Jump to content


Photo

ISP Throttling VPN?

ISP throttling speed

  • Please log in to reply
40 replies to this topic

Poll: Does your ISP Throttle VPN (78 member(s) have cast votes)

Do you experience slowdowns using AirVPN

  1. No, only minor slowdown consistent with encryption overhead (32 votes [39.51%])

    Percentage of vote: 39.51%

  2. Somewhat, but speeds are still good and I am not concerned (12 votes [14.81%])

    Percentage of vote: 14.81%

  3. Yes, but it coould be a problem with my configuration (14 votes [17.28%])

    Percentage of vote: 17.28%

  4. Absolutely, I've tried everything and it must be throttling (23 votes [28.40%])

    Percentage of vote: 28.40%

Vote Guests cannot vote

#1 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 01:13 PM

I believe my ISP is throttling OpenVPN.  I have been a very satisfied AirVPN customer and until recently got good speeds.  In the last month, since switching to Fibre, I have noticed that OpenVPN connections appear to be limited to 1 Mbps.

 

I have tried changing ports (53/UPD, 80/TCP, 443/UPD, 443/tcp) to no effect.  I normally run OpenVPN on my router, so to isolate the issue, tried my other router that gives me full 15 Meg unencrypted while running the AirVPN windows client.

 

In every case, the best I get is 1 Meg down and 10% of that up while encrypted.

 

The change seems to coincide with my ISP "resolving" evening congestion problems in my area.

 

The evidence seems strong that this is a throttling issue and not a configuration problem.

 

Is there a solution or am I condemned to take the slow lane?

 



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 30 April 2013 - 02:27 PM

Hello!

 

Before assuming that your ISP throttles OpenVPN please try a connection from your computer (disable OpenVPN on the router) to make a comparison test. What is your router model and which firmware runs on it? Can you post connection logs after a few minutes the router is connected? If the bandwidth remains consistent to 1 Mbit/s on all ports, this is a strong hint pointing to throttling. In this case you can obtain better performance with OpenVPN over SSH (assuming that your ISP does not throttle SSH as well).

 

Kind regards



#3 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 02:35 PM

Thanks.  I have tried a connection using the Windows client with my front-end router (which does not have OpenVPN)  and get the same result.  I am running DD-WRT on a cisco commodity router that is connected from it's WAN port to the LAN on my front end router.  Thing is, this setup was working fine, and then not.  I am not sure how to run over SSH.  Is there a clue-page?



#4 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 03:38 PM

As requested:

 


State Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.7.4.74 Remote Address:

Status

Log Serverlog Clientlog 20130430 11:25:15 D TCPv4_CLIENT READ [22] from 108.59.8.147:80: P_ACK_V1 kid=0 [ 36 ]
20130430 11:25:15 D TCPv4_CLIENT READ [114] from 108.59.8.147:80: P_CONTROL_V1 kid=0 [ ] pid=45 DATA len=100
20130430 11:25:15 NOTE: --mute triggered...
20130430 11:25:15 2 variation(s) on previous 3 message(s) suppressed by --mute
20130430 11:25:15 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 10.7.0.1 comp-lzo no route 10.7.0.1 topology net30 ping 10 ping-restart 60 ifconfig 10.7.4.74 10.7.4.73'
20130430 11:25:15 OPTIONS IMPORT: timers and/or timeouts modified
20130430 11:25:15 OPTIONS IMPORT: LZO parms modified
20130430 11:25:15 NOTE: --mute triggered...
20130430 11:25:15 3 variation(s) on previous 3 message(s) suppressed by --mute
20130430 11:25:15 I TUN/TAP device tun1 opened
20130430 11:25:15 TUN/TAP TX queue length set to 100
20130430 11:25:15 I /sbin/ifconfig tun1 10.7.4.74 pointopoint 10.7.4.73 mtu 1500
20130430 11:25:15 /sbin/route add -net 108.59.8.147 netmask 255.255.255.255 gw 192.168.5.1
20130430 11:25:15 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.7.4.73
20130430 11:25:15 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.7.4.73
20130430 11:25:15 /sbin/route add -net 10.7.0.1 netmask 255.255.255.255 gw 10.7.4.73
20130430 11:25:15 I Initialization Sequence Completed
20130430 11:25:15 D TCPv4_CLIENT WRITE [22] to 108.59.8.147:80: P_ACK_V1 kid=0 [ 45 ]
20130430 11:25:15 D TCPv4_CLIENT WRITE [26] to 108.59.8.147:80: P_ACK_V1 kid=0 [ 46 47 ]
20130430 11:25:25 D TCPv4_CLIENT WRITE [69] to 108.59.8.147:80: P_DATA_V1 kid=0 DATA len=68
20130430 11:25:25 NOTE: --mute triggered...
20130430 11:26:29 59 variation(s) on previous 3 message(s) suppressed by --mute
20130430 11:26:29 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:26:29 D MANAGEMENT: CMD 'state'
20130430 11:26:29 MANAGEMENT: Client disconnected
20130430 11:26:29 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:26:29 D MANAGEMENT: CMD 'state'
20130430 11:26:29 MANAGEMENT: Client disconnected
20130430 11:26:29 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:26:29 D MANAGEMENT: CMD 'state'
20130430 11:26:29 MANAGEMENT: Client disconnected
20130430 11:26:29 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:26:29 D MANAGEMENT: CMD 'log 500'
20130430 11:26:29 MANAGEMENT: Client disconnected
20130430 11:26:30 D TCPv4_CLIENT READ [69] from 108.59.8.147:80: P_DATA_V1 kid=0 DATA len=68
20130430 11:26:39 D TCPv4_CLIENT WRITE [69] to 108.59.8.147:80: P_DATA_V1 kid=0 DATA len=68
20130430 11:26:40 D TCPv4_CLIENT READ [69] from 108.59.8.147:80: P_DATA_V1 kid=0 DATA len=68
20130430 11:26:49 NOTE: --mute triggered...
20130430 11:28:47 54 variation(s) on previous 3 message(s) suppressed by --mute
20130430 11:28:47 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:28:47 D MANAGEMENT: CMD 'state'
20130430 11:28:47 MANAGEMENT: Client disconnected
20130430 11:28:47 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:28:47 D MANAGEMENT: CMD 'state'
20130430 11:28:47 MANAGEMENT: Client disconnected
20130430 11:28:47 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:28:47 D MANAGEMENT: CMD 'state'
20130430 11:28:47 MANAGEMENT: Client disconnected
20130430 11:28:47 MANAGEMENT: Client connected from 127.0.0.1:5001
20130430 11:28:47 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00


Firmware: DD-WRT v24-sp2 (04/07/12) vpn-small
Time: 11:35:23 up 11:53, load average: 0.00, 0.01, 0.00
WAN IP: 192.168.5.50
 



#5 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 30 April 2013 - 04:02 PM

Hello!

 

Thanks. Now, what happens with a connection from your computer (not from the router) to the same server, but toward port 53 UDP?

 

Kind regards



#6 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 04:06 PM

Same result speedwise.



#7 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 04:30 PM

Hello!

 

Thanks. Now, what happens with a connection from your computer (not from the router) to the same server, but toward port 53 UDP?

 

Kind regards

Actually, I get a "failed to start" message from the client on UDP/53.  UPD/443 starts, but is 1Mps slow.



#8 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 05:06 PM

ok -- here (attached) is the log from UDP/53 using windows client (no vpn on router).  By the way, it would be better if we could cut and past logs so screenshots would not be required.

 

Regards and Thanks.

Attached Thumbnails

  • UDP_53.jpg


#9 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 30 April 2013 - 05:08 PM

Actually got slightly more speed 1.7 Mbps using UDP 53 and the client.... FWIW.



#10 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 01 May 2013 - 12:00 AM

ok -- here (attached) is the log from UDP/53 using windows client (no vpn on router).  By the way, it would be better if we could cut and past logs so screenshots would not be required.

 

Regards and Thanks.

 

Hello!

 

In order to do so just click on "Copy to clipboard" and paste where appropriate.

 

The logs do not show any problem.

 

You might like to try OpenVPN over SSH to make a performance comparison which would tell whether your ISP throttles OpenVPN more or less than SSH.

 

Kind regards



#11 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 02 May 2013 - 12:48 PM

Thanks again.  Getting my DDWRT setup to run the OpenVPN over SSH is proving to be a challenge for me.  I will keep hacking at it.



#12 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 02 May 2013 - 03:51 PM

the current ssh script distributed by airvpn is intended to be interactive.  Is there a way to amend the script so that rather than relying on user input for confirmaiton of a connection, it can test directly from the system if the tunnel is up?



#13 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 06 May 2013 - 11:24 PM

Back from a weekend away, and not giving up on AirVPN yet.  I have read various reports around the internet that my ISP (Bell Canada) throttles agressively though they were supposed to have stopped  after being ordered by the Candian Radio and Television Commission not to.

 

What I have read is that they use deep packet inspection and if this is defeated by encryption they assume it is a torrent stream and throttle it unless it is on a standard VPN port.

 

Not sure this makes sense, but it is congruent with my experience.  Why doesn't AirVPN offer connections on standard VPN ports?  I'd love to test that out to see if I can stop this violent choking sensation.

 

As for VPN over SSH, I was able to get a SSH connection with a little bit of jiggery pokery, but never able to get OpenVPN to connect over it.  Has this been fully tested on Linux?



#14 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 06 May 2013 - 11:37 PM

Back from a weekend away, and not giving up on AirVPN yet.  I have read various reports around the internet that my ISP (Bell Canada) throttles agressively though they were supposed to have stopped  after being ordered by the Candian Radio and Television Commission not to.

 

What I have read is that they use deep packet inspection and if this is defeated by encryption they assume it is a torrent stream and throttle it unless it is on a standard VPN port.

 

Not sure this makes sense, but it is congruent with my experience.  Why doesn't AirVPN offer connections on standard VPN ports?  I'd love to test that out to see if I can stop this violent choking sensation.

 

As for VPN over SSH, I was able to get a SSH connection with a little bit of jiggery pokery, but never able to get OpenVPN to connect over it.  Has this been fully tested on Linux?

 

Hello!

 

Three years ago an Air co-founder discarded the idea to make the OpenVPN servers listen to IANA-assigned port 1194 and convinced everybody else, because it was (is) one of the first ports that VPN-hostile ISPs block or shape.  After three years, was it a wise decision or not, in your opinion? We're looking forward to any feedback about it.

 

OpenVPN over SSH has been successfully tested on various distributions, with and without any desktop manager, which problems do you experience? Logs may help.

 

Kind regards



#15 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 07 May 2013 - 12:00 AM


===============

 


07/05/2010  12:37 AM             5,372 aaw7boot.log
05/06/2013  07:42 PM               468 AirVPN_US-Sirius_SSH-22.bat
05/06/2013  07:42 PM             8,992 AirVPN_US-Sirius_SSH-22.ovpn
05/06/2013  07:42 PM             8,947 AirVPN_US-Sirius_TCP-443.ovpn
07/05/2010  12:34 AM    <DIR>          ATI
08/02/2009  06:59 PM        73,685,286 ATI.zip
08/16/2009  05:47 PM                 0 AUTOEXEC.BAT
               6 File(s)     73,709,065 bytes
               1 Dir(s)  45,611,954,176 bytes free
 

Here is the first command:


C:\>plink.exe -i sshtunnel.ppk -L 1412:127.0.0.1:2018 sshtunnel@108.59.8.147 -P
22 -N -T
Using username "sshtunnel".
 

Here is the second:

 

 

C:\>openvpn AirVPN_US-Sirius_SSH-22.ovpn
Mon May 06 19:49:20 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [P
KCS11] [eurephia] [IPv6] built on Jan  8 2013
Mon May 06 19:49:20 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon May 06 19:49:20 2013 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon May 06 19:49:20 2013 Attempting to establish TCP connection with [AF_INET]12
7.0.0.1:1412
Mon May 06 19:49:20 2013 TCP connection established with [AF_INET]127.0.0.1:1412

Mon May 06 19:49:20 2013 TCPv4_CLIENT link local: [undef]
Mon May 06 19:49:20 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1412
Mon May 06 19:49:20 2013 TLS: Initial packet from [AF_INET]127.0.0.1:1412, sid=7
14542b7 18cc6e37
Mon May 06 19:49:21 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or
g, CN=airvpn.org CA, emailAddress=info@airvpn.org
Mon May 06 19:49:21 2013 VERIFY OK: nsCertType=SERVER
Mon May 06 19:49:21 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or
g, CN=server, emailAddress=info@airvpn.org
Mon May 06 19:49:22 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized
with 256 bit key
Mon May 06 19:49:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Mon May 06 19:49:22 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized
with 256 bit key
Mon May 06 19:49:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Mon May 06 19:49:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 2048 bit RSA
Mon May 06 19:49:22 2013 [server] Peer Connection Initiated with [AF_INET]127.0.
0.1:1412
Mon May 06 19:49:25 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon May 06 19:49:25 2013 AUTH: Received control message: AUTH_FAILED
Mon May 06 19:49:25 2013 SIGTERM[soft,auth-failure] received, process exiting

C:\>openvpn AirVPN_US-Sirius_SSH-22.ovpn
Mon May 06 19:55:54 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [P
KCS11] [eurephia] [IPv6] built on Jan  8 2013
Mon May 06 19:55:54 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon May 06 19:55:54 2013 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon May 06 19:55:54 2013 Attempting to establish TCP connection with [AF_INET]12
7.0.0.1:1412
Mon May 06 19:55:54 2013 TCP connection established with [AF_INET]127.0.0.1:1412

Mon May 06 19:55:54 2013 TCPv4_CLIENT link local: [undef]
Mon May 06 19:55:54 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1412
Mon May 06 19:55:54 2013 TLS: Initial packet from [AF_INET]127.0.0.1:1412, sid=e
5907f77 b1e0a78a
Mon May 06 19:55:54 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or
g, CN=airvpn.org CA, emailAddress=info@airvpn.org
Mon May 06 19:55:54 2013 VERIFY OK: nsCertType=SERVER
Mon May 06 19:55:54 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or
g, CN=server, emailAddress=info@airvpn.org
Mon May 06 19:55:56 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized
with 256 bit key
Mon May 06 19:55:56 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Mon May 06 19:55:56 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized
with 256 bit key
Mon May 06 19:55:56 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Mon May 06 19:55:56 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 2048 bit RSA
Mon May 06 19:55:56 2013 [server] Peer Connection Initiated with [AF_INET]127.0.
0.1:1412
Mon May 06 19:55:58 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon May 06 19:55:59 2013 AUTH: Received control message: AUTH_FAILED
Mon May 06 19:55:59 2013 SIGTERM[soft,auth-failure] received, process exiting

C:\>



#16 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 07 May 2013 - 02:13 AM

@airvpnclient

 

Hello!

 

As you can see from the logs it works just fine.

 

You get an AUTH_FAILED just because "airvpnclient" account is already connected to some of our servers (since hours before your message) and happily exchanging data. You can check your account status and the reason of the last failed connection attempt in your "Client Area" (login and click on "Client Area" in the upper menu).

 

Kind regards



#17 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 07 May 2013 - 02:35 AM

Oops -- that's embarassing -- forgot to turn off my tunnelling router.

 

So, got it all up and running and .....

 

... No Joy ... :-(

 

what I get is a spikey connection at between 1 and 2 Mbps.  As soon as I disconnect from AIRVPN, my speeds go back to 15.

 

Bell Canada is very tricksy.



#18 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 07 May 2013 - 02:44 AM

FYI -- TCP on 443 seems a little faster -- guess the shaping heuristics are more lenient on TCP.



#19 airvpnclient

airvpnclient

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 07 May 2013 - 01:30 PM

It is beginning to look a bit hopeless for us Bell Fibre users.  I have tried the SSH workaround and Ma Bell still seems to be able to throttle.  The only thing that I have heard suggested is that Bell may not throttle on standard VPN ports, but AirVPN is not available on these ports.  Any other suggestions?



#20 w4r3z

w4r3z

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 21 May 2013 - 08:04 PM

Same thing here with Bell and their Fiber service







Similar Topics Collapse


Also tagged with one or more of these keywords: ISP, throttling, speed

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Servers online. Online Sessions: 14791 - BW: 46258 Mbit/sYour IP: 52.91.176.251Guest Access.