search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.82k stars 333 forks source link

PIA NextGen with Port forwarding is very slow #274

Closed gurmukhp closed 3 years ago

gurmukhp commented 3 years ago

TLDR: Describe your issue in a one liner here

  1. Is this urgent?

    • [ ] Yes
    • [x] No

  2. What VPN service provider are you using?

    • [x] PIA
    • [ ] Mullvad
    • [ ] Windscribe
    • [ ] Surfshark
    • [ ] Cyberghost

  3. What's the version of the program?

    See the line at the top of your logs

    Running version latest built on 2020-10-27T03:29:10Z (commit edc08c4)

  4. What are you using to run the container?

    • [x] Docker run
    • [] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  5. Extra information

Logs:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and Tinyproxy =======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version latest built on 2020-10-27T03:29:10Z (commit edc08c4)

📣  Port forwarding is working for PIA v4 servers

🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2020-10-27T18:57:05.306Z        INFO    IPtables version: v1.8.4
2020-10-27T18:57:05.372Z        INFO    TinyProxy version: 1.10.0
2020-10-27T18:57:05.435Z        INFO    OpenVPN version: 2.4.9
2020-10-27T18:57:05.442Z        INFO    Unbound version: 1.10.1
2020-10-27T18:57:05.451Z        INFO    Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Private Internet Access settings:
 |--Network protocol: udp
 |--Regions: france
 |--Encryption preset: strong
 |--Port forwarding: on, saved in /tmp/gluetun/forwarded_port
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone: 
|--IP Status filepath: /tmp/gluetun/ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--VPN input ports: 
 |--Input ports: 
TinyProxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Public IP check period: 12h0m0s
Version information: enabled
Updater: disabled

2020-10-27T18:57:05.579Z        INFO    storage: Merging by most recent 6400 hardcoded servers and 6400 servers read from /gluetun/servers.json
2020-10-27T18:57:05.650Z        INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-10-27T18:57:05.650Z        INFO    routing: local subnet found: 172.17.0.0/16
2020-10-27T18:57:05.652Z        INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-10-27T18:57:05.652Z        INFO    routing: adding route for 0.0.0.0/0
2020-10-27T18:57:05.653Z        INFO    openvpn configurator: checking for device /dev/net/tun
2020-10-27T18:57:05.653Z        WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-10-27T18:57:05.653Z        INFO    openvpn configurator: creating /dev/net/tun
2020-10-27T18:57:05.653Z        INFO    firewall: enabling...
2020-10-27T18:57:05.893Z        INFO    firewall: enabled successfully
2020-10-27T18:57:05.894Z        INFO    dns over tls: falling back on plaintext DNS at address 1.1.1.1
2020-10-27T18:57:05.894Z        INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-10-27T18:57:05.894Z        INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-10-27T18:57:05.894Z        INFO    Launching standard output merger
2020-10-27T18:57:05.894Z        INFO    http server: listening on 0.0.0.0:8000
2020-10-27T18:57:05.895Z        INFO    healthcheck: listening on 127.0.0.1:9999
2020-10-27T18:57:05.900Z        INFO    firewall: setting VPN connection through firewall...
2020-10-27T18:57:05.905Z        INFO    openvpn configurator: starting openvpn
2020-10-27T18:57:05.916Z        INFO    openvpn: OpenVPN 2.4.9 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-10-27T18:57:05.916Z        INFO    openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-10-27T18:57:05.929Z        INFO    openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-10-27T18:57:05.930Z        INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.159:1197
2020-10-27T18:57:05.930Z        INFO    openvpn: UDP link local: (not bound)
2020-10-27T18:57:05.930Z        INFO    openvpn: UDP link remote: [AF_INET]156.146.63.159:1197
2020-10-27T18:57:06.118Z        INFO    openvpn: [paris402] Peer Connection Initiated with [AF_INET]156.146.63.159:1197
2020-10-27T18:57:07.259Z        INFO    openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2020-10-27T18:57:07.260Z        INFO    openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2020-10-27T18:57:07.260Z        INFO    openvpn: TUN/TAP device tun0 opened
2020-10-27T18:57:07.261Z        INFO    openvpn: /sbin/ip link set dev tun0 up mtu 1500
2020-10-27T18:57:07.288Z        INFO    openvpn: /sbin/ip addr add dev tun0 10.25.110.31/24 broadcast 10.25.110.255
2020-10-27T18:57:07.304Z        WARN    openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2020-10-27T18:57:07.305Z        INFO    openvpn: UID set to nonrootuser
2020-10-27T18:57:07.305Z        INFO    openvpn: Initialization Sequence Completed
2020-10-27T18:57:07.306Z        INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-10-27T18:57:07.307Z        INFO    VPN routing IP address: 156.146.63.159
2020-10-27T18:57:07.885Z        INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-10-27T18:57:08.010Z        INFO    dns configurator: generating Unbound configuration
2020-10-27T18:57:08.757Z        INFO    dns configurator: 60675 hostnames blocked overall
2020-10-27T18:57:08.758Z        INFO    dns configurator: 2703 IP addresses blocked overall
2020-10-27T18:57:08.895Z        INFO    dns configurator: starting unbound
2020-10-27T18:57:08.900Z        INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-10-27T18:57:08.900Z        INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-10-27T18:57:09.393Z        INFO    unbound: init module 0: validator
2020-10-27T18:57:09.395Z        INFO    unbound: init module 1: iterator
2020-10-27T18:57:09.468Z        INFO    unbound: start of service (unbound 1.10.1).
2020-10-27T18:57:09.609Z        INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2020-10-27T18:57:09.999Z        INFO    dns over tls: DNS over TLS is ready
2020-10-27T18:57:12.310Z        INFO    VPN gateway IP address: 10.25.110.1
2020-10-27T18:57:12.659Z        INFO    You are running on the bleeding edge of latest!
2020-10-27T18:57:12.664Z        INFO    port forwarding: Port forwarded is 28225 expiring in 62 days
2020-10-27T18:57:12.686Z        INFO    port forwarding: Writing port to /tmp/gluetun/forwarded_port
2020-10-27T18:57:12.691Z        INFO    firewall: setting allowed input port 28225 through interface tun0...
2020-10-27T18:57:13.121Z        INFO    ip getter: Public IP address is 156.146.63.159

Host OS: Rasbian

For some reason, when I start up this container with PIA and set the deluge container to direct all traffic to the vpn container, the speed is very slow, about 300kbps. Without VPN it's around 20x faster.

Deluge is run with the following command:

docker run -d \
  --name=deluge \
  --net=container:openvpn \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
    -v /ssd:/data \
    -v /docker-config/deluge-config:/config \
    -v /etc/localtime:/etc/localtime:ro \
  --restart always \
  linuxserver/deluge

I have checked and the Deluge container is on the VPN. I've enabled port forwarding, I'm not sure what else I should do? Do I need to let Deluge know what ports are forwarded or is this automatic?

qdm12 commented 3 years ago

Hello! Not sure, I don't really use port forwarding for torrent clients but I usually had at least 10MB/s. This is a bit out of scope of this project, but let's see how I can help!

Try

docker run -it --rm alpine:3.12
apk add wget
wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test100.zip
exit

What speed do you get?

Now try

docker run -it --rm --network=container:openvpn alpine:3.12
apk add wget
wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test100.zip
exit

What's your speed?

Does changing region help?

gurmukhp commented 3 years ago

Thanks for the help in debugging, I tried the openvpn container with and without port forwarding and it made no difference. Without running via the openvpn container, the speed hovered around 6.5MB/s and with the container, the speed was noticeably slower:

Country Speed
France 0.9
DE Berlin 1.2
Denmark 1.2
UK London 1.3
UK Southampton 0.6

This are much faster than the reported speeds in Deluge. Any idea what could be causing it?

qdm12 commented 3 years ago

There can be many possible bottlenecks, all hard to know or fix:

But 1MB/s is a slow bandwidth speed if that's the one obtained with wget & speedtest. Maybe have a try with their older servers (if they still work) with -e VPNSP="private internet access old" to see if it's faster.

I'll close the issue for now as this is a bit out of Gluetun's hands, but feel free to comment back!