OpenVPN Incredibly Slow (3kb/s)

[ninja0n3]

Hello,

I've been trying just about anything I can think of to solve this issue.

I have set both a legacy and a new instance of OpenVPN, I am able to connect to both instances without issues using Viscosity, however when it comes to transferring data, the transfer speeds are incredibly slow, around 3KB/S (0.024Mbps).
I only realized this was an issue when I connected to the VPN and attempted to do some work.

My Home connection is 3Gbps up/down (measured daily using using the speedtest plugin), the internal network is 10Gbps.

My home servers are in Canada, I'm currently in Europe on a 1Gbps (up/down) connection.

The OPNsense box runs on an Intel i7-7700K with 16Gb of RAM and a bunch of 10Gb NICs.

I've mainly tried adjusting MTU/MSS with no change; tried some of this too: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux

I've primarily tested different configs on the Instance type server (not on the legacy), since I don't want to lose connectivity to the main server and not be able to connect.

I can't think of anything that would be causing such a drastic drop in speed or preventing OpenVPN to be a lot faster than 3kb/s...

Any help with this would be greatly appreciated!

Thanks!

[bartjsmit]

You could have a VPN-hostile hop in your route. Try setting the OpenVPN port to 443 UDP and see if you can get lost in the static.

You may also glean some insight from running the OpenVPN client in the foreground - i.e. openvpn /my/path/to/client.ovpn This is easiest in Linux - use WSL if you're on Windows.

Bart...

[newsense]

On what port speed is your WAN connecting to the ISP modem/router ? 3Gb is not a standard port speed, so I'm wondering if ISPs give out now modems with 5Gb or 10GB NICs for their residential clients.

[ninja0n3]

Try setting the OpenVPN port to 443 UDP and see if you can get lost in the static.

I tried setting the internet facing port to 443 (router port forwarding) on the modem, it made no difference, speeds are the same. OPNSense is set up on the DMZ, so there's no filtering between the modem and OPNSense.

On what port speed is your WAN connecting to the ISP modem/router ? 3Gb is not a standard port speed, so I'm wondering if ISPs give out now modems with 5Gb or 10GB NICs for their residential clients.

The modem has a 10Gb port, which is connected to a matching 10Gb NIC on OPNSense, I consistently get 3Gbps measured twice a day. I don't think raw available bandwidth is an issue.

[ninja0n3]

I ended up switching to WireGuard, however I also noticed it being very slow when copying numerous files from the NAS to the local host (~3kb/s).
After adjusting MTU to around 1300 and attempting to download a 700Mb file, I was getting around 25-30Mb/s (250Mbps).

So in practice it looks like everything's working as expected; I'm guessing that listing files in SMB over VPN is just one of those heavy tasks to process likely causing overhead in different places (mounted NAS drive on Windows).

The other thing I noticed is that while I do get 3Gbps up/down and 1Gbps up/down at home and here in Europe, after trying a speedtest between Europe and a home based speed test server, I could only get 250Mbps down, which is consistent with the large file transfer speed I'm getting on download.

Bottom line, it looks like my expectation of speed was skewed by the local speedtests, when in fact I should have considered the full scope speed test to a distant server.

I haven't checked the OpenVPN speeds, but I expect they'd align with what I'm getting on WireGuard right now, given the bandwidth limitation is between distant hops.

[newsense]

Thanks for the clarification.

How does netstat -Q look on your OPNsense ?