New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
PPTP Much Slower Than OpenVPN
Hi All,
It's a topic that I've seen discussed, but haven't found a resolution for.
When using OpenVPN on an OpenVZ VPS, I can pull 18-19 Mbps. Using PPTP (via PoPToP) on the same VPS, I'm lucky to get 1 Mbps (2 Mbps if I play around with the settings and catch a jet stream).
After researching this, the "obvious" suspect is my MTU settings in the PPTPd config. Indeed, setting the MTU to 1400 wouldn't even let some websites load; apparently it's quite common for speedtest and WHT to go out with an incorrect MTU setting. Playing with the MTU a bit, I was able to get those sites to load, and even head above 1 Mbps, but I'm still a far cry from 18 Mbps. I've tried settings +/- 1400.
Any ideas on further items to try?
Thanks!
Comments
I had the same problem and never resolved it.
Hmm. I wonder if it's not something obvious - over the years, PPTP has been deployed without a 90+% speed decrease (presumably).
Yep, I had much better speeds with the ipredator (I think) PPTP VPN. With mullvad, cyberghost and privateinternetaccess PPTP VPN, a lot of websites would not load (thepiratebay, deviantart, speedtest.net,..).
So now I have moved on to OpenVPN. It works on my Windows, Ubuntu and Android device and offers superior security and speed, so why waste more time on PPTP.
+1 for L2TP/Ipsec ;-)
@4n0nx Honestly, I would love to use OpenVPN, but the use case does not support it. I've been doing testing both on my machine and the target application, that's the only way that I can compare the OpenVPN speeds to PPTP.
I don't fundamentally disagree, but based on my (somewhat limited) research into this, the L2TP/IPSec combo is a bit "funny" when it comes to OpenVZ. It looks like a lot needs to be coordinated between the host and guest, and I don't think that too many providers come equipped for that out of the box. I may be wrong, though, and if there's something that I missed, do let me know!
(I am aware of the OpenVZ kernel update that theoretically enables IPSec usage in guests - I'm talking more about what comes after that!)
On a side note, I've wondered that, assuming this is some sort of MTU/MRU issue, how switching transport protocols from PPTP to L2TP would help things. (This might also be an interesting area of investigation towards resolving the PPTP problems, which do seem to plague many people who set it up!)
maybe want to have a look into softether vpnserver which works very well on openVZ (just needs TUN device), is highly configurable for different protocols and so on ;-)
what I like most about using L2TP/Ipsec with this, is windows supporting it without further client software ;-)
Very interesting! Thanks, I will look into this.
@Falzo Well, SoftEther looks interesting, but I can't seem to find any write-ups regarding its security and trustworthiness...I think I'll have to pass, rather than utilizing unknown software, particularly for a VPN server...
That said, if anyone can shed some light on the PPTP issues, it'd be much appreciated!
Me,too so please tag me. :P
So, I've found that the rule:
(Hat tip to: http://www.tomatosoft.biz/blog/2011/10/21/cant-access-certain-site-with-pptp/)
Enables browsing to the troublesome sites, even with the MTU set to the "recommended" 1400, so that's my latest point of inquiry, instead of playing with MTU values....
so openVPN is better than? ;-)
regarding your PPTP issue I probably can't really help that much. from my (very small) experience with this is, MTU and such settings doesn't really help.
did you look at the load which occures while transferring data via your vpn connection? maybe the cpu/vps/router is just not powerful enough to do encryption and such?
Of course! Unfortunately, the device I intend to use this on does not support OpenVPN.
On the VPS side, since OpenVPN's throughput to my machine is 18 Mbps, I don't think that it's a matter of resources. PPTP with MPPE should (if I'm not mistaken) be lighter than OpenVPN, yet the throughput is significantly lower than OpenVPN.
I tend to agree that the MTU settings aren't the key to this issue, but I'm not sure what else that leaves...
As I said, I just can't believe that this is an inherent limitation to PPTP, but given the number of people with this problem, and the lack of a clear solution, I'm starting to wonder if it's something beyond a "simple" configuration issue.
what device could that be o.O
Routers with <8 MB flash running dd-wrt, to name a large market
Can you use openvpn as for free ? As I know their is a paid version but not sure if their is still a free opensource older version ?
Yes, there is still free/open source development of OpenVPN: https://openvpn.net/index.php/open-source/downloads.html
But more to the point of this post - Improving poor PPTP performance!
Damn. But honestly, after spending so much time on PPTP with frustrating results, I would say go buy a new router.
I can pull my full internet connection capability (about 10-14mbit) using PPTP rather easily. PutDispenserHere setup script, with a blank install of Debian.
It acted completely illogical the whole time so I just gave up. ヽ(`⌒´)ノ
what encryption did you use for openvpn op
Do you have any packet loss to your VPN server? Try disabling compression in pptp and see if this makes a difference for the speed.
This is LowEndTalk! Heresy!
Interesting......since this is happening on Ubuntu, a (n albeit minor) change of OS might be worth testing.
I'd say this could be indicative of some providers "just setting it up", rather than ensuring that it works properly. Certainly, we've all seen that websites not working at all is a configuration issue, that is relatively easily to resolve.
TLS. That said, I do have LZO compression enabled, which could help with the speed...(still, not to this extent).
FWIW, a simple SFTP test pulls closer to 30 Mbps, if I recall correctly.
I'd be interested in testing this, but the only compression running is MPPE, which obviously provides encryption as well. I'm not super keen on even testing this without encryption...Can you think of another way to test this?
Thanks all!
Well, I gave it a try on a different VPS, with Debian instead of Ubuntu. I did the steps manually, but still get a huge speed differential between OpenVPN and PPTP..
Just compile penwrt with openvpn... Problem solved
Seems like both a short-term and long-term hassle...I also suspect I'd have to rip out a lot of things in order to have space for OpenVPN.
Very interesting update! I enabled packet reordering on the DD-WRT router, and the speed went up drastically (to ~8 Mbps). Still not as fast as I'd like, but this represents a pretty big improvement.
Now the question is why packets are coming in out of order, and what can be done on the server's side to fix it...
I was like you, until I gotad with pptp BC of all and the firewall problem .
Just wait for a few weeks until you have spent so many days on this problem, also because you really care and wonder, but you just can't figure it out and no one cares.
After being unable to fix the speed, being unable to connect to my server with multiple devices at once (rumor has it that's a router issue) and then there was the problem with inaccessible sites with some VPN providers, which only occured on Windows 7 btw, I decided to let go PPTP completely and to figure out OpenVPN. I didn't even have to, as there are many install scripts for it.
Got a new router 6 months ago, tried PPTP again, still no improvement. Besides that, it is not secure anymore anyway. (if the internet says the truth)
@4n0nx Of course, I agree with you. And as mentioned, I /was/ using OpenVPN successfully, and it's already set up.
That said, considering this is a widespread issue, and a learning opportunity, I'm interested in solving this puzzle (or at least making headway). I've already got it to the point where it's workable, on a single type of device. That doesn't mean that I'm not curious of how to make it work better, and why it isn't working well to begin with.
Sometimes, in these communities (LET, open source, etc.) it's not about finding a workable solution for a specific problem, but rather making the solution work for others as well - otherwise it wouldn't be much of a community
Im agree with that u should try L2TP/Ipsec. And i still think its MTU problem, it would be better if u show us some pptp config