Use pi as a VPN gateway for LAN clients, but not for itself Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
CbIP
Posts: 15
Joined: Mon Jan 25, 2021 11:25 am

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by CbIP »

Looks like I found one disadvantage: if I use this configuration, then the connection speed for Pi traffic (through ISP) drops significantly. And what is more important for the AdGuard DNS - the ping increases.

This is the speedtest result with default routing and no vpn connection:

Code: Select all

Hosted by ... [0.39 km]: 4.25 ms
Testing download speed................................................................................
Download: 540.49 Mbit/s
Testing upload speed......................................................................................................
Upload: 168.20 Mbit/s
And this is the speedtest with VPN connection running, but all Pi's traffic being routed through ISP (I used the same server for testing):

Code: Select all

Hosted by ... [0.39 km]: 119.784 ms
Testing download speed................................................................................
Download: 51.55 Mbit/s
Testing upload speed......................................................................................................
Upload: 11.65 Mbit/s
Is there any way to increase the performance?
User avatar
Joulinar
Posts: 4836
Joined: Sat Nov 16, 2019 12:49 am

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by Joulinar »

usually it is normal to have a lower speed via VPN but this might be to slow. you could try to change VPN server to get better performance.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
CbIP
Posts: 15
Joined: Mon Jan 25, 2021 11:25 am

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by CbIP »

Joulinar wrote: Wed Feb 17, 2021 10:49 pm usually it is normal to have a lower speed via VPN but this might be to slow. you could try to change VPN server to get better performance.
The second result is not the speed via VPN - it also shows speed when traffic from Pi is routed through ISP directly, but traffic from other LAN clients is routed through VPN.

The first result:
VPN is turned off. No forwarded traffic is allowed (since the VPN is turned off). Pi is connected directly to the ISP and the test results show connection speed between Pi and ISP.

The second result:
VPN is connected, but Pi's own traffic still goes directly through ISP. Forwarded traffic (from LAN clients) goes through VPN. To route Pi's own traffic through ISP (not through VPN) I use three routing rules provided by @trendy earlier in this thread. The test results also show connection speed between Pi and ISP. To get "clean" results - non of the LAN clients use Pi as a gateway during the speed test.

When I use routing rules provided earlier - it affects the connection speed of Pi itself very much. It it possible to fix this?
User avatar
trendy
Posts: 314
Joined: Tue Feb 25, 2020 2:54 pm

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by trendy »

Encryption/decryption of data going/coming to/from VPN is CPU intensive.
Monitor the system resources with top or htop.
CbIP
Posts: 15
Joined: Mon Jan 25, 2021 11:25 am

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by CbIP »

I have tested the following cases:
1. Speedtest from Pi itself through ISP. VPN is connected, but Pi's own traffic is routed through ISP.
2. Speedtest from one of the LAN clients which used Pi as a VPN gateway. Client's traffic is routed through VPN.
3. Case 1 one more time.
4. Case 2 one more time.

Got the following results:
1. Down: 69 Mb/s; Up: 11 Mb/s; Ping: 119
2. Down: 142 Mb/s; Up: 95 Mb/s; Ping: 48
3. Down: 51 Mb/s; Up: 11 Mb/s; Ping: 121
4. Down: 141 Mb/s; Up: 81 Mb/s; Ping: 49

You can see the CPU load for each case on the graph below (I used the netdata to collect the information).

It looks like that Pi doesn't subject to a high CPU load when it routes its own traffic, but still gets poor speeds. And the Pi's CPU load is high when routing LAN client's traffic, but the client still gets quite high speeds.
load.png

UPD.

I have tested 2 more cases when both own Pi's traffic and LAN clients traffic are routed through VPN (by Pi):
5. Speedtest from Pi. Down: 120 Mb/s; Up: 193 Mb/s; Ping: 37
6. Speedtest form one of the LAN clients, whose traffic is routed through Pi. Down: 150 Mb/s; Up: 91 Mb/s; Ping: 25.

CPU load is approximately the same in both cases:
load2.png
User avatar
trendy
Posts: 314
Joined: Tue Feb 25, 2020 2:54 pm

Re: Use pi as a VPN gateway for LAN clients, but not for itself

Post by trendy »

Looks like your ISP is throttling the bandwidth.
Post Reply