DigitalOcean VPN's and Speed (Revisited)

February 20, 2019 1.1k views
VPN Ubuntu 18.04

My speed average using a VPN on a droplet (the minimum one) is a princely 1.6Mbps which I think we can all agree we last seen as a respectable speed when Buffy the Vampire Slayer was a new TV show and Bill Clinton was in the news for his Oval Office Horizontal boogie!

Now moving along to the 21st century my average speed here without the Digitalocean VPN is a paltry 50Mbps which I still have issues with, but that's between me and the next poor sod that winds up talking to me from my ISP! But it is also 5000% faster right. YEs we take a hit in speed though a VPN, but its not a 98% hit now is it?

So can we assume here that Digitalocean are not shaping or throttling traffic, because that would be just terrible and also very naughty (Not to mention illegal in the EU and criminally so)

So all I can think of here is that despite the complete simplicity at which a vpn can be set up on a droplet that I'm totally doing something wrong or I missed something several times!

So what gives? I'm reading some terrible horror stories here on the community board, tell me it ain't so! Has anyone managed to get a VPN working at any reasonable speed?

1 comment
  • Hold on Let me start afresh with a brand new test droplet and set open VPN up on it standalone... BRB (its now 6:35am on Thursday the 20th)

    [done stuff here] dum-de-dum-de-dum.....

    So at 7am I finished up with this little test....

    TEST 1
    1vcpu, 25gb and 1gb ram ($5) I got a whopping 4.5Mbps
    (Up from the worst of 1.6Mbps earlier)

    TEST 2
    then I resized and up graded it to the more beefy
    4vCPU, 50gb HDD and 4gb ram
    and I got 6.78Mbps

    So as far as I can see, at this rate I'm looking at maybe $960 a month, and 190gb of ram with 32 processors to match my home connection and dinosaur computer using a VPN. I could buy a new PC and pay someone in china to hold onto it in their house running a VPN at that rate!

    Theres something very very wrong here.

    Over on a competitors VPS, a competitor that will remain nameless but who rhyme with Stroodle, well I got an absolutely massive... like massive 500Mbps and the only way I could do that was via a VNC through their version of the console thing. (I kid you not 500Mbps with a 1.6gig 10gb vps!)

    So... what give? what am I doing wrong... its me right?

    Ooops better remember to delete the vpntestbox thing!

3 Answers

Hey friend,

Thanks for posting this. I'm sorry that this has given you a rough time. I can tell you that many people launch VPNs on our droplets without issue, but someone running a flawless VPN rarely stops by to let everyone know :(

It's hard to say what the cause could be. If you want to narrow down raw capability between you and the droplet vs the VPN overhead, you can try a direct tunnel and check the speed there. This will show what you're capable of on your upstream path to our droplet in the selected region, and you can safely limit any further discrepancy to the VPN protocol.

To perform the test I mentioned, I like using PPTP. PPTP is not a recommended protocol by any means. It's a direct tunnel. No safety, no protections, no overhead. For this testing purpose, it's fairly perfect. I doubt much has changed on this front since Ubuntu 12.04 but just a heads up, that is when this was written:

https://help.ubuntu.com/community/PPTPServer

If that goes super fast and your preferred VPN protocol is still slow, then check the CPU usage (run "top" via SSH) when testing your bandwidth. Is it capped?

If yes, perhaps the protocol is working too hard. Can it be tuned to be less resource heavy? Can you try in a different region to see if it works better on another CPU? Some encryption algorithms require specific CPU flags to function at their best.

If no, then I propose a diving down the Google rabbit hole to find out what can slow down that VPN protocol and how to tune a system or the protocol to perform better.

Jarland

Well the good news is that testing with PPTP did increase the transfer speed... and relatively speaking from a starting point of 1.6Mbps by a lot too. So the overhead in OpenVPN encryption seems to be rather a lot is what I'd concur from that.

But its still a far cry from 1Gbps or anywhere near that.

I did just about manage to get speedtest.net to tell me I had about 25Mbps to 30Mbps in assorted testing through a PPTP server... But thats a bit off either my own 60-70 Mbps average download or the Digitaloceans 1Gbps... (125MB/s). However in fairness to Digitalocean here I done a utilitarian test of actaully transferring an actual video file (30 meg) from the droplet (lamp stack using http) and I managed to get three 1280x1024 mp4 files streaming perfectly happily before issues started to kick in. But thats still miles below 125MB/s (1Gbps) which would be all three 30mb files in one second with plenty of room to spare! Of course my personal connection to the internet can't handle that anyway. So I'll need to test that using a droplet to some other VPS elsewhere with massive bandwidth.

The readout on the droplet control panel suggests it never went over 8.15MB/s... which is 65Mbps. Thats okay... the speed fault is clearly on my end there. Is there some sort of setting to convert this readout to Mbps and shorten the period to say one hour, I can't find one? It'd be a lot better than using my brain to convert... my brain has known issues!

What I need to do here is learn a lot more about data transfer Jarland. I think your service is not at fault and its me thats is the weak link here! So I think testing this against another VPS is what I need to do.

Incidentally, the reason Digitalocean came to be a thing here is not your keen ability to compete with the now monstrous google or amazon. Its your ability to keep the setup and information on doing so really, really simple. I don't want to have to read a mountain of text, or sit through a lecture on a control panel, or face a learning curve just to deploy a VPS. And I think thats where DigitalOceans strength lies... Nothing complicated...

But in this case its gonna probably be mountain of text right?

UPDATE: It seems either this was me being a total noob or something I done mucked up the install...I'm going with me being a total noob! But I dunno. Anyway Since it worked perfectly on AWS, Google, Alibaba and Vultr a week later then I'd have to assume its simply me being daft and I must have learned something along the way.

I'll try again when I've finished on the project I'm working on, I'm not that desperate to have a VPN anyway, it was just a crazy hair brained idea I came up with for security.

IDEA WAS: Launch a vpn, allow only the VPN IP to access another droplet, block all ports except https.... then edit the sshd_config file to only listen for the VPN ip! that way absolutely everyone else is completely locked out! I'm using Vesta and as we all know there were issues in the past with Vesta CP.... so this I thought was yet another easy to deploy layer of security. Yes it might need two droplets... but at $5 a month to protect my project its well worth the investment. I might even be able to deploy the VPN on the same droplet as the project anyway.

Have another answer? Share your knowledge.