cancel
Showing results for 
Search instead for 
Did you mean: 

horrible speeds over VPN

hoek
I plan to stick around

Hi,

I recently switched to Rogers gigabit from Bell. I have a CODA-4582 modem, firmware 2.0.10.34T6.

I frequently work from home connecting to work over a Cisco VPN.


Everything is much slower compared to when I was on Bell and compared to a friend using a TP-Link modem on Teksavvy.

 

This post seems to indicate a problem with processing VPN traffic:
http://communityforums.rogers.com/t5/Internet/Rogers-Hitron-CODA-4582-Hardware/td-p/378263/page/150

 

I won't pretend to understand it all but I can definitely see there is a problem with this modem related to VPN traffic.

 

Copying down large files is out of the question now and RDP connections are much less responsive.
During a file copy I see speeds around 1-2 Mbps and sometimes only a few 100 KBps. On Bell it was a steady 4-5 MBps.

 

I've tried bridged and gateway mode doesn't matter.
It seems there has been some issue about this since 2016.  Is there any resolution?

I'd be willing to try beta firmware, different modem (though I imagine nothing else is available).

 

Its great and all that 5 people in the house can stream 1080p youtube but it kinda kills things for me if simple telework activities are crippled by modem firmware.

 

*** Edited Labels ***

66 REPLIES 66

Re: horrible speeds over VPN

Datalink
Resident Expert
Resident Expert

@hoek fixing IPSEC performance is on the horizon.  First off however, an updated Intel SDK will be promulated sometime in the next few weeks or months.  Fixing IPSEC is apparently scheduled to occur after the SDK update.  @RogersSergio is on vacation for the next two weeks.

Re: horrible speeds over VPN

hoek
I plan to stick around

+1

(Like button doesn't seem to work)

Re: horrible speeds over VPN

hoek
I plan to stick around

I wanted to mention that after receiving firmware update 2.0.10.35T1 yesterday speeds over IPSec VPN have been much better.

File copy over RDP

Previously 1-2 MB/s.  Currently 5-7 MB/s.

File copy over ssh

Previously 1-2 MB/s.  Currently ~10MB/s

 

Probably more to do with the reboot than anything but who knows ... 

Re: horrible speeds over VPN

jay991
I've been around

@hoek

 

Having the same issues like you have been describing.

 

Apparently the 2.0.10.35T1 firmware was rolled back.  Are you back on 2.0.10.34T6 or did you get the latest 2.0.10.36T2 ?  I'm on 2.0.10.34T6 and hoping the newest firmware will fix the issue.

Re: horrible speeds over VPN

gary7
I've been here awhile

I can't even connect to my work VPN with my new Hitron CODA-4582U.  With my previous Advanced Wi-Fi it worked flawlessly.  I used to set it up in a bridged mode with a Airport Extreme.  With this new modem, I only once got it to connect when not using bridge mode.  If I turn on my phone and use it as a hotspot, I can connect everytime.  I'm just using the VPN connection in Windows 10.  L2TP/IPsec.

 

Rogers says they don't support VPN's.  Does anyone have any suggestions?  Why would I be able to get it to connect one time and then not the next time?

Re: horrible speeds over VPN

Hello, @gary7

 

Welcome to the Rogers Community Forums! 🙂

 

Thank you for posting your concern in the Community. Unable to connect to the work VPN can surely be inconvenient. If you were able to connect to the work VPN when the modem was in gateway mode; then we can rule out the modem.

 

What VPN client are you using to connect to your work network? When you switched the modem and reconnected your Airport Extreme have you made any changes to it? 

 

Looking forward to more details about the issue so that the Community can share their expertise to help find the solution. 

 

Cheers,

RogersMoin

Re: horrible speeds over VPN

gary7
I've been here awhile

Hi RogersMoin,

 

I exchanged the Hitron modem on Sunday and brought it home and configured it as a Residential Gateway NOT bridged.  Had VPN connectivity all day after configuration.  Tested again on Monday after work connected again.  Decided to put into bridge mode with Airport Express, VPN dead.  Brought it back to Residential Gateway, no VPN.  Factory reset, still no VPN.  Firmware version on modem is 2.0.10.33T3.

 

I plan on exchanging the modem and seeing if I can setup the modem again as I had done on Sunday and see if it stays functioning correctly.  Is it possible that there is a bug in the firmware that when the unit is put into gateway it blocks VPN?  Internet traffic is fine.

Re: horrible speeds over VPN

gary7
I've been here awhile

Update.  I re-tried setting up the bridge connection the same way as always with the Airport Extreme and this time it is working.  Nothing done differently, yet it seems to work fine...

 

Can't say what the resolution is, but thank you for responding to my posting RogersMoin.

Re: horrible speeds over VPN

Hello, @gary7.

 

Thank you for the quick update, I'm glad your work VPN is functional again! I appreciate your participation in the Community, keep us posted of any changes. 

 

Cheers,

RogersMoin

Re: horrible speeds over VPN

hoek
I plan to stick around

@jay991 wrote:

@hoek

 

Having the same issues like you have been describing.

 

Apparently the 2.0.10.35T1 firmware was rolled back.  Are you back on 2.0.10.34T6 or did you get the latest 2.0.10.36T2 ?  I'm on 2.0.10.34T6 and hoping the newest firmware will fix the issue.


@Jay sorry I had missed your message.

I'm currently at 2.0.10.36T4 and IPSec VPN performance is still garbage.  Moving data over the VPN I get at best 2-4 MB/s.  2.0.10.35T1 was night and day better.

Re: horrible speeds over VPN

flyboy50
I'm here a lot

Why is Rogers throttling my speed when i Use NordVPN?

 

Tried everything have a good proof that the speed is throttling.. im paying tor 500mbps and get that without vpn. Once the vpn is engages I lose anywhere from 70% to 90% of the speed.

Lousy way to treat the customer.

I'm not overreacting  iv'e been a customer than 28 years.

 Just that im not getting nowhere near the value im paying for.

im not a techie so if anyone can help please let me know

 

Any ideas??

please help me

 

Re: horrible speeds over VPN

@flyboy50 VPN and IPSEC with the Hitron modem has always been problematic.  This isn't throttling, for the most part it appears to be a firmware design failure or design limitation of Intels Puma 6 and 7 modems.  It might date back to the 2008 timeframe when the Puma 5 modem was designed and built by Texas Instruments.  There is a firmware update on the horizon for IPSEC apparently but I don't know when that will be released or what increase in performance will be seen.  So, with VPNs it appears to be hit an miss in terms of what VPN you're running and where the VPN is originating, in a router or pc/laptop.  The encryption type plays a big part in what you will end up with in terms of the end data rates.  Just to point out, if you're running a VPN on a platform that has Intel's AES-NI built it, you would see much higher VPN data rates due to the built in encryption support.  

Re: horrible speeds over VPN

Just want to expand on one thing that Datalink hit on.  
Where the VPN is originating.. where you are connecting to.

While I dont run a VPN all the time, I am PIA. (which you can choose what VPN locations you want to go through.. canada, US, etc)
Connecting to one in canada vs one in the us or father away, gives very different rates. 
(though yes, even the canadian one is much slower than with no VPN)

Doing a speed test, going to a local server near your place, vs one across the country.. your going to get much slower speeds as it has to go over that many hops.

I do remember helping someone once with a VPN speed issue.  (they werent on rogers).
But they were doing a speed test to their city.  Then said they were having insanely slower speed tests when on the VPN.  They were connecting to a VPN in the southern US.  But were speed testing still till their local city.
So yeah.. it will have some slowdowns.. as your data is being routed from  you, down to that spot in the US, then coming back to hit the speed test server back up here.

Not saying that its not a problem and that there may be something going on.
Just saying, cant expect 100% speed either.

Re: horrible speeds over VPN

Thank you So much, I just hope this firmware update comes Fast, I had PIA vpn and was just as bad ,,,with 500mbps I surely don't mind dropping 30% speed but my speeds are awful.
Is there another modem Rogers offers that might work? like the gigabit router?.. I will rent one if it is much different than the one I have

Re: horrible speeds over VPN

@flyboy50 I really don't have any good suggestions to make in terms of modems.  I suspect that they're all bad, in terms of VPN throughput.  However, running the modem in Bridge mode with a router that supports VPNs might make a positive difference.  The only modem that I'm aware of with AES-NI support for encryption is the Asus RT-AC86U.  There might be other routers manufactured by other companies, but, I haven't done any research into that possibility.  

 

What are you running the VPN on at the current moment?  Desktop, laptop, or router?  This is part of the puzzle when it comes to VPN throughput rates.

Re: horrible speeds over VPN

don't have a modem just from my router straight to the back of the lan Build in of my ASUS Z270-P motherboard.

Windows 10 /64

Re: horrible speeds over VPN


@flyboy50 wrote:

don't have a modem just from my router straight to the back of the lan Build in of my ASUS Z270-P motherboard.

Windows 10 /64


@flyboy50, not having a modem doesn't make sense, sorry?  Are you trying to indicate that you connect directly from the Hitron modem to your pc via ethernet.  What's the processor model on the motherboard?  If you can dig up the exact processor type, I'd like to see what that processor has for AES-NI support.  What do you have for installed ram on the motherboard, while we're at it? 

Re: horrible speeds over VPN

Hi

Im Running as you said directly from the White Hitron router to the back of my PC's motherboard lan connection

meaning im using the build in Lan of my motherboard.

 

The motherboard is an ASUS Prime Z270-P

Processor is Intel i7 7700K, and 48GB ram , and an ASUS GTX980 ti Stix,

Windows 10 64 bit.

 

When I use the ikeV2 protocol to connect to vpn (nordvpn) the speed is always way less than their client I use to connect, even though I followed their guide to the "t".

 

Is indeed I need , or its better to buy a third party modem I wont have a problem.

The only reason I use the Hitron is because it has all build in Switch, router and im only running the connection to my main PC and  another cable to the Samsung tv.

The kids and us also use WiFi from that Hitron and that is ok.

 

Thank you for trying to help.

Re: horrible speeds over VPN

Hi @Datalink Can you please help? im waiting for your expertise..

 

I appreciate it

 

Cheers

 

Re: horrible speeds over VPN

Hi @flyboy50

 

I’m slightly perplexed.  You indicated that you use IKEv2/IPSEC to connect to NordVPN.  From what I understand, NordVPN uses OpenVPN and OpenVPN doesn’t support IKE/IPSEC?  So, I’m at a loss as to what OpenVPN is actually using when you select IKEv2/IPSEC, or even how it’s allowing you to select IKEv2/IPSEC.  Are you running a MAC as well, which does connect via IKEv2/IPSEC?

 

You indicated in your first post that you’re not a techie.  I think that you’re going to have to dive into a few details and become at least a limited techie to improve the VPN performance.  Sorry : (  There doesn’t appear to be a magic wand here that would cure the situation.  As I currently see it, there are three items to look at:

 

  1. Using AES-NI
  2. Looking at VPN rates with different encryption settings
  3. Looking at the modem VPN settings and running a test program.

 

 

I had a look at the processor specs.  It supports the Advanced Encryption Standard – New Instructions.  Using that instruction set for VPN purposes should result in faster VPN throughput. 

 

https://www.intel.com/content/www/us/en/architecture-and-technology/advanced-encryption-standard--ae...

 

https://software.intel.com/en-us/blogs/2012/01/11/aes-ni-in-laymens-terms

 

So, I’ve been looking around for references to enable AES-NI in OpenVPN and haven’t found a clear reference or instructions to do this.  OpenVPN should support AES-NI out of the box, but, I’m still trying to confirm this. 

 

Looking around I came across the latest build of OpenVPN, which appears to be v 2.4.6.  There is a note in the following page which indicates that a newer driver will be included in an upcoming Windows Installer.  Have a look at the NordVPN version of OpenVPN and if that is an older version, consider loading the newer version.  To do that, on the pc, navigate to Start …. Programs and Features.  Have a look to see if OpenVPN is listed and what version is loaded.  Don’t quote me on this, but you should be able to load the newer version over the existing version.  The latest version has improved IPv4/IPv6 dual stack support which might be useful in improving the throughput.  I’d bookmark the following page and keep an eye on it for updates to OpenVPN:

 

https://openvpn.net/index.php/download/community-downloads.html

 

While doing this I came across a comparison between ExpressVPN and NordVPN.  The comparison indicates that NordVPN’s North American servers run slow.  Looks very much like the results that you saw.  That in itself might be the sole reason behind the slow performance.  Take a read thru the following July 2018 comparison:

 

https://restoreprivacy.com/expressvpn-vs-nordvpn-comparison/

 

Can you run a speedtest thru some of NordVPNs servers in Europe?  I’m thinking maybe the servers in the UK, Netherlands and Germany.  Have a look to see if there are major differences in the throughput rates, as suggested in the comparison.

 

VPN throughput rates. Reading thru some of the pages spread across various site, the subject of encryption comes up.  This makes sense, as you use higher encryption levels, the encryption/decryption load goes up.  Have you run any tests to see what effect if any occurs when you select a different encryption standard?  It might be that your throughput is so low, that it doesn’t matter which encryption standard you choose.

 

Can you have a look at the modem’s VPN passthrough settings. Log into the modem and navigate to SECURITY …. VPN Passthrough. My modem is running in Bridge mode at the moment so I don’t have access to that page.  Previous versions had an IPSEC, PPTP and L2PT Pass-Through.  Can you have a look to see if SSL is available as those other settings won’t help.  If there is an SSL or SSL/TLS selection, please enable it, save the setting and reboot the modem …. ADMIN ….. DEVICE RESTART …. Reboot.

 

Food for thought:

 

I’d like to see the results for a speedtest thru a European Nordvpn server, just to see what difference there is.   This might answer the question on its own. 

 

Reading thru various pages, it looks like OpenVPN is a pig to run.  It might be an idea to load a different VPN application to see if you end up with better results.  I don’t know what applications are out in the wild, either free or licenced.  In either case, I’d be looking for AES-NI support to get the pc’s VPN throughput running at its maximum.  Looks like Windows has its own Microsoft VPN Client built in.  It might not be as fancy as the OpenVPN client, but, it’s probably worth looking at for test purposes.

 

OpenVPN appears to run UDP or TCP/IP.  UDP is a fire and forget type of protocol.  It will either get to its end destination or it won’t.  TCP/IP requires packet receipts, so, once a packet is sent, it should arrive or be retransmitted.  One way or the other, it will get to its end destination.  Problem is, the TCP/IP transmit/receipt protocol slows traffic.  So, fwiw, you could try running UDP and see what you get for results, both in terms of reliability, and in speed.

 

Here’s an interesting line that I came across in the following link:

 

https://en.wikipedia.org/wiki/OpenVPN

 

“When OpenVPN uses Transmission Control Protocol (TCP) transports to establish a tunnel, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically. This is known as the "TCP meltdown problem"[17][18]

That shouldn’t be an issue given the bandwidth that you have available, but, it’s rather interesting.

 

OpenVPN supports IPV6.  Just for test purposes, try disabling IPV6 in the modem and see what happens to the VPN performance, if anything.  Navigate to BASIC …. GATEWAY FUNCTION, and change the Router Mode from Dual (stack) to IPV4.  Save the changes.  It will take a couple of minutes for the modem to switch to IPV4 “only” mode.  I usually reboot the modem after this.  Run the ADMIN …. DEVICE RESET …. Reboot function.  At the same time, reboot the pc.  After the reboots, run another test thru the VPN to see what you end up with for results.

 

I came across a post for OpenVPN running on PfSense, which is a firewall operating system that is loaded on a pc.  The post indicated that OpenVPN is a single thread application, so, it doesn’t matter how many processor cores there are, or if the processor has hyper-threading running, this is a single thread application.  The only way to run the VPN faster is to run a faster processor.  So this is rather interesting.  When you’re running the VPN, bring up the Windows Task Manager and select Performance …. CPU to look for CPU loading.  It would be interesting to know what the CPU loading is when the VPN is running.  I came across a request in the OpenVPN Wishlist to include multi-core support, so, this looks like a problem.  This gets back to the AES-NI support which should direct encryption processing to the onboard hardware processor, assuming that there is one built into the CPU.  The question in this case is whether or not that processor is tied to the CPU clock rates, or if it can operate independently of the CPU?  The CPU load might be a hint, low load, maybe the processor is doing the work, high load, the CPU is doing the work, in which case, what’s the status of the AES-NI support in the NordVPN OpenVPN application.  Hopefully you can see why I’m asking this. 

 

Fwiw, there is an upcoming firmware change for the CODA-4582 modem to improve the performance of IKE/IPSEC which is used by MACs when they connect with NordVPN.  I don’t know if that will result in any corresponding improvement in VPN performance.  Right now, the Hitron modems will limit IKE/IPSEC to 25 Mb/s.  That's either a firmware problem, or a firmware limit that's existed since 2008 from the original Puma 5 modem manufactured by Texas Instruments (my guess).  This might be part of the problem that you're seeing, although I still don't understand how you're using IKE/IPSEC in the first place.  

 

Ok, so, this is a little bit of homework.  As I indicated earlier, there doesn’t appear to be a single magic bullet that will solve the problem.  One item that does come to mind is to call NordVPN tech support and ask the Customer Service Rep if AES-NI is already running in their OpenVPN client, and if not, what has to be done to enable AES-NI.  I haven’t found any specific info for it, so, maybe the support is built in.  If you do have to enable it, you might not find any difference in throughput rates if all of their North American servers are running very slow.  It’s entirely possible that you could put a great deal of effort into this and not get anywhere due to their server throughput rates.  Only way to determine that is to try different servers, or possibly even a different VPN provider. 

 

What setting are you using for the encryption?  AES-128-CBC, AES-192-CBC or AES-256-CBC?

 

 

 

 

 

 

Re: horrible speeds over VPN

WOW very nice reply indeed..

Lots of info

Nordvpn is done all they can do they say.

it is what it is

 

Using Europe's servers yields nothing better really!

 

Maybe the new CODA version of firmware, if and when it arrives, will be better.

Meanwhile I think I will either pay some person to fix it or look for an alternative VPN

 

Feedback

- The European Servers are not any better in speed.

- the AES-NI is not Running in their client as it does not work well with their servers.

- the CODA router has these SSL or SSL/TLS selections enabled

- Im running the UDP protocol as well

-  changed the Router Mode from Dual (stack) to IPV4 but it made no speed change, ( I have it disabled in the   adapters in windows.)

- Their client does not allow to use different Encryption, so I was not able to run a test with other options

Encryption settings from what I see are not an item the user can tinker with

I do have a Netgear WNDR 4000 router with DD_rt that I would like to bridge with the CODA but not sure if it will be making a difference..

Do you think one of their routers they sell(nordvpn) flashed with their software will be better?.. if not

Time to look to another vpn perhaps.

 

Any suggestions of VPN services working great with the CODA router? in Canada and specifically rogers?

 

Again Awesome reply and thank you for taking all the time to post..

Cheers

 

 

Topic Stats