DS Forums

 
 

3 throttling VPN traffic?


Reply
Thread Tools Search this Thread
Old 26-04-2014, 20:58
Three
Forum Member
 
Join Date: Jul 2013
Location: Manchester
Posts: 1,114

Hi all.

I sometimes use a VPN over my 3 3G/4G connection. I do this to avoid the BitTorrent traffic management system. (I don't download torrents, I use BTSync and that triggers the systems too because it uses the same technology.) So I maintain and operate my own VPN server to run traffic through.

I find that when using a VPN pages will timeout and uploads using BTSync are slow and intermittent. Last night uploads were running at 40KB/s via the VPN. I disconnected from the VPN server and continued syncing using a direct connection at 00:01 and uploads were running at 280KB/s.

Now I know that there are a whole host of factors that can affect speeds via a VPN tunnel. I used to host my VPN server at the Melbourne DC in Manchester. 3 also host some of their network gear in Manchester meaning I could traceroute from the VPN server to the 3 network in 4 or 5 hops, sub 8ms pings. So it seems the latency factor can be rulled out. The server was hooked up with a 100Mb/s dedicated port with nothing else running on it, so bandwidth't wasn't a problem. I could easily pull 40Mb/s during the day over FTP.

I've tried a whole series of other VPNs and it seems all of them experience degraded performance over the 3 network. I mostly use OpenVPN setups on port 1194.

Could it be that 3 is unofficially throttling VPN traffic?
Three is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 27-04-2014, 13:26
ash45
Forum Member
 
Join Date: Feb 2013
Posts: 336
Hi all.

I sometimes use a VPN over my 3 3G/4G connection. I do this to avoid the BitTorrent traffic management system. (I don't download torrents, I use BTSync and that triggers the systems too because it uses the same technology.) So I maintain and operate my own VPN server to run traffic through.

I find that when using a VPN pages will timeout and uploads using BTSync are slow and intermittent. Last night uploads were running at 40KB/s via the VPN. I disconnected from the VPN server and continued syncing using a direct connection at 00:01 and uploads were running at 280KB/s.

Now I know that there are a whole host of factors that can affect speeds via a VPN tunnel. I used to host my VPN server at the Melbourne DC in Manchester. 3 also host some of their network gear in Manchester meaning I could traceroute from the VPN server to the 3 network in 4 or 5 hops, sub 8ms pings. So it seems the latency factor can be rulled out. The server was hooked up with a 100Mb/s dedicated port with nothing else running on it, so bandwidth't wasn't a problem. I could easily pull 40Mb/s during the day over FTP.

I've tried a whole series of other VPNs and it seems all of them experience degraded performance over the 3 network. I mostly use OpenVPN setups on port 1194.

Could it be that 3 is unofficially throttling VPN traffic?
dont know if you can do this with your set up but i find port 443 seams to bypass the P2P speed restrictions

Ash
ash45 is offline   Reply With Quote
Old 27-04-2014, 13:30
moox
Forum Member
 
Join Date: Oct 2004
Posts: 14,641
I also find something goes horribly wrong when using OpenVPN (on a non-default port), so it wouldn't surprise me if they are doing something.

But then I also seem to be hitting a 20Mbit/s cap on 4G which no one else seems to experience.
moox is online now   Reply With Quote
Old 27-04-2014, 15:14
qasdfdsaq
Inactive Member
 
Join Date: Jan 2007
Posts: 3,286
I disconnected from the VPN server and continued syncing using a direct connection at 00:01 and uploads were running at 280KB/s.
What happens if you continue using VPN after 00:01? Is it still slow or does it speed up?

Could it be that 3 is unofficially throttling VPN traffic?
Many providers who throttle P2P use a whitelisting policy, anything that they do not recognize is defaulted to being treated as P2P.
qasdfdsaq is offline   Reply With Quote
Old 27-04-2014, 15:17
Three
Forum Member
 
Join Date: Jul 2013
Location: Manchester
Posts: 1,114
dont know if you can do this with your set up but i find port 443 seams to bypass the P2P speed restrictions

Ash
Port can be changed easily.

What happens if you continue using VPN after 00:01? Is it still slow or does it speed up?


Many providers who throttle P2P use a whitelisting policy, anything that they do not recognize is defaulted to being treated as P2P.
VPN works fine after 00:01 and before traffic sense hours. So running it on a different standard port (such as 80 or possibly 53?) could help?
Three is offline   Reply With Quote
Old 27-04-2014, 17:39
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,545
No issues with VPN's on Three here and I have tested a lot.

I have set up my own PPTP VPN on my NAS and connected via Three externally, I only did this for testing and disabled it after. I also have to use 2 different VPN's for work and they work absolutely fine.
Thine Wonk is online now   Reply With Quote
Old 27-04-2014, 18:23
Three
Forum Member
 
Join Date: Jul 2013
Location: Manchester
Posts: 1,114
No issues with VPN's on Three here and I have tested a lot.

I have set up my own PPTP VPN on my NAS and connected via Three externally, I only did this for testing and disabled it after. I also have to use 2 different VPN's for work and they work absolutely fine.
To confirm, you connect during TrafficSense hours?
Three is offline   Reply With Quote
Old 27-04-2014, 19:33
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,545
To confirm, you connect during TrafficSense hours?
Yes, I tested the PPTP yesterday evening and I periodically connect to the 2 work VPNs at different hours. I have seen no issues, was able to browse the internet through the VPN reasonably quickly, remote desktop worked fine and transferring files from the Synology back to my machine via the VPN was ok.
Thine Wonk is online now   Reply With Quote
Old 27-04-2014, 21:14
qasdfdsaq
Inactive Member
 
Join Date: Jan 2007
Posts: 3,286
VPN works fine after 00:01 and before traffic sense hours. So running it on a different standard port (such as 80 or possibly 53?) could help?
Possibly. Depends how your OpenVPN is set up.

If it's in TCP-SSL mode then port 443 will get around most throttles. UDP you're unlikely to get past using any port, especially if you're using a pre-shared key.

PPTP while ancient, insecure and widely discouraged is still popular enough that most traffic shaping systems "recognize" it as a non-P2P protocol.
qasdfdsaq is offline   Reply With Quote
Old 27-04-2014, 21:21
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,545
Possibly. Depends how your OpenVPN is set up.

If it's in TCP-SSL mode then port 443 will get around most throttles. UDP you're unlikely to get past using any port, especially if you're using a pre-shared key.

PPTP while ancient, insecure and widely discouraged is still popular enough that most traffic shaping systems "recognize" it as a non-P2P protocol.
I know, it was for testing only! I knew somebody was going to bring that up

I should point out that the PPTP VPN I used was on TCP port 1723, the VPN running on my Synology on my home network, but test accessing it from the mobile internet connection, no issues.

I also haven't had any issues with the work Juniper VPN or another different work SSL VPN I use.
Thine Wonk is online now   Reply With Quote
Old 27-04-2014, 22:24
AlecR
Inactive Member
 
Join Date: Jan 2014
Posts: 514
I've definitely found this.
AlecR is offline   Reply With Quote
Old 27-04-2014, 22:37
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 14,545
I've definitely found this.
Are you sure its just not that VPNs do slow down the connection anyway? I saw about a 30% drop in speed when connected through a VPN just because of the overhead of using a VPN and re-encrypting and encapsulating data.
Thine Wonk is online now   Reply With Quote
Old 28-04-2014, 07:04
AlecR
Inactive Member
 
Join Date: Jan 2014
Posts: 514
Are you sure its just not that VPNs do slow down the connection anyway? I saw about a 30% drop in speed when connected through a VPN just because of the overhead of using a VPN and re-encrypting and encapsulating data.
100% sure thats not the reason. I am using a server in Sweden which on my broadband connection works maybe 0.2Mb/s slower than my actual connection.

On Three, after using the VPN for about half an hour, any data downloads just don't work. Websites still load, but that is it.
AlecR is offline   Reply With Quote
Old 28-04-2014, 11:07
Three
Forum Member
 
Join Date: Jul 2013
Location: Manchester
Posts: 1,114
100% sure thats not the reason. I am using a server in Sweden which on my broadband connection works maybe 0.2Mb/s slower than my actual connection.

On Three, after using the VPN for about half an hour, any data downloads just don't work. Websites still load, but that is it.
The overhead will depend on the speed of the connection. I usually see between 0.1-0.3Mb/s overhead.

I'm going to see if I can get this working with OpenVPN running on TCP port 80.
Three is offline   Reply With Quote
Old 28-04-2014, 23:46
qasdfdsaq
Inactive Member
 
Join Date: Jan 2007
Posts: 3,286
Problem is DPI systems will try to match protocol information with port. So using port 80 it will expect HTTP requests, if it sees anything else, it'll probably go "He's trying to trick me so it must be P2P"
qasdfdsaq is offline   Reply With Quote
Old 29-04-2014, 17:08
Three
Forum Member
 
Join Date: Jul 2013
Location: Manchester
Posts: 1,114
Problem is DPI systems will try to match protocol information with port. So using port 80 it will expect HTTP requests, if it sees anything else, it'll probably go "He's trying to trick me so it must be P2P"
Would port 443 work better?
Three is offline   Reply With Quote
Old 29-04-2014, 22:01
qasdfdsaq
Inactive Member
 
Join Date: Jan 2007
Posts: 3,286
As I say, only if you're running it in SSL mode, since that's the default SSL port.
qasdfdsaq is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 13:26.