I run OpenVPN on a FreeBSD 13.2 server, running on Ramnode.
The throughput over the tunnel is in norm:
However the transfer over NAT to the internet is slow, around 5-20mbit/s.
I suspect it's either my firewall or kernel config missconfiguration.
pf.conf:
sysctl.conf:
If I wont solve this issue my project cannot continue.
The throughput over the tunnel is in norm:
Code:
[ ID] Interval Transfer Bitrate
[ 6] 0.00-10.00 sec 34.2 MBytes 28.7 Mbits/sec sender
[ 6] 0.00-10.07 sec 34.1 MBytes 28.4 Mbits/sec receiverHowever the transfer over NAT to the internet is slow, around 5-20mbit/s.
I suspect it's either my firewall or kernel config missconfiguration.
pf.conf:
Code:
int_if = "tun0"
ext_if = "vtnet0"
int_addr = "10.8.0.1"
int_network = "10.8.0.0/8"
tcp_services = "{ 22, 80, 443, 1194 }"
udp_services = "{ 1194, 51820, 26000 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
set block-policy drop
set loginterface $ext_if
set skip on lo0
scrub in on tun0 fragment reassemble max-mss 1420 no-df random-id
nat on $ext_if from $int_if:network to any -> ($ext_if)
block all
pass in quick proto tcp to any port $tcp_services keep state
pass in quick proto udp to any port $udp_services keep state
pass out quick inet proto icmp icmp-type { echoreq }
pass out quick on $ext_if proto udp all keep state
pass out quick on $ext_if proto tcp all modulate state flags S/SA
pass in quick on $int_if inet from $int_network to $int_addr
pass in quick on $int_if inet from $int_network to any keep state
pass in quick log on $int_if all
pass out quick
pass in on $int_if from any to anysysctl.conf:
Code:
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.see_jail_proc=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=1
vfs.zfs.min_auto_ashift=12If I wont solve this issue my project cannot continue.