enter only ONE directive):
data-ciphers AES-256-GCM
data-ciphers AES-128-GCM
data-ciphers CHACHA20-POLY1305 (do not use in AES-NI supporting machines, i.e. desktop computers usually, because performance will be lower).

Kind regards

 

Share this post


Link to post
@Staff

logs say:
2021.01.23 15:29:43 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021.01.23 15:29:43 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

so I just switched to AES-128-GCM cipher, but max dl speed still 20-25 MB/s on the i5 machine.

Lmk please if there is anything else I can try.

Thanks.

Share this post


Link to post
@pfolk

Hello!

OK, you're good. We don't think you can try anything else but please feel free to open a ticket. The support team might think of something we currently miss, you never know.

Kind regards
 

Share this post


Link to post
Posted ... (edited)

For the people that are recording very fast speeds, did you have to change any configuration to get those speeds? I've got a server with a 10 Gb/s connection and an Intel Xeon E5-2680 v2 (which should support AES-NI), and am connecting to a nearby AirVPN server (~0.8ms ping), yet I haven't been able to reach over 150 Mb/s. Using OpenVPN 2.4 and UDP, with the default config AirVPN provides via the config generator.

Edit: Customizing these options in the OpenVPN config brought the speed up a bit:

ncp-disable
cipher AES-128-GCM
fragment 0
mssfix 0
txqueuelen 1000
fast-io
sndbuf 0
rcvbuf 0

I also tweaked my sysctls, bumping net.core.rmem_max and net.core.wmem_max a bit. Bumped them from 16M to 54M (56623104). Note that Linux's TCP buffers are very small by default, so this is likely something you want to customize on servers with fast connections.

I'm now getting around 250 Mb/s. When hitting that speed, tne CPU core is hitting 100% so I suspect I'm hitting the limit for how fast OpenVPN can go on this server. I can get faster speeds with less CPU usage with Wireguard between my own servers, so I'm wondering if there's more I can tweak, or if it's just limited by OpenVPN.

Edited ... by Daniel15
Follow-up details

Share this post


Link to post
12 minutes ago, pfolk said:

is 'wireguard' an experimental feature ?

Beta, yes.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...