Truenas + gluetun + airvpn slow speeds

[shiesty 0]

I am trying to setup a custom app via YAML on TrueNAS and I am running into an issue where everything connects but I either get "stalled" or extremely low speeds. Both apps get deployed and don't error out. Gluetun accepts the AirVPN port and gives me a IP address with showing the region.

I went through the forums here and it looks like I have it setup similarly to everyone else, but I am still running into this slowness. I will get something like 50kb download with it never uploading.

Any assistance would be helpful to get this to work.
 

services:
  gluetun:
    cap_add:
      - NET_ADMIN
    container_name: gluetun
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PUBLIC_KEY=$wgpublic
      - WIREGUARD_PRIVATE_KEY=$wgprivate
      - WIREGUARD_PRESHARED_KEY=$wgpresharedkey
      - WIREGUARD_ADDRESSES=10.x.x.x\32 # from ADDRESS in wg config file
      - WIREGUARD_MTU=1320 #from MTU in config file
      - FIREWALL_VPN_INPUT_PORTS=$airvpnport
    image: qmcgaw/gluetun:latest
    ports:
      - 8888:8888/tcp
      - 8388:8388/tcp
      - 8388:8388/udp
      - '8080:8080'
      - '6881:6881'
      - 6881:6881/udp
    restart: unless-stopped
    volumes:
      - /mnt/pool01/config/gluetun:/gluetun
  qbittorrent:
    container_name: qbittorrent
    environment:
      - PUID=568
      - PGID=568
      - TZ=America\New_York
      - WEBUI_PORT=8080
      - TORRENTING_PORT=$airvpnport
    image: lscr.io/linuxserver/qbittorrent:latest
    network_mode: service:gluetun
    restart: unless-stopped
    volumes:
      - /mnt/pool01/config/qbittorrent:/config
      - /mnt/pool01/data:/data

The Wireguard config file is:

[Interface]
Address = 10.x.x.x/32
PrivateKey = $wgprivate
MTU = 1320
DNS = 10.x.x.1

[Peer]
PublicKey = $wgpublic
PresharedKey = $wgpreshared
Endpoint = america3.vpn.airdns.org:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

[flat4 87]

Change your MTU to 1280 or something to that effect, search the forum you will see this discussed. 

[ByteBuccaneer 13]

21 hours ago, flat4 said:

Change your MTU to 1280 or something to that effect, search the forum you will see this discussed. 

Not arguing here, but I wonder why Eddie says an MTU of 1320 is "Recommended" and defaults to it then?

[Staff 10315]

31 minutes ago, ByteBuccaneer said:

Not arguing here, but I wonder why Eddie says an MTU of 1320 is "Recommended" and defaults to it then?

Hello!

The default setting has been picked to meet the needs of most networks (except specific PPPoE networks: they have 8 bytes encapsulation overhead so a WireGuard's interface MTU of 1280 bytes may become necessary) and minimizing the performance sacrifice you suffer with smaller transfer units. However the "recommended" label is not correct, noticed. It all depends on your network so it's incorrect to say that any specific value is recommended, we apologize for the inaccuracy. 

Kind regards
 

[atlantion 0]

This is my config for gluetun with transmission. I am using komodo for stack deployments.
Create a forwarding port rule witihn your router for VPN_PORT to point to your truenas ip and then test your torrent address detection on https://ipleak.net/
 

Quote

services:
  gluetun:
    container_name: transmission-vpn
    image: qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - TZ=Europe/Stockholm
      - UMASK=002
      - UMASK_SET=002
      - NVIDIA_VISIBLE_DEVICES=void
      - PUID=568
      - USER_ID=568
      - PGID=1010
      - GROUP_ID=1010
      - DNS_KEEP_NAMESERVER=off
      - DOT=on
      - DOT_PROVIDERS=cloudflare,google
      - VPN_SERVICE_PROVIDER=airvpn
      - UPDATER_VPN_SERVICE_PROVIDERS=airvpn # update VPN servers for a specific provider
      - VPN_TYPE=wireguard
      - FIREWALL=on
      - FIREWALL_INPUT_PORTS=9091
      - FIREWALL_OUTBOUND_SUBNETS=172.16.0.0/16,172.17.0.0/16,10.10.1.0/24
      - FIREWALL_VPN_INPUT_PORTS=VPN_PORT # replace with your forwarded port port 
      - HEALTH_TARGET_ADDRESS=cloudflare.com:443
      - SERVER_COUNTRIES=United States
#      - SERVER_NAMES=SERVER_NAME1,SERVER_NAME2.. # uncomment if you want to connect to a specific server, but then comment SERVER_COUNTRIES
      - WIREGUARD_ADDRESSES=WIREGUARD_ADDRESS # replace
      - WIREGUARD_PRESHARED_KEY=PRESHARED_KEY # replace
      - WIREGUARD_PRIVATE_KEY=PRIVATE_KEY # replace
#      - LOG_LEVEL=debug # uncomment for debug
    volumes:
      - /hostpath/gluetun:/gluetun
    ports:
      - 9091:9091 # WebUI Portal: Transmission
      - <VPN_PORT>:<VPN_PORT>/tcp  # replace, Transmission Torrent Port TCP
      - <VPN_PORT>:<VPN_PORT>/udp  # replace, Transmission Torrent Port UDP
    restart: unless-stopped

[Fenix_Inc 1]

There is no recommended MTU. It depends strongly on the MTU of the WAN.
Technically, the best case is your MTU - 80 = WireGuard MTU for the tunnel.
Everything is based on the config of HW/ISP/VLAN, etc.... If you have your machine/container in a VM it could give impact as well.
My example as an ideal setup:
I have OPNsense on bare metal.
Physical Interface on NIC MTU - 1504
WAN VLAN MTU - 1500 
Wireguard MTU - 1420 
It gives me maximum performance. 

I would recommend establishing a VPN connection on the edge/router device and routing VPN traffic to and from the container.
For example, before I used this setup for several years, the Asus Router ran a VPN connection to AirVPN - a transmission container in QNAP provided 500/500 Mbps on 1Gbps easy)