search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.77k stars 333 forks source link

Very Slow Network Speed Help: ... #214

Closed zachoooo closed 3 years ago

zachoooo commented 3 years ago

TLDR: My VPN container has very upload and download speeds compared to what I should be able to get

  1. Is this urgent?

    • [ ] Yes
    • [x] No

  2. What VPN service provider are you using?

    • [x] PIA
    • [ ] Mullvad
    • [ ] Windscribe
    • [ ] Surfshark
    • [ ] Cyberghost

  3. What's the version of the program?

    Running version latest built on 2020-07-25T15:20:14Z (commit 8f54750)

  4. What are you using to run the container?

    • [ ] Docker run
    • [x] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  5. Extra information

I currently have a 300Mbps connection and when I try using the PIA speed test to the region I'm connecting to, I manage to get 200-300Mbps pretty consistently. I tried running speed tests in other docker containers and none of them are much slower than my desktop. When I tried running some simple curl based speed tests within the docker container I was averaging speeds of only 2-3MBps. Additionally, when I try routing another container through this VPN, it's speed is greatly reduced. I know that a VPN can reduce speed pretty substantially, but this seems like a huge drop compared to what I should be getting.

Here is an example speed test from one of my other containers and one from within the vpn:

/# curl --output /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  500M  100  500M    0     0  22.7M      0  0:00:22  0:00:22 --:--:-- 30.9M

~# docker exec -it vpn /bin/ash
/ # curl --output /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 14  500M   14 73.2M    0     0  2755k      0  0:03:05  0:00:27  0:02:38 2638k^C

What can I do to get more reasonable speeds?

Logs:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and Tinyproxy =======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version latest built on 2020-07-25T15:20:14Z (commit 8f54750)

🔧  Need help? https://github.com/qdm12/private-internet-access-docker/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2020-08-02T20:06:31.732Z        INFO    TinyProxy version: 1.10.0
2020-08-02T20:06:31.781Z        INFO    ShadowSocks version: 3.3.4
2020-08-02T20:06:31.844Z        INFO    OpenVPN version: 2.4.9
2020-08-02T20:06:31.860Z        INFO    Unbound version: 1.10.1
2020-08-02T20:06:31.884Z        INFO    IPtables version: v1.8.4
2020-08-02T20:06:31.888Z        INFO    Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Private Internet Access settings:
 |--Network protocol: udp
 |--Region: ca vancouver
 |--Encryption preset: normal
 |--Port forwarding: on, saved in /forwarded_port
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone:
|--IP Status filepath: /ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--Allowed subnets: 192.168.1.0/24
 |--VPN input ports:
TinyProxy settings: disabled
ShadowSocks settings: disabled
Public IP check period: 12h0m0s

2020-08-02T20:06:31.889Z        INFO    routing: default route found: interface eth0, gateway 172.18.0.1
2020-08-02T20:06:31.890Z        INFO    routing: local subnet found: 172.18.0.0/16
2020-08-02T20:06:31.890Z        INFO    openvpn configurator: checking for device /dev/net/tun
2020-08-02T20:06:31.905Z        INFO    firewall: enabling...
2020-08-02T20:06:31.905Z        INFO    Launching standard output merger
2020-08-02T20:06:31.929Z        INFO    firewall: enabled successfully
2020-08-02T20:06:31.929Z        INFO    firewall: setting allowed subnets through firewall...
2020-08-02T20:06:31.930Z        INFO    routing: adding 192.168.1.0/24 as route via 172.18.0.1 eth0
2020-08-02T20:06:31.960Z        INFO    http server: listening on 0.0.0.0:8000
2020-08-02T20:06:31.963Z        INFO    dns over tls: falling back on plaintext DNS at address 1.1.1.1
2020-08-02T20:06:31.963Z        INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-08-02T20:06:31.963Z        INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-08-02T20:06:31.966Z        INFO    firewall: setting VPN connections through firewall...
2020-08-02T20:06:31.988Z        INFO    openvpn configurator: starting openvpn
2020-08-02T20:06:31.992Z        INFO    openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-08-02T20:06:31.992Z        INFO    openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-08-02T20:06:32.023Z        INFO    openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-08-02T20:06:32.025Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]107.181.189.74:1198
2020-08-02T20:06:32.025Z        INFO    openvpn: UDP link local: (not bound)
2020-08-02T20:06:32.025Z        INFO    openvpn: UDP link remote: [AF_INET]107.181.189.74:1198
2020-08-02T20:07:32.248Z        INFO    openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-08-02T20:07:32.248Z        INFO    openvpn: TLS Error: TLS handshake failed
2020-08-02T20:07:32.248Z        INFO    openvpn: SIGUSR1[soft,tls-error] received, process restarting
2020-08-02T20:07:42.249Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]172.83.40.100:1198
2020-08-02T20:07:42.249Z        INFO    openvpn: UDP link local: (not bound)
2020-08-02T20:07:42.249Z        INFO    openvpn: UDP link remote: [AF_INET]172.83.40.100:1198
2020-08-02T20:08:42.553Z        INFO    openvpn: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-08-02T20:08:42.554Z        INFO    openvpn: TLS Error: TLS handshake failed
2020-08-02T20:08:42.554Z        INFO    openvpn: SIGUSR1[soft,tls-error] received, process restarting
2020-08-02T20:08:52.555Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]107.181.189.86:1198
2020-08-02T20:08:52.555Z        INFO    openvpn: UDP link local: (not bound)
2020-08-02T20:08:52.555Z        INFO    openvpn: UDP link remote: [AF_INET]107.181.189.86:1198
2020-08-02T20:08:52.712Z        WARN    openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
2020-08-02T20:08:52.712Z        WARN    openvpn: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
2020-08-02T20:08:52.712Z        INFO    openvpn: [13ebb88d404cd660660ec3fd4d88ee14] Peer Connection Initiated with [AF_INET]107.181.189.86:1198
2020-08-02T20:08:59.023Z        INFO    openvpn: TUN/TAP device tun0 opened
2020-08-02T20:08:59.023Z        INFO    openvpn: /sbin/ip link set dev tun0 up mtu 1500
2020-08-02T20:08:59.024Z        INFO    openvpn: /sbin/ip addr add dev tun0 local 10.12.10.6 peer 10.12.10.5
2020-08-02T20:08:59.026Z        INFO    openvpn: UID set to nonrootuser
2020-08-02T20:08:59.026Z        INFO    openvpn: Initialization Sequence Completed
2020-08-02T20:08:59.026Z        INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-08-02T20:08:59.026Z        INFO    routing: default route found: interface eth0, gateway 172.18.0.1
2020-08-02T20:08:59.026Z        INFO    Gateway VPN IP address: 107.181.189.86
2020-08-02T20:08:59.272Z        INFO    ip getter: Public IP address is 107.181.189.86
2020-08-02T20:08:59.446Z        INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-08-02T20:08:59.622Z        INFO    dns configurator: generating Unbound configuration
2020-08-02T20:09:00.515Z        INFO    dns configurator: 60220 hostnames blocked overall
2020-08-02T20:09:00.515Z        INFO    dns configurator: 2523 IP addresses blocked overall
2020-08-02T20:09:00.534Z        INFO    dns configurator: starting unbound
2020-08-02T20:09:00.534Z        INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-08-02T20:09:00.534Z        INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-08-02T20:09:00.681Z        INFO    unbound: init module 0: validator
2020-08-02T20:09:00.681Z        INFO    unbound: init module 1: iterator
2020-08-02T20:09:00.727Z        INFO    unbound: start of service (unbound 1.10.1).
2020-08-02T20:09:00.960Z        INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2020-08-02T20:09:14.208Z        INFO    openvpn: port forwarded is 31132
2020-08-02T20:09:14.208Z        INFO    firewall: setting allowed input port 31132 through interface tun0...
2020-08-02T20:09:14.210Z        INFO    openvpn: writing forwarded port to /forwarded_port
2020-08-02T22:58:31.124Z        INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2020-08-03T01:47:44.440Z        INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN

Configuration file:

vpn:
    image: qmcgaw/private-internet-access
    container_name: vpn
    restart: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - 'REGION=CA Vancouver'
      - FIREWALL=on
      - USER=[REDACTED]
      - PASSWORD=[REDACTED]
      - PORT_FORWARDING=on
      - EXTRA_SUBNETS=192.168.1.0/24
      - PIA_ENCRYPTION=normal
    ports:
      - 8080:8080
      - 6881:6881
      - 6881:6881/udp

Host OS: Debian Linux

frepke commented 3 years ago

I think it's more a PIA issue. Slow downloadspeeds are one of the reasons why I switched over to another provider. My PIA subscribtion is still active so I did a compare for you on the same system as I use for my actual provider (Surfshark) with region "The Netherlands".

PIA

/ # curl --output /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  500M  100  500M    0     0  1297k      0  0:06:34  0:06:34 --:--:-- 1208k

Surfshark

/ # curl --output /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  500M  100  500M    0     0  19.4M      0  0:00:25  0:00:25 --:--:-- 22.1M
zachoooo commented 3 years ago

@Frepke You're right it was a PIA problem. Good catch there.

qdm12 commented 3 years ago

Whoa the speed difference is big, although I get some 25MB/s on other PIA regions, so maybe that's a per region issue.

@zachoooo btw PUID and PGID don't do anything, these are specific to linuxserver's docker images I think.