DrewSIT2010 Posted December 20, 2018 Share Posted December 20, 2018 I was curious if any others have had issues with VPN speeds when configuring private internet access? On my laptop, when using the PIA desktop app, I can see download speeds of ~100 mbps. When I configure the same VPN in Hybrid VPN I get no more than 20mbps. Is there something I am missing to cause this slow down? Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted December 20, 2018 Administrators Share Posted December 20, 2018 Hi that’s quite normal - the router will not be able to run as fast as your PC when handling the VPN. You might want to try a different vpn server though, as some can just be slower than others. But this is one reason it’s good to have Hybrid VPN. You can choose the devices and applications/ports that you want limited to this. Link to comment Share on other sites More sharing options...
DrewSIT2010 Posted December 20, 2018 Author Share Posted December 20, 2018 Yea 20 was the highest I have seen. Most of the other servers get 10 mbps. Link to comment Share on other sites More sharing options...
xr500user Posted December 21, 2018 Share Posted December 21, 2018 For the Devs, I decided to test this feature with a free express vpn trial.. I tested with default config (udp) and then modified it for tcp .. tcp seemed a little quicker, but definitely it is super slow on the router - most I was able to get after tweaking the config and using expressvpn/tcp was 28 down, 41 up (once) but mostly 24-25 down/28-31up. udp was flatter around 20-22 u/d sometimes 24/28 with bursts. it was using aes-256 and i don't think they offer 128 -- maybe get 40/50mbps if then - i need to look further It seems like the connection is capped on the router though, positive no throttling is going on? The express vpn client on a wifi win10 laptop pulled 168/169mbps+ with vpn turned on and its running w/openvpn udp. openvpn is single threaded so it can't really take advantage of multiple cpu's on the router (next version maybe) so I get that, but I think it can be tweaked to get better performance if you scale more cpu to it, and zero (0) the sndbuf/rcvbuf. it hardly really impacts cpu so I think tweaking is in order. Think latest openvpn. I also noticed when data is going thru hybrid vpn there are 2 leaks: dns is leaking, and partial webRTC is leaking. as far as Dns leak: router is still using nameservers specified by isp or manually / outside of the vpn tunnel, so someone could know what dns you are using - with a little detective work access times can be matched to who went where and when and your identity could be compromised. looking at hybrid vpn logs i saw vpn server did PUSH 10.x.x.x.x dns to use, but it was ignored by duma, somehow you need to accept that dns and route dns requests from hybrid vpn clients to it instead of the local nameservers on the router. openvpn creates a tunnel device tun0, you need to bind dnsmasq to interface=tun0 and allow forced dns redirection so requests for dns go through the vpn tunnel. other solutions possible maybe, you figure it out. webrtc is not leaking your public ip, but it IS leaking your local ip. this is really not that critical, but someone can know you are using 192.168.1.x (exact in-house ip), wouldn't you rather it be a bogus 10.x.whatever ip? also vpn username & password is being stored in plaintext format in the usr configs, each time you make a new Connection config (i made many to test) all old and dead prior configs are hanging around in /tmp -- need to clean up the unused lua_xxxxx* files.....why is [EPOLL] [MH/PKTINFO] compiled into openvpn? just curious Link to comment Share on other sites More sharing options...
Myst1caL Posted December 21, 2018 Share Posted December 21, 2018 Been using HybridVPN since its release I remember reading that back on the old HybridVPN on the R1 that the speed issue was a hardware limitation. Really thought this would have been improved with the xr500 but seems to be the same speeds Using my vpn ( Surfshark ) I receive 20 Down / 20 Up. Tried different servers with no change ( My isp speed is 380 Down / 21 Up ) Link to comment Share on other sites More sharing options...
xlr8r Posted December 21, 2018 Share Posted December 21, 2018 33 minutes ago, Myst1caL said: Been using HybridVPN since its release I remember reading that back on the old HybridVPN on the R1 that the speed issue was a hardware limitation. Really thought this would have been improved with the xr500 but seems to be the same speeds Using my vpn ( Surfshark ) I receive 20 Down / 20 Up. Tried different servers with no change ( My isp speed is 380 Down / 21 Up ) Try UDP instead of TCP, improved speeds for me.... Link to comment Share on other sites More sharing options...
Myst1caL Posted December 21, 2018 Share Posted December 21, 2018 client dev tun proto udp remote uk-man.prod.surfshark.com 1194 resolv-retry infinite remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping 15 ping-restart 0 ping-timer-rem reneg-sec 0 remote-cert-tls server auth-user-pass #comp-lzo verb 3 pull fast-io cipher AES-256-CBC auth SHA512 <ca> -----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- </ca> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1----- </tls-auth> Seems to fail with UDP this is my config file **EDIT** Nevermind router needed a reboot after changing config. will test this out cheers Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted December 21, 2018 Administrators Share Posted December 21, 2018 16 hours ago, xr500user said: For the Devs, I decided to test this feature with a free express vpn trial.. I tested with default config (udp) and then modified it for tcp .. tcp seemed a little quicker, but definitely it is super slow on the router - most I was able to get after tweaking the config and using expressvpn/tcp was 28 down, 41 up (once) but mostly 24-25 down/28-31up. udp was flatter around 20-22 u/d sometimes 24/28 with bursts. it was using aes-256 and i don't think they offer 128 -- maybe get 40/50mbps if then - i need to look further It seems like the connection is capped on the router though, positive no throttling is going on? The express vpn client on a wifi win10 laptop pulled 168/169mbps+ with vpn turned on and its running w/openvpn udp. openvpn is single threaded so it can't really take advantage of multiple cpu's on the router (next version maybe) so I get that, but I think it can be tweaked to get better performance if you scale more cpu to it, and zero (0) the sndbuf/rcvbuf. it hardly really impacts cpu so I think tweaking is in order. Think latest openvpn. I also noticed when data is going thru hybrid vpn there are 2 leaks: dns is leaking, and partial webRTC is leaking. as far as Dns leak: router is still using nameservers specified by isp or manually / outside of the vpn tunnel, so someone could know what dns you are using - with a little detective work access times can be matched to who went where and when and your identity could be compromised. looking at hybrid vpn logs i saw vpn server did PUSH 10.x.x.x.x dns to use, but it was ignored by duma, somehow you need to accept that dns and route dns requests from hybrid vpn clients to it instead of the local nameservers on the router. openvpn creates a tunnel device tun0, you need to bind dnsmasq to interface=tun0 and allow forced dns redirection so requests for dns go through the vpn tunnel. other solutions possible maybe, you figure it out. webrtc is not leaking your public ip, but it IS leaking your local ip. this is really not that critical, but someone can know you are using 192.168.1.x (exact in-house ip), wouldn't you rather it be a bogus 10.x.whatever ip? also vpn username & password is being stored in plaintext format in the usr configs, each time you make a new Connection config (i made many to test) all old and dead prior configs are hanging around in /tmp -- need to clean up the unused lua_xxxxx* files.....why is [EPOLL] [MH/PKTINFO] compiled into openvpn? just curious Thanks for the information, I'll pass it on to the devs! Link to comment Share on other sites More sharing options...
kamoj Posted January 10, 2019 Share Posted January 10, 2019 For speed info: http://forum.netduma.com/topic/27748-xr500-hybrid-vpn-dns-leak-test/?do=findComment&comment=206216 Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted January 10, 2019 Administrators Share Posted January 10, 2019 Thanks. Link to comment Share on other sites More sharing options...
KARLmitLAMA Posted November 4, 2021 Share Posted November 4, 2021 On 12/21/2018 at 2:51 AM, xr500user said: For the Devs, I decided to test this feature with a free express vpn trial.. I tested with default config (udp) and then modified it for tcp .. Can you share what you modified? I know there´s an update coming to the VPN feature but it´s not shared when this update will be available. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted November 4, 2021 Administrators Share Posted November 4, 2021 In the config for TCP just change proto udp to proto tcp and it should work Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.