Jump to content
Not connected, Your IP: 34.237.124.210
Agrock

Extreme slowdown when downloading torrents through VPN

Recommended Posts

Hello,

I'm on a >100 Mbps residential connection, and I normally get very decent download speeds with AirVPN (e.g. over HTTP). However, specifically when using torrents, with default Eddie settings, download speed barely reaches 10 Mbps, and the whole connection slows to a crawl. Changing ports on UDP doesn't make a difference, however using an SSL tunnel dramatically increases the speed (to around 100 Mbps), while using TCP is even better (at around 150 Mbps), although the speed often dips quite a bit which I think is to be expected with TCP over TCP. Additionally, using Wireguard to connect to my remote gateway that then routes the traffic through AirVPN also achieves around 150 Mbps. The behaviour is consistent with both Hummingbird and OpenVPN 2.5, though Hummingbird generally gives slightly higher speeds.

Does this behaviour make any sense? I can't blame OpenVPN itself which was admittedly my first instinct since my remote gateway has far lower specs than my local machine, and can tunnel the traffic out with no issues. My ISP has been repeatedly named and shamed for traffic shaping so it's fair to assume they're still doing that, but if that was the cause shouldn't it happen with any VPN traffic, rather than torrents specifically (or, at least, not with HTTP(S))? (Torrents outside the VPN work just fine.) Why would the SSL tunnel help - I thought it had been superseded by tls-crypt? And why would the issue only appear with OpenVPN/UDP, when Wireguard is unaffected?

Thanks in advance for any help.

Share this post


Link to post
@Agrock

Hello!

We can see two possible explanations, which need a verification.

1) It could be some form of traffic shaping enforced by your ISP (or your router, but it would be so refined that we doubt that your router enforces it without your knowledge).

It can't be against UDP tout court, because Wireguard works in UDP. It might be a fuzzy logic based shaping against BitTorrent: when it detects a specific pattern in UDP to specific ports, for example 443   Even if you use a VPN, torrent traffic pattern may be recognized, although with a low degree of reliability. Traffic shaping based on encrypted traffic patterns was widespread about 15-18 years ago, then it was dropped because it was unreliable and caused a plethora of negative side effects unexpected by the ISPs themselves.

Traffic shaping is not triggered:
  • when you use Wireguard in UDP, maybe because you connect Wireguard to some other port (which one?)
  • when you use OpenVPN in TCP + tls-crypt, maybe because traffic shaping is not triggered anyway when UDP does not enter into play

Counter-check to validate or falsify the assumptions may be based on using Wireguard in UDP to port 443, or connecting OpenVPN in UDP + tls-crypt to the same port Wireguard connects to (if possible) and then running torrent software.

2) Another potential explanation is that you have Windows, and you use the TAP driver with OpenVPN. Windows OpenVPN TAP driver is infamous to cause various bandwidth bottleneck problems in Windows, even (but not limited to) with torrents and/or UDP. If that was the case, you can now use wintun even with OpenVPN (2.5 or higher version required).

Kind regards

 

Share this post


Link to post

Thank you for looking into this.

1) My router is the ISP-provided one, I doubt it's "smart" enough to perform that kind of shaping but it's out of my control in any case (hoping to replace it once I have some spare cash but that's beside the point for now).

My Wireguard uses port 28503, so it doesn't look like upper port ranges are affected wholesale. However, OpenVPN on AirVPN's port 41185 is affected, so either they're targeting it specifically or something else is at play.

I don't think I can use port 28503 with AirVPN so I'll have to reconfigure my Wireguard gateway to use port 443 to test this. I'll do this when I have a bit more time, hopefully over the weekend, and report back.

Just to confirm, tls-crypt is enabled by default in Eddie and I don't have to do anything for it, right? I couldn't find a relevant setting.

2) I should have made that clear, sorry - this has been observed with Linux and macOS, with the more extensive testing done on Linux, so Windows is not the (main) issue.

Thanks again!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...