Throttled Torrent traffic

I have a problem, and I hope that someone can help me resolve it.

Quick background information: I discovered that is problem about 3 weeks ago when tried to download a torrent file from my corp Torrent server, that every time I tried to download a file, my LAN and WAN connection drop from it’s normal 100gbs down to 1mb.

I have also tried a questionable source for a torrent to make sure it was not our server or connection, but I got the same results.

I have email PIA and they informed me that they don’t Throttled VPN traffic, this only happens on OpenVPN and not wireguard, which is no ideal as I am not able to install wireguard on my Corp PC. Or Install on my PFSENSE.

Also, apart of my testing I discovered the following:

That if I disable all my rules apart from the last which has the default gateway that all my traffic is still going out via my France VPN. When I through it would go out via my ISP connection.

I also discovered that if put a PC on my London VPN then I get an London IP but I get a France DNS reference, why ?

I have attach a screen shot of my Main rules, and I am happen to attach any more as and when require.

Torrent traffic is noisy and sometimes OpenVPN seems to have a hard time keeping up with it and drops packets. It’s an issue I have noticed but don’t have a solution for.

Did you try a DNS leak test ? Sounds like you haven’t correctly configured your OpenVPN clients.

Try to torrent a Linux ISO over your ISP and VPN provider to see if you get the same results.

Then ask your ISP if they throttle torrent traffic.

yes I did, this is how I discovered that my workstation had a London IP and also that I had a France DNS

United Kingdom - England IP
France-Paris DNS

I tried this and via my ISP I was getting around 4 to 5mbs per second
and when I tried it over VPN the it dropped down to 0.4kibs

I don’t think it is my ISP cos this only happens with OpenVPN protocol

If you have a DNS leak, that would be the first thing to fix.

Then I would inspect your client OpenVPN again, to see if they are correctly set. If that looks ok, check your VPN provider site, perhaps their servers are having an issue.

Test it out with another server close to your location and inspect the results.

I’m using AirVPN and get about 95% of my line speed using OpenVPN.

ok, after a weekend of hitting my head ageist the nearest wall, I am still having the same issue.

test I have done,
DNS leaks - all OK as my external IP (VPN) is the same as my VPN DNS
I have created a second VPN and to make sure that it is to the PIA Server
I have removed (disable) all vlans apart from my LAN and all rules
I have gone through my client VPN and it looks OK.
I have screenshoot my VPN client settings, and paste it here so that if you wish you can go through it, I have gone through it 3 times and I can’t find any issues.


remote-cert-tls server
reneg-sec 0
auth-retry interact
dhcp-option DNS
dhcp-option DNS

For sure that wall has a few dents :woozy_face:

For reference your configuration doesn’t look too different to mine.

However, probably where we differ are the following:

  • I use AirVPN, so I connect via an IP address and not a FQDN, I don’t totally understand how the FQDN can be resolved before the tunnel is up. Perhaps there is someway but it’s not super clear to me.
  • When I initially setup pfSense I just used the DNS Forwarder for vlans going out the ISP and the DNS Resolver for vlans going out the VPN. Perhaps there was a logic at the time, but I’ve now forgotten. For sure I had issues at the beginning which I’ve now forgotten.

I’m certain my vlans exiting via the VPN do not leak, and things work as intended, it did take me while to get there. It was several years ago so I have honestly forgotten some of the issues I had.

Perhaps if you still have the spirit left, you could try AirVPN and see if you get the same result or not.

At the time it seemed to me connecting via an IP address meant nothing needed to be resolved, perhaps, you can also change the FQDN to an IP and see if that works. At the same time it must be the case that others who are using PIA must be in the same situation as you, you’d need to ask in their forums what they do perhaps.

I know that I have no DNS leaks and the VLANs are working fine, the problem is just the Torrent traffics justs kills my network, and all my testing points to PIA to whom is throttling it.

regarding the PIA fourms I have been there and it looks like PIA as closed the site down.

and my spirit is just hanging in there and I will look at AirVPN to see if there do a months membership for testing to see if this helps.

Could well be the VPN provider throttling but doesn’t seem to be in their interest to do so. have a deal for 7 euros for a month, you can try them out. I get about 95% of my line speed.

If you get bufferbloat perhaps you can tune your limiters to see if that has an effect to reduce it.

Just noticed that you don’t have Hardware Crypto switched on, if your processor supports it turn it on. I also have the UDP Fast I/O selected, try doing the same and inspect the result.

The other thing that just came to mind is to ping the VPN servers under Diagnostics > Ping and inspect the response times.

Torrent clients have a “listening port” for incoming port connections you can set. Most have a random port generator built inside the client. Once you determine and set your incoming port, I make a firewall rule to pass and direct it to a specific internal IP. I’m able to max my line with torrents. I’m using pfsense +, openvpn and PIA. I’m getting max line performace.

When I turn OFF my pfsense firewall rule “NAT torrents port forward” thru OpenVPN/PIA I get 352KiB, When I turn it back on I get 21-25MiB throughput which is my line’s max throughput. “BitTorrent” uses TCP and most other clients try to use UDP. I’ve excluded trackers/ports. My port forward rule forwards both TCP/UDP for that specific port to a specific IP. I’m also using the qBitTorrent client. Which will allow you to set which peer connection protocol (tcp, uTp, or both), which port is the listening port, which network interface, and which ip address to bind the client to, among other features