I setup a local home VPN on a Raspberry Pi 4 Model B 2019 Quad Core (4GB of RAM) running Ubuntu 20.04 connected to my home router using ethernet. I used PiVPN with Pihole for the setup. I setup the client on my iPhone and Mac and it connects, but the connection speeds are very slow compared to my home speed. My ISP plan is AT&T Fiber with Gigabit Speed, so my RPi4 has a pretty close upload/download speed to this: speedtest cli
ISP: AT&T U-verse
Latency: 3.32 ms (0.83 ms jitter)
Download: 913.95 Mbps (data used: 887.2 MB )
Upload: 921.47 Mbps (data used: 1.1 GB )
Packet Loss: 0.0%
For my clients (iPhone and Mac, both connected over Wifi), I used speedtest.net to gather their speeds without the VPN (just connected directly to the home network)
Mac: 397mbps/486mbps (download/upload)
iPhone: 377mbps (download)
Once connected to the VPN, the connections were much lower (using the same test):
Mac: 15.65mbps/15.11mbps (download/upload)
iPhone: 8.45mbps (download)
I started looking at other threads of people having the same issue and tried the following:
- Changed the default listening port (51820) to other different ports (tried 51821, 81, 443) in case my ISP (AT&T) was throttling any of those ports. No luck.
- Reinstalled PiVPN without PiHole integration (in case that was messing it up somehow). No luck.
- Changed the server and client MTU to different values (initially it is 1420): 1400, 1300, 1200. No luck. (I did ifconfig and it seems my network mtu is 1500, so the default should have been fine)
- Performed an iperf3 test using my Mac to see if I could find something with that test:
iperf test without vpn
iperf3 -c 192.168.1.93
Connecting to host 192.168.1.93, port 5201
[ 5] local 192.168.1.64 port 57206 connected to 192.168.1.93 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 76.2 MBytes 639 Mbits/sec
[ 5] 1.00-2.01 sec 72.2 MBytes 598 Mbits/sec
[ 5] 2.01-3.00 sec 62.8 MBytes 533 Mbits/sec
[ 5] 3.00-4.00 sec 55.2 MBytes 465 Mbits/sec
[ 5] 4.00-5.00 sec 72.9 MBytes 612 Mbits/sec
[ 5] 5.00-6.00 sec 72.4 MBytes 608 Mbits/sec
[ 5] 6.00-7.00 sec 68.0 MBytes 569 Mbits/sec
[ 5] 7.00-8.00 sec 61.4 MBytes 516 Mbits/sec
[ 5] 8.00-9.00 sec 70.4 MBytes 591 Mbits/sec
[ 5] 9.00-10.00 sec 70.6 MBytes 592 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 682 MBytes 572 Mbits/sec sender
[ 5] 0.00-10.01 sec 681 MBytes 571 Mbits/sec receiver
iperf test with vpn
iperf3 -c 10.6.0.1
Connecting to host 10.6.0.1, port 5201
[ 5] local 10.6.0.2 port 59800 connected to 10.6.0.1 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 3.16 MBytes 26.3 Mbits/sec
[ 5] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec
[ 5] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec
[ 5] 3.00-4.00 sec 1.21 MBytes 10.2 Mbits/sec
[ 5] 4.00-5.00 sec 1.72 MBytes 14.4 Mbits/sec
[ 5] 5.00-6.00 sec 1.58 MBytes 13.2 Mbits/sec
[ 5] 6.00-7.00 sec 1.91 MBytes 16.1 Mbits/sec
[ 5] 7.00-8.00 sec 1.72 MBytes 14.4 Mbits/sec
[ 5] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec
[ 5] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 11.3 MBytes 9.48 Mbits/sec sender
[ 5] 0.00-15.52 sec 11.3 MBytes 6.11 Mbits/sec receiver
This test just confirmed what I had already seen from the speedtest.net test. I am left with no other things to try, so I have a few questions if you guys can help me:
- Does AT&T throttle Wireguard packets? could that be the reason why I am kind of stuck at 10mbps?
- Is it normal to expect going from 400mbps to 10mbps using Wireguard?
- How can I fix this issue? what do you recommend to speed up my connection? A couple other things to note:
- I am using an AT&T gateway router Pace 5268AC (port-forwarding seems to work fine)
- This is my current pivpn -d debug log:
=============================================
:::: Latest commit ::::
Branch: master
Commit: f80b0a7962d91862132c0a4abd65c1e67bd37bd7
Author: 4s3ti
Date: Fri Dec 3 21:41:13 2021 +0100
Summary: Update Changelog
=============================================
:::: Installation settings ::::
PLAT=Ubuntu
OSCN=focal
USING_UFW=1
IPv4dev=eth0
install_user=ubuntu
install_home=/home/ubuntu
VPN=wireguard
pivpnPORT=443
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=REDACTED
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=0
INSTALLED_PACKAGES=()
=============================================
:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
MTU = 1420
ListenPort = 443
### begin user ###
[Peer]
PublicKey = user_pub
PresharedKey = user_psk
AllowedIPs = 10.6.0.2/32
### end user ###
### begin Phone ###
[Peer]
PublicKey = Phone_pub
PresharedKey = Phone_psk
AllowedIPs = 10.6.0.3/32
### end Phone ###
=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = user_priv
Address = 10.6.0.2/24
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = server_pub
PresharedKey = user_psk
Endpoint = REDACTED:443
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
:::: Recursive list of files in ::::
:::: [4m/etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf
/etc/wireguard/configs:
Phone.conf
clients.txt
user.conf
/etc/wireguard/keys:
Phone_priv
Phone_psk
Phone_pub
user_priv
user_psk
user_pub
server_priv
server_pub
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Ufw is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Ufw input rule set
:: [OK] Ufw forwarding rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 443/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::
=============================================
:::: Debug complete ::::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
edit this is what htop looks like while running the speedtest