Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Newbie
    Join Date
    May 2018
    Posts
    8

    Default Tunnel VPN - Diagnosing slow download

    Hello all!

    I've ran into a rather serious performance drop with Tunnel VPN, and I'd like some advice on diagnosing the issue.

    VPN: TorGuard
    Connection Speed: 100/10
    VPN Speed using VPN on PC: 85/10 (Using UDP)
    VPN Speed using Tunnel VPN: 15/10 (Using UDP)

    CPU: Intel Atom D525
    RAM: 4GB
    NIC: HP NC360T (Intel 82571EB)

    - I get the same speed on the two closest VPN servers (~360 miles for both)

    - CPU utilization during a speed test stays under 1%.

    - TCP results in a very slight decrease in download speed

    - I've tested both the TorGuard app and Open VPN on my PC, both have speeds over of 80/10.

    - QoS is not enabled. Ad Blocker, Firewall, Reports, OpenVPN and Tunnel VPN are the only apps enabled.

    The Atom D525 unfortunately doesn't support AES-NI, but would it really make this big of an impact on performance?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,181

    Default

    What unit are you using in the numbers above? They seem to be a mix of MBps and Mbps Is that tested or ISP provided numbers? Use the download test in /admin/index.do#config/network/troubleshooting/download .

    All VPN providers will limit bandwidth base on the demand. If QoS is disabled, then the speed is limited upstream. In testing Atom processor can do ~320 Mbps on OpenVPN.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    May 2018
    Posts
    8

    Default

    The units are megabits. I'm using Speedtest.net, but the speed test in Untangle reports the same. I've tested both VPN and Non-VPN connections multiple times on Speedtest.net.

  4. #4
    Newbie
    Join Date
    May 2018
    Posts
    8

    Default

    I just tested Nord VPN. I also get a significant slow down with that. VPN on PC was around 14/6, VPN on Untangle was around 4/4. No VPN was 100/10. All tested using Speedtest.net.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,642

    Default

    And speedtest.net is hilariously inaccurate... But it should give you a general idea of what to expect.
    Last edited by sky-knight; 08-04-2018 at 03:41 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Sep 2018
    Posts
    5

    Default

    I just finished several back and forth emails with support over the past week on this issue. Extensive A/B testing showed that PfSense OpenVPN tunnel on my hardware (Intel dual core 1.8GHz, 8GB RAM, 120 GB SSD) handled 100 Mbps encyption with only 16% CPU utilization. Untangle running on the same hardware maxed out at 30 Mbps. Everything else was identical.

    The final answer from support is that Untangle is using an old version of OpenVPN that maxes out at 30 Mbps. No plans to update it until the new Debian release (currently trending to mid-2019).

    With Untangle then needing to integrate and test, it could be early 2020 before we can run OpenVPN tunnels faster than 30 Mbps. 2009 called and wants it broadband back.

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,181

    Default

    There are so many errors in your statement.

    - You are comparing apples vs oranges. Pfsense is layer 3 vs Untangle's layer 7 filtering. Yes there will be performance differences.
    - Also support did not say Untangle's maximum throughput is 30 Mbps. I consistently get higher throughput across the test networks (> 88 Mbps)
    - Untangle uses the latest stable Debian. OpenVPN is already integrated in. Version 2.4.0-6+deb9u2 is the latest OpenVPN available in a stable Debian (Stretch),

    Where are you reading that this version of OpenVPN has a throughput limitation?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,491

    Default

    Sorry for the misinformation. We did not add any "speed cap" in fact its the standard upstream openvpn binary. No idea where that came from, but I will correct them.

    Reading the ticket it sounds like you can't even get UDP-based openvpn working and are using TCP instead. I would focus on getting it working (with defaults & UDP) before testing the throughput.
    If you changed some advanced settings (like changing to tcp among other things) significant problems including performance issues are not surprising.

    If you are instead talking about Tunnel VPN, its just going to use the config you provide.
    In that case its likely something else, like your NICs or QoS settings or something else.
    Last edited by dmorris; 09-24-2018 at 08:20 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Newbie
    Join Date
    Sep 2018
    Posts
    5

    Default

    Let's figure this out then.

    I can run a software VPN client on my PC and have that traffic go through the Untangle box. Every packet is going through Untangle, and yet I still get 100 Mbps of encrypted traffic throughput. So Untangle's layer 7 architecture is easily capable of handling that speed on this hardware.

    When I run the TunnelVPN on Untangle, encrypted throughput to the same VPN server tops out at 30 Mbps. I know the hardware has enough horsepower to run OpenVPN (under PfSense) at 100Mbps with only 16% CPU utilization. So TunnelVPN isn't slow because of insufficience hardware.

    Why would Untangle be able to handle 100 Mbps of encrypted traffic flowing through it, and the CPU have enough horsepower to encyrpt 100 Mbps of traffic with only 16% utilization, and yet when Untangle tries to do both everything collapses to 30 Mbps without maxing out CPU utilization?

    And then customer support said:
    We are currently running an older version of OpenVPN, I will have to confirm exactly which version. But I do know that we are 2-3 versions behind what the current version of OpenVPN that is available is. I do know that towards the beginning of the year this was an issue for OpenVPN users. It seems that they may have solved this issue in one of their more recent versions. It will still be some time before we are able to update our OpenVPN version within Untangle with a future version release. This seems to be the issue that you are facing, and there aren't any settings or anything within Untangle that we would be able to change this with.

    I haven't changed anything in the ovpn files from my VPN provider. I would be happy to work with you to figure this out, but my initial contact with Untangle support told me there was nothing that could be done to raise to 30Mbps cap. And I believed him.

    @jcoffin and @dmorris - You can go to vpn.ac/ovpn to see the configuration files I use. I would love to get the 80 Mbps that you are able to get. I know my VPN provider and ISP can support it, I know my hardware can support it, but I can't get Untangle to support it.

  10. #10
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    643

    Default

    Only a slight comment: You only know your hardware can support it on a completely different OS (OpenBSD) with completely different drivers. You don't really know that your hardware can handle it on Debian (or a Debian derivative) with its drivers. Could be worse drivers or weird incompatibility - who knows?

    So the hardware isn't automatically removed as a variable.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2