Limited speed compared to other containers/host

[sebcourant]

Is there a pinned issue for this?

• [X] I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• [X] I have searched the existing issues
• [X] I have searched the existing discussions

Is there any comment in the documentation for this?

• [X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• [X] I have checked the provider repo for issues
• [X] My issue is NOT related to a provider

Are you using the latest release?

• [X] I am using the latest release

Have you tried using the dev branch latest?

• [X] I have tried using dev branch

Docker run config used

Using :latest on Raspberry Pi 4, ethernet, OS on a USB SSD, Data on a USB/Sata HDD.

Using default Docker Bridge Network, shared with other containers which works fine. Not specifying TCP/UDP, logs show it's using TCP. Here are the ENV variables I'm using

CREATE_TUN_DEVICE true DROP_DEFAULT_ROUTE
ENABLE_UFW false GLOBAL_APPLY_PERMISSIONS true HEALTH_CHECK_HOST google.com LOCAL_NETWORK 192.168.178.0/24 LOG_TO_STDOUT false NORDVPN_CATEGORY legacy_p2p NORDVPN_COUNTRY FI OPENVPN_OPTS
OPENVPN_PASSWORD redacted OPENVPN_PROVIDER NORDVPN OPENVPN_USERNAME redacted PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PEER_DNS true PEER_DNS_PIN_ROUTES true PGID 1000 PUID 1000 REVISION b33d0fe4c938259a0d4eb844e55468f387456121 SELFHEAL false TRANSMISSION_DOWNLOAD_DIR /data/completed TRANSMISSION_HOME /config/transmission-home TRANSMISSION_INCOMPLETE_DIR /data/incomplete TRANSMISSION_RPC_PASSWORD
TRANSMISSION_RPC_PORT 9091 TRANSMISSION_RPC_USERNAME
TRANSMISSION_WATCH_DIR /data/watch TRANSMISSION_WATCH_DIR_ENABLED true UFW_ALLOW_GW_NET false UFW_DISABLE_IPTABLES_REJECT false UFW_EXTRA_PORTS
WEBPROXY_ENABLED false WEBPROXY_PASSWORD
WEBPROXY_PORT 8118 WEBPROXY_USERNAME

Current Behavior

Everything is technically working, and I haven't changed my config in ages.

Upgraded internet speed from 100mbps to 250mbps.

Noticed download speed in Transmission didn't improve. Seems like I was limited the whole time.

What I checked :

• I was using :beta, reverted to :latest
• Made sure I was using latest version of Docker (and everything else on my host)
• Ran iperf3, pinging machines on my network : no bottleneck there I have gigabit lan
• Ran speedtest-cli several times, on the host directly, and inside containers on the same network bridge as transmission.
• Speedtest on the host and other containers on the bridge averaging 260mbps
• Speedtest on the transmission-openvpn container : average of 80mbps
• Checked which VPN server was used, tried on another device, speedtest there is also showing >250mbps so it's not provider related.

It's like something in the image is heavily limiting speed. Talked to other people with same image, they also see speed heavily limited compared to what they can reach on other devices/containers

Expected Behavior

described above

How have you tried to solve the problem?

described above

-Log output

2023-11-08 18:37:52 net_route_v4_del: redacted via 172.17.0.1 dev [NULL] table 0 metric -1 2023-11-08 18:37:52 net_route_v4_del: 0.0.0.0/1 via 10.7.0.1 dev [NULL] table 0 metric -1 2023-11-08 18:37:52 net_route_v4_del: 128.0.0.0/1 via 10.7.0.1 dev [NULL] table 0 metric -1 2023-11-08 18:37:52 Closing TUN/TAP interface 2023-11-08 18:37:52 net_addr_v4_del: 10.7.0.3 dev tun0 2023-11-08 18:37:52 SIGTERM[hard,] received, process exiting Starting container with revision: b33d0fe4c938259a0d4eb844e55468f387456121 TRANSMISSION_HOME is currently set to: /config/transmission-home WARNING: Deprecated. Found old default transmission-home folder at /data/transmission-home, setting this as TRANSMISSION_HOME. This might break in future versions. We will fallback to this directory as long as the folder exists. Please consider moving it to /config/transmission-home Creating TUN device /dev/net/tun Using OpenVPN provider: NORDVPN Running with VPN_CONFIG_SOURCE auto Provider NORDVPN has a bundled setup script. Defaulting to internal config Executing setup script for NORDVPN /etc/openvpn/nordvpn/.. INFO: OVPN: Checking curl installation INFO: OVPN: DNS resolution ok INFO: OVPN: ok, configurations download site reachable INFO: OVPN: Removing existing configs in /etc/openvpn/nordvpn Checking NORDPVN API responses INFO: OVPN:Selecting the best server... INFO: OVPN: Searching for country : FI (73) INFO: OVPN: Searching for group: legacy_p2p INFO: OVPN:Searching for technology: openvpn_tcp INFO: OVPN: Best server : fi184.nordvpn.com, load: 14 Best server : fi184.nordvpn.com INFO: OVPN: Downloading config: fi184.nordvpn.com.ovpn INFO: OVPN: Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/fi184.nordvpn.com.tcp.ovpn OVPN: NORDVPN: selected: fi184.nordvpn.com, VPN_PROVIDER_HOME: /etc/openvpn/nordvpn Starting OpenVPN using config fi184.nordvpn.com.ovpn Modifying /etc/openvpn/nordvpn/fi184.nordvpn.com.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file Modification: Change ca certificate path Modification: Change ping options Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Modification: Updating status for config failure detection Setting OpenVPN credentials... adding route to local network 192.168.178.0/24 via 172.17.0.1 dev eth0 2023-11-08 18:38:04 OpenVPN 2.5.5 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022 2023-11-08 18:38:04 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2023-11-08 18:38:04 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-11-08 18:38:04 NOTE: --fast-io is disabled since we are not using UDP 2023-11-08 18:38:04 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-11-08 18:38:04 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-11-08 18:38:04 TCP/UDP: Preserving recently used remote address: [AF_INET]85.202.81.139:443 2023-11-08 18:38:04 Socket Buffers: R=[131072->131072] S=[16384->16384] 2023-11-08 18:38:04 Attempting to establish TCP connection with [AF_INET]85.202.81.139:443 [nonblock] 2023-11-08 18:38:04 TCP connection established with [AF_INET]85.202.81.139:443 2023-11-08 18:38:04 TCP_CLIENT link local: (not bound) 2023-11-08 18:38:04 TCP_CLIENT link remote: [AF_INET]85.202.81.139:443 2023-11-08 18:38:04 TLS: Initial packet from [AF_INET]85.202.81.139:443, sid=991340c2 bab877af 2023-11-08 18:38:05 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2023-11-08 18:38:05 VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA8 2023-11-08 18:38:05 VERIFY KU OK 2023-11-08 18:38:05 Validating certificate extended key usage 2023-11-08 18:38:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2023-11-08 18:38:05 VERIFY EKU OK 2023-11-08 18:38:05 VERIFY X509NAME OK: CN=fi184.nordvpn.com 2023-11-08 18:38:05 VERIFY OK: depth=0, CN=fi184.nordvpn.com 2023-11-08 18:38:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2023-11-08 18:38:05 [fi184.nordvpn.com] Peer Connection Initiated with [AF_INET]85.202.81.139:443 2023-11-08 18:38:06 SENT CONTROL [fi184.nordvpn.com]: 'PUSH_REQUEST' (status=1) 2023-11-08 18:38:06 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.0.3 255.255.255.0,peer-id 0,cipher AES-256-CBC' 2023-11-08 18:38:06 OPTIONS IMPORT: timers and/or timeouts modified 2023-11-08 18:38:06 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp 2023-11-08 18:38:06 OPTIONS IMPORT: compression parms modified 2023-11-08 18:38:06 OPTIONS IMPORT: --ifconfig/up options modified 2023-11-08 18:38:06 OPTIONS IMPORT: route options modified 2023-11-08 18:38:06 OPTIONS IMPORT: route-related options modified 2023-11-08 18:38:06 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2023-11-08 18:38:06 OPTIONS IMPORT: peer-id set 2023-11-08 18:38:06 OPTIONS IMPORT: adjusting link_mtu to 1659 2023-11-08 18:38:06 OPTIONS IMPORT: data channel crypto options modified 2023-11-08 18:38:06 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 2023-11-08 18:38:06 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-11-08 18:38:06 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 2023-11-08 18:38:06 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-11-08 18:38:06 net_route_v4_best_gw query: dst 0.0.0.0 2023-11-08 18:38:06 net_route_v4_best_gw result: via 172.17.0.1 dev eth0 2023-11-08 18:38:06 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:0b 2023-11-08 18:38:06 TUN/TAP device tun0 opened 2023-11-08 18:38:06 net_iface_mtu_set: mtu 1500 for tun0 2023-11-08 18:38:06 net_iface_up: set tun0 up 2023-11-08 18:38:06 net_addr_v4_add: 10.7.0.3/24 dev tun0 2023-11-08 18:38:06 net_route_v4_add: redacted via 172.17.0.1 dev [NULL] table 0 metric -1 2023-11-08 18:38:06 net_route_v4_add: 0.0.0.0/1 via 10.7.0.1 dev [NULL] table 0 metric -1 2023-11-08 18:38:06 net_route_v4_add: 128.0.0.0/1 via 10.7.0.1 dev [NULL] table 0 metric -1 Up script executed with device=tun0 ifconfig_local=10.7.0.3 Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.7.0.3 Enforcing ownership on transmission directories Applying permissions to transmission directories Setting owner for transmission paths to 1000:1000 Setting permissions for download and incomplete directories umask: 2 Directories: 775 Files: 664 Setting permission for watch directory (775) and its files (664)

Transmission will run as

User name: abc User uid: 1000 User gid: 1000

Updating Transmission settings.json with values from env variables Attempting to use existing settings.json for Transmission Successfully used existing settings.json /data/transmission-home/settings.json Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.7.0.3 Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED] Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091 Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch Overriding watch-dir-enabled because TRANSMISSION_WATCH_DIR_ENABLED is set to true sed'ing True to true STARTING TRANSMISSION Transmission startup script complete. 2023-11-08 18:38:06 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-11-08 18:38:06 Initialization Sequence Completed

HW/SW Environment

- OS: 
- Docker:

Anything else?

No response

[edgd1er]

I had a similar experience with Nordvpn. Not sure it's due to the container though. I built an image with nordvpn's client enabling nordlynx, nordvpn's commercial name for wireguard. I had much better transfer. I guess Nordvpn is limiting the traffic through openvpn. I'm not using wireguard straight, as adding it to the image add 300Mb ( kernel+tools) to the image. furthermore you need nordvpn's client to export user settings in order to setup wireguard. the user interface does not provide these informations.

[pkishino]

yeah, there isn't anything in the image limiting speed.. it can be a combo of resource limitation on docker, provider limitations on tcp or openvpn in general etc.. so, feel free to request this be moved to discussions as this is not a bug in the container..