VPN split tunnelling speed / please ELI5 port forwarding in this context
|
Posts: 23
Threads: 4
Joined: Jan 2017
Reputation:
2
[Solved]
Jan 17, 2017, 12:57 PM
Hi all,
First time poster, long time user - love the site, your guides are absolutely just the most reliable and easy to follow ones around!
So I've had split tunnelling set up on my linux box for some time now having followed the Ubuntu split tunnelling guide, and my torrent client being Deluge.
All seems to work just fine, but I never seem to get more than 3Mb/s or thereabouts, regardless of how well a torrent is seeded (e.g. the Ubuntu ISO is one I often test with).
Before I did all this, I used to use a basic socks5 proxy setup, and I got similarly disappointing speeds until I realised that I wasn't forwarding the incoming port used by Deluge from my router to the box. Once I did that, my top speed tripled.
With the VPN split tunnel in place, the port shows as closed even though the port hasn't changed and it's still being forwarded at the router. I don't *really* understand the technical side of VPNs as you might be able to tell, but I think this makes sense - presumably everything is being forced down the port used by OpenVPN? - I've tried forwarding the OpenVPN port from the router to the box, but that didn't make a difference.
I'm aware that you can sometimes request that your VPN provider give you a forwarded port and that this can sometimes help, but this isn't an option with my current provider.
I apologise for being a bit rambling, but I suppose I have a few questions:
- Is this drop in speed simply to be expected when using a VPN? My understanding is that you will generally always lose some speed, but in an ideal scenario you'd still probably get around 80 or even 90% of it.
- Assuming I was with a VPN provider that offered port forwarding, how does this work? Do you tell your client to use that port for the incoming port and forward it from the router to the machine as well, or does it work in some other way?
- Back to a situation where I can't port forward - is there some other way to increase the speed? Truth be told the speed doesn't bother me too much - I'm quite happy to set and forget generally - but I suppose it irks on a basic level that I maybe don't have things set up optimally.
All suggestions welcome
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
Jan 17, 2017, 01:26 PM
Glad you find the site useful! Are you using PIA? We are releasing an auto port forwarding script for Deluge but it only works with PIA, you can PM me if you would like to test it.
Port forwarding is the solution to this problem - to the best of my knowledge.
Posts: 23
Threads: 4
Joined: Jan 2017
Reputation:
2
[Solved]
Jan 17, 2017, 01:47 PM
(Jan 17, 2017, 01:26 PM)Mike Wrote: Glad you find the site useful! Are you using PIA? We are releasing an auto port forwarding script for Deluge but it only works with PIA, you can PM me if you would like to test it.
Port forwarding is the solution to this problem - to the best of my knowledge.
Hi Mike,
Thanks for such a quick reply!
PIA - sort of. I have a sub, but it's running out, and I've been trying to move exclusively to another provider, VPNsecure.me. I've got it working with both, and VPNsecure speeds seem better to me, but I don't think they offer port forwarding without an additional charge - hence me asking if it was possible to do anything without it.
An auto forwarding script would be brilliant though - happy to help test it if you need volunteers, my sub is still good for a few months.
However - are you guys aware of this post on the PIA forums? I don't know if the guy is speaking nonsense or not, but he seems to be claiming that the CLI method of requesting a port forward from PIA is insecure in some way. Perhaps the script you're working on works around this (if it is even indeed a genuine problem) but thought I'd mention it just in case.
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
Jan 17, 2017, 01:50 PM
Here are the scripts that you can test, there will be a guide for configuring it sometime soon. If you read the comments in the script that should get your started https://github.com/HTPCGuides/pia-port-f...ng-scripts.
That post is quite old, not sure if it is still relevant or not. The guy may have a point but since he didn't provide any evidence it is hard to take seriously.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Jan 17, 2017, 02:36 PM
Hi Pyrhic,
thanks for your nice words, one of the reasons that we like working on these guides are exactly because of the nice feedback we get from our community! Glad you find them useful!
About the VPN speed: as you already pointed out, it is always slower over VPN then without it. However, the actual speed you can get over VPN depends on many things, especially on the server used by the VPN provider you are subscribed to, but also depends on the connection between you and the VPN server you choose. For example, if we both use the same VPN provider and the same server, we still might have different speeds. To make it even more complicated, the same server will most likely give you different speeds over 24 hours, as it depends on the actual load (the number of users and the download/upload these users are doing).
Some things to consider:
- while the download/upload speeds are very important, never choose a VPN provider only based on the speed they offer. Don't forget, most likely you use a VPN server to protect you privacy or to unblock some restriction forced on you by your provider (or both).
- try different servers from your provider, if possible, always choose a server closest to you (this can have a huge impact on download/upload speeds, not to mention latency). Of course, choose a location that you "trust" or need.
- if your provider has a real-time or at least daily load average for their servers, take a look at those stats. They should somewhat give you a hint about the actual load, uptime, etc of each server.
- check the max download/upload link of the given server, it may vary
- try different providers and choose the one you are satisfied
Now about port forwarding: you are correct, having an open port for torrents (being active) is very important, and can dramatically increase the download speed, even more the upload speed, and the number of seeds/peers you can connect to. While it does have some security risks to have an open port, it should not be critical in practice (as a rule, make the number of open ports as low as possible).
You will likely experience higher download (and especially upload) speeds if you are active (have port forwarding enabled), but not necessarily. Port forwarding is essential if there are low number of seeders/peers available, and if you need to have good upload speeds (to maintain your ration and help others).
Good news is that a port forwarding with VPN guide is basically ready for publishing (first part for Transmission, but Deluge will follow soon, especially as Deluge is my favourite client too), and Split Tunnel VPN is also covered (this later is really unique, so stay tuned!). And to make it more interesting, it is fully automated. Once configured, nothing should be done. Please note, this will work only with Private Internet Access (PIA), as they are really doing a great job and allow script based OpenVPN port forwarding on their p2p AND port forwarding enabled servers. If you decide to try out PIA, I can send you the draft of the Deluge port forwarding guide, just let me know.
There are some other VPN providers that offer port forwarding too, but we cover PIA now (might look into others as well, not sure).
Btw, you don't do port forwarding in the router as you would do without VPN, it is done on the VPN server, and everything between you torrent client and the VPN server is encrypted and sent over the port used for VPN connection (default being 1194), and has nothing to do with port forwarding in this respect.
Hope this helps.
drake
Posts: 23
Threads: 4
Joined: Jan 2017
Reputation:
2
[Solved]
Jan 17, 2017, 09:10 PM
Hi Drake,
At the risk of going round in a loop - no seriously, thank you guys, I'm sure I speak for every novice Linux user when I say the guides you guys put together are a godsend! I've probably learnt more about the system from reading them than I have by doing anything else, and it's really opened my eyes to the advantages of Linux everywhere. In fact, I'm writing this on my recently Solus-enhanced laptop. Good work team!
Thanks also for confirming that I don't need to worry about opening other ports locally at least - I figured that was the case, but good to know for sure.
I think Mike passed along the draft guide earlier - will have a look properly when I have a bit more time. Consider me sorted for now in any case!
As an aside - I've noticed the issue with torrents that have a low number of seeds and peers being particularly tricky to download from - turn of the century style speeds in some cases. Just out of interest, why is that? I like to know the technical explanation where I can
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Jan 18, 2017, 11:57 AM
There was indeed a problem with port forwarding (not affecting PIA only, but all the providers who offered port forwarding). This issue is addressed and should not be a concern anymore (you can find many infomration about this online, for example here). Of course, as I said, it is probably safer if you don't use port forwarding, but in practice, it should be safe. I use it as well.
About the guide to enable port forwarding with Split Tunnel VPN and Deluge: the link Mike sent you is the script required, but you will need to do two adjustments in iptables rule too, and need to have Deluge Console installed as well, otherwise it will not work. Once you are doing this, let me know, and I will send you the details.
I am also curious to hear your feedback regarding the speed you experience. You can do the following:
- select an Ubuntu install torrent for download
1) download it without any VPN connection and monitor your ISP real speeds (as being active)
2) connect to a port forward enabled PIA server and download the same torrent again (do a system restart to get rid of any cache, etc), of course, still without port forwarding enabled.
3) enable port forwarding (on the same server as you did with step 2, download the torrent and see if you experience any change in speed
About your last question: in short, it is essential for bittorent network to have as many active (port forward enabled) clients as possible. When you have port closed, then you are in passive mode. This means that you are able to connect only to active clients. If you have a port open, that is, you are active, then you can connect to everybody, and everybody can connect to you. This means a considerably higher number of seed/peers available, which also means higher speed. And those with active connection almost always have much higher upload speeds = your download will be higher.
You should not really notice a difference when there are many seeders for a torrent, but when it comes to only a few (or even one or two), then it is very likely you won't even be able to download it in passive mode (with closed ports).
Posts: 23
Threads: 4
Joined: Jan 2017
Reputation:
2
[Solved]
Jan 18, 2017, 12:34 PM
Cheers Drake! Glad to know whatever the problem was it was sorted.
I have Deluge Console installed already, although I think I may not have it quite set up correctly - it doesn't auto-connect to the running daemon, I have to run the connect 127.0.0.1 ORT USER PASS command manually. Probably trivial to solve, just not something I use enough to have gotten bothered by enough to look!
Thanks for the explanation of the active/passive mode, that makes sense.
Posts: 23
Threads: 4
Joined: Jan 2017
Reputation:
2
[Solved]
Jan 25, 2017, 10:26 PM
Hi Drake / Mike,
Just wanted to let you guys know I FINALLY found some time to sit down and give this some proper attention - I had a look on the website to see if the guide was up, and lo and behold you folks have added the Transmission one!
Being a semi-sensible sort, I was able to follow along with the guide by simply downloading the Deluge script instead of the Transmission one and then following the same steps.
All seems to be working perfectly, and testing it out on the Ubuntu 16.10 64 bit ISO I was able to hit 6.1mb/s before I finished - probably not all that impressive compared to some people's download speeds, but given my top before seemed to be 3mb/s you've at least doubled what I got before!
I thoroughly, repeatedly and enthusiastically tip my hat to you guys - you rock
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Solved]
Jan 25, 2017, 10:45 PM
We are so happy to hear that! Your feedback is what makes all of our hard work worthwhile
|
|
|