Jump to content
Not connected, Your IP: 3.135.214.226
AirVPN
hardknox

Better speed on Bluetit?

By hardknox, ... in Troubleshooting and Problems

Recommended Posts

hardknox    0

hardknox
Posted ... (edited)

I have a little HP T620 thinclient that I'm using to connect to AirVPN via Linux CLI and it's not getting great speed. I'm getting a max of ~140 mbps on average. I was wondering if anyone had any suggestions on how to improve speeds on this machine? I suspect the CPU may be limiting speeds, though it does support AES-NI, which is why I thought it would work well. 

Thanks

bluetit.rc: 

# bootserver                            <ip|url>
# rsaexponent                           <value>
# rsamodulus                            <value>
airconnectatboot                       server
networklockpersist                     on
airusername                            XXXXXXXXXX
airpassword                            XXXXXXXXXX
# airkey                                        <airvpn_user_key>
airserver                              XXXXX
# aircountry                            <airvpn_country_name>
airproto                                       udp
airport                                        443
aircipher                                      AES-128-GCM
airipv6                                        off
air6to4                                        off
# manifestupdateinterval        <minutes>
# airwhiteserverlist            <server list>
# airblackserverlist            <server list>
# airwhitecountrylist           <server list>
# airblackcountrylist           <server list>
# country                                       <ISO code>
# remote                                        <ip|url list>
# proto                                         <udp|tcp>
# port                                          <port>
tunpersist                             yes
# cipher                                AES-128-CBC
# maxconnretries                        <number>
# tcpqueuelimit                         <value>
ncpdisable                             yes
networklock                            on
# ignorednspush                         <yes|no>
# timeout                                       <seconds>
compress                                       no
# tlsversionmin                         <disabled|default|tls_1_x>
# proxyhost                                     <ip|url>
# proxyport                                     <port>
# proxyusername                         <username>
# proxypassword                         <password>
# proxybasic                            <yes|no>


  Edited ... by hardknox

Share this post

Link to post

OpenSourcerer    1441

OpenSourcerer
Posted ...

Be advised, the current settings may not honor the cipher you enter, as aircipher is only used with the automatic boot option. If you want to set the cipher for all manual connections, use cipher instead.
So, try setting cipher to CHACHA20-POLY1305. If no luck, comment out cipher, aircipher, airproto and ncpdisable, then try setting proto to tcp.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

Staff    10014

Staff
Posted ...
@hardknox

Hello!

Whereas you have set connectatboot server in bluetit.rc, when started Bluetit will propound the aircipher specified AES-128-GCM cipher, which is supported by all of our servers, for the OpenVPN Data Channel.

If you want to try CHACHA20-POLY1305 just change aircipher into CHACHA20-POLY1305 and re-start Bluetit, or use Goldcrest with the proper options to disconnect and start a new connection.

However, if your system does support AES New Instructions, you may lose performance with CHACHA20. Not all systems take advantage of AES-NI, even when they are implemented in the CPU, thus a test with CHACHA20 is worth its time.

Furthermore, please make sure to test different servers in various locations, in order to maximize likelihood of good peering between our and your transit providers. If performance remains low, test TCP, according to @OpenSourcerer suggestion, just in case your ISP enforces some cap on UDP. Just change airproto into tcp and restart Bluetit.

Kind regards
 

Share this post

Link to post

hardknox    0

hardknox
Posted ... (edited)
On 8/9/2021 at 4:20 AM, OpenSourcerer said:

Be advised, the current settings may not honor the cipher you enter, as aircipher is only used with the automatic boot option. If you want to set the cipher for all manual connections, use cipher instead.
So, try setting cipher to CHACHA20-POLY1305. If no luck, comment out cipher, aircipher, airproto and ncpdisable, then try setting proto to tcp.


When I try to set cipher to CHACHA20-POLY1305 I get this error:
  
Aug 10 18:47:56 T620 bluetit[13634]: ERROR: cipher algorithm 'AES-256-GCM' is not allowed by Bluetit policy.

Here's my current bluetit.rc: 
# airkey                                        <airvpn_user_key>
 airserver                                      Cursa
# aircountry                                    <airvpn_country_name>
 airproto                                       udp
 airport                                        443
# aircipher                                     AES-128-GCM
 airipv6                                        off
 air6to4                                        off
# manifestupdateinterval                        <minutes>
# airwhiteserverlist                            <server list>
# airblackserverlist                            <server list>
# airwhitecountrylist                           <server list>
# airblackcountrylist                           <server list>
# country                                       <ISO code>
# remote                                        <ip|url list>
 proto                                          udp
# port                                          <port>
 tunpersist                                     yes
 cipher                                         CHACHA20-POLY1305
# maxconnretries                                <number>
# tcpqueuelimit                                 <value>
 ncpdisable                                     yes
 networklock                                    on
# ignorednspush                                 <yes|no>
# timeout                                       <seconds>
 compress                                       no
# tlsversionmin                                 <disabled|default|tls_1_x>
# proxyhost                                     <ip|url>
# proxyport                                     <port>
# proxyusername                                 <username>
# proxypassword                                 <password>
# proxybasic                                    <yes|no>

Edit: I fiddled with all the settings without much luck and switched servers where I saw a very small increase (~180 mbit). So I fired up Eddie on my laptop to test what speeds I got through it: ~700 mbit. Seems to me the problem is the T620's CPU, so I'll be looking to upgrade that. 
  Edited ... by hardknox

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...