VPN Client Speed Issue
I have my Firewall Gold connected to my iVPN server and I have one device applied to use that client. Without going through the VPN, that device sees 500Mbps download speeds. When connected through the VPN, download speeds drop to ~25Mbps. Is this expected? I'm using the iVPN OpenVPN profile (https://www.ivpn.net/releases/config/ivpn-openvpn-config.zip).
-
What I mean is try another VPN client on the MacOS that's NOT provided by the VPN provider. And see if this is faster or not. Some of the VPN provider client may optimize to the location of the servers, and the one you configured may not be optimal. By using a different VPN client, you can lock down on the VPN server, and try the same on the Firewalla Gold as well. This helps to isolate the problem and see if it is the router, the VPN server, or the client.
-
I think I understand... The iVPN native OpenVPN client says that the Phoenix server is the fastest from my location - that gets ~150Mbps over that client. Using the same Phoenix server profile in setting up the Firewalla Gold, I'm only seeing ~25Mbps. So - same server, two clients, big difference in speed.
-
Further testing seems to confirm that running the OpenVPN client in the Firewalla Gold drastically reduces the throughput versus using a native macOS OpenVPN client - both connecting to the same VPN server. I have to assume that this is a bottleneck in the Firewalla Gold. Does Firewalla plan on enabling Wireguard support in the Gold? Thank you.
-
The VPN on the Gold is far more capable than 20mbits. To verify that you can simply go inside your Gold unit. https://help.firewalla.com/hc/en-us/articles/115004397274-How-to-access-Firewalla-using-SSH-
then type "top"
While running a speed test via VPN; If you see the OpenVPN process using 100% of one core, then please send help@firewalla.com, we need to take a look.
But, if you see OpenVPN is not using much CPU, it is likely something else is slowing it down.
-
I don't seem to be able to figure out how to ssh into my Gold box... I am *not* a tech guru...
I did what was suggested above re the SSH Console configuration in the iOS app, and applied it to "LAN".
But ssh pi@192.168.1.1 in Terminal gives this response:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Oo8uXesDVqO3ThENsYmob+TKMvEUqONZlhq2aIWCDxg.
Please contact your system administrator.
Add correct host key in /Users/hft/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/hft/.ssh/known_hosts:1
ECDSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed. -
Ah! Yes, that worked. I'm going to send an email to help@firewalla.com demonstrating my test with/without the Firewalla VPN Client connected - even though it doesn't look like the Gold CPU is getting hammered, the difference in download speed is drastic - ~30Mbps vs ~450Mbps.
-
One theory we have (and we have seen this before) is some VPN service provider throttles down the speed if the client is like a router.
The reason I am asking about OpenVPN CPU is, due to how that process was designed, it is a single-threaded process. It means, it's CPU usage is a direct reflection of speed. If you see that process not eating CPU, it means, something is not feeding it enough data to crunch.
Anyway, shoot us some more data, we can take a look.
-
I've sent several emails directly to help@firewalla describing my attempts to get to the bottom of this issue. However, just now, I've run into an even worse issue... Most of the day today, my Firewalla VPN Client connection to iVPN (over TCP, port 80) has been okay - running at about 75Mbps down. About 20 minutes ago, that throughput dropped to under 1Mbps. I rebooted the Firewalla, but that didn't help. And, as is usual, connecting to the same iVPN server over the same protocol and port realizes about 150Mbps down. I have no idea what has gone off the rails, nor do I have any idea how to troubleshoot this. Please advise. Thank you.
UPDATE: Things seem to have gone back to what they were - I'm suddenly seeing ~50Mbps down again through the Gold. Go figure...
-
Can you let me what is the ticket number you have? if you do not have one, I have created one for you, you should see that in your email.
As of the problem, it is very likely you are getting throttled by the VPN service. Can you check with them to see if they do something like that?
Please sign in to leave a comment.
Comments
16 comments