gluetun: Bug: Internet Speedtest Slow

Host OS : Microsoft Windows [Version 10.0.19042.685]

Client: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:22:37 2019 OS/Arch: windows/amd64 Experimental: false

Is this urgent?: No

What VPN provider are you using: PIA

What are you using to run your container?:

docker create --name=pia -e TZ=America/Chicago --cap-add=NET_ADMIN -e VPNSP="private internet access" -e PIA_ENCRYPTION=normal -e USER="<redacted>" -e PASSWORD="<redacted>" -e REGION="US Chicago" -v C:\Users\user1\Documents\Docker\pia:/gluetun qmcgaw/private-internet-access:latest

What is the version of the program (See the line at the top of your logs)

Running version latest built on 2020-12-06T21:20:02Z (commit 3f721b1)

What’s the problem 🤔

Slow speedtest with container connected to PIA versus the same test when not connected from a container and a Windows 10 machine.

FROM A DOCKER CONTAINGER CONNECTED TO PIA

docker run --rm --network=container:pia tianon/speedtest speedtest --accept-license --server-id 21606
    Server: S&A Telephone - Allen, KS (id = 21606)
       ISP: Cogent Communications
   Latency:    58.30 ms   (0.85 ms jitter)
  Download:    25.54 Mbps (data used: 42.9 MB)
    Upload:    25.66 Mbps (data used: 29.7 MB)
Packet Loss:     0.0%

FROM A DOCKER CONTAINGER NOT CONNECTED TO PIA

docker run --rm tianon/speedtest speedtest --accept-license --server-id 21606
     Server: S&A Telephone - Allen, KS (id = 21606)
        ISP: Spectrum
    Latency:    65.87 ms   (1.36 ms jitter)
   Download:   290.20 Mbps (data used: 399.4 MB)
     Upload:    23.83 Mbps (data used: 33.6 MB)
Packet Loss:     0.0%

FROM A WINDOWS 10 MACHINE CONNECTED TO PIA (US Chicago) image

Logs

today at 12:43 PM  =========================================
today at 12:43 PM  ================ Gluetun ================
today at 12:43 PM  =========================================
today at 12:43 PM  ==== A mix of OpenVPN, DNS over TLS, ====
today at 12:43 PM  ======= Shadowsocks and HTTP proxy ======
today at 12:43 PM  ========= all glued up with Go ==========
today at 12:43 PM  =========================================
today at 12:43 PM  =========== For tunneling to ============
today at 12:43 PM  ======== your favorite VPN server =======
today at 12:43 PM  =========================================
today at 12:43 PM  === Made with ❤️  by github.com/qdm12 ====
today at 12:43 PM  =========================================
today at 12:43 PM  
today at 12:43 PM  Running version latest built on 2020-12-06T21:20:02Z (commit 3f721b1)
today at 12:43 PM  
today at 12:43 PM  
today at 12:43 PM  🔧  Need help? https://github.com/qdm12/gluetun/issues/new
today at 12:43 PM  💻  Email? quentin.mcgaw@gmail.com
today at 12:43 PM  ☕  Slack? Join from the Slack button on Github
today at 12:43 PM  💸  Help me? https://github.com/sponsors/qdm12
today at 12:43 PM  2020-12-10T12:43:06.099-0600	INFO	IPtables version: v1.8.4
today at 12:43 PM  2020-12-10T12:43:06.102-0600	INFO	OpenVPN version: 2.4.9
today at 12:43 PM  2020-12-10T12:43:06.104-0600	INFO	Unbound version: 1.10.1
today at 12:43 PM  2020-12-10T12:43:06.104-0600	INFO	Settings summary below:
today at 12:43 PM  OpenVPN settings:
today at 12:43 PM  |--User: [redacted]
today at 12:43 PM  |--Password: [redacted]
today at 12:43 PM  |--Verbosity level: 1
today at 12:43 PM  |--Run as root: no
today at 12:43 PM  |--Private Internet Access settings:
today at 12:43 PM   |--Network protocol: udp
today at 12:43 PM   |--Regions: us chicago
today at 12:43 PM   |--Encryption preset: normal
today at 12:43 PM   |--Port forwarding: off
today at 12:43 PM  System settings:
today at 12:43 PM  |--User ID: 1000
today at 12:43 PM  |--Group ID: 1000
today at 12:43 PM  |--Timezone: america/chicago
today at 12:43 PM  |--IP Status filepath: /tmp/gluetun/ip
today at 12:43 PM  DNS over TLS settings:
today at 12:43 PM   |--DNS over TLS provider:
today at 12:43 PM    |--cloudflare
today at 12:43 PM   |--Caching: enabled
today at 12:43 PM   |--Block malicious: enabled
today at 12:43 PM   |--Block surveillance: disabled
today at 12:43 PM   |--Block ads: disabled
today at 12:43 PM   |--Allowed hostnames:
today at 12:43 PM    |--
today at 12:43 PM   |--Private addresses:
today at 12:43 PM    |--127.0.0.1/8
today at 12:43 PM    |--10.0.0.0/8
today at 12:43 PM    |--172.16.0.0/12
today at 12:43 PM    |--192.168.0.0/16
today at 12:43 PM    |--169.254.0.0/16
today at 12:43 PM    |--::1/128
today at 12:43 PM    |--fc00::/7
today at 12:43 PM    |--fe80::/10
today at 12:43 PM    |--::ffff:0:0/96
today at 12:43 PM   |--Verbosity level: 1/5
today at 12:43 PM   |--Verbosity details level: 0/4
today at 12:43 PM   |--Validation log level: 0/2
today at 12:43 PM   |--IPv6 resolution: disabled
today at 12:43 PM   |--Update: every 24h0m0s
today at 12:43 PM   |--Keep nameserver (disabled blocking): no
today at 12:43 PM  Firewall settings:
today at 12:43 PM   |--VPN input ports: 
today at 12:43 PM   |--Input ports: 
today at 12:43 PM   |--Outbound subnets: 
today at 12:43 PM  HTTP Proxy settings: disabled
today at 12:43 PM  ShadowSocks settings: disabled
today at 12:43 PM  HTTP Control server:
today at 12:43 PM   |--Listening port: 8000
today at 12:43 PM   |--Logging: true
today at 12:43 PM  Public IP check period: 12h0m0s
today at 12:43 PM  Version information: enabled
today at 12:43 PM  Updater: disabled
today at 12:43 PM  
today at 12:43 PM  2020-12-10T12:43:06.109-0600	INFO	storage: Merging by most recent 6734 hardcoded servers and 0 servers read from /gluetun/servers.json
today at 12:43 PM  2020-12-10T12:43:06.183-0600	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
today at 12:43 PM  2020-12-10T12:43:06.183-0600	INFO	routing: local subnet found: 172.17.0.0/16
today at 12:43 PM  2020-12-10T12:43:06.183-0600	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
today at 12:43 PM  2020-12-10T12:43:06.183-0600	INFO	routing: adding route for 0.0.0.0/0
today at 12:43 PM  2020-12-10T12:43:06.183-0600	INFO	firewall: firewall disabled, only updating allowed subnets internal list
today at 12:43 PM  2020-12-10T12:43:06.184-0600	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
today at 12:43 PM  2020-12-10T12:43:06.184-0600	INFO	openvpn configurator: checking for device /dev/net/tun
today at 12:43 PM  2020-12-10T12:43:06.184-0600	WARN	TUN device is not available: open /dev/net/tun: no such file or directory
today at 12:43 PM  2020-12-10T12:43:06.184-0600	INFO	openvpn configurator: creating /dev/net/tun
today at 12:43 PM  2020-12-10T12:43:06.184-0600	INFO	firewall: enabling...
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	firewall: enabled successfully
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	healthcheck: listening on 127.0.0.1:9999
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	dns over tls: falling back on plaintext DNS at address 1.1.1.1
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	dns configurator: using DNS address 1.1.1.1 internally
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	dns configurator: using DNS address 1.1.1.1 system wide
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	http server: listening on 0.0.0.0:8000
today at 12:43 PM  2020-12-10T12:43:06.233-0600	INFO	Launching standard output merger
today at 12:43 PM  2020-12-10T12:43:06.234-0600	INFO	firewall: setting VPN connection through firewall...
today at 12:43 PM  2020-12-10T12:43:06.236-0600	INFO	openvpn configurator: starting openvpn
today at 12:43 PM  2020-12-10T12:43:06.240-0600	INFO	openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
today at 12:43 PM  2020-12-10T12:43:06.240-0600	INFO	openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
today at 12:43 PM  2020-12-10T12:43:06.244-0600	INFO	openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
today at 12:43 PM  2020-12-10T12:43:06.244-0600	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]154.21.28.239:1198
today at 12:43 PM  2020-12-10T12:43:06.244-0600	INFO	openvpn: UDP link local: (not bound)
today at 12:43 PM  2020-12-10T12:43:06.244-0600	INFO	openvpn: UDP link remote: [AF_INET]154.21.28.239:1198
today at 12:43 PM  2020-12-10T12:43:06.351-0600	INFO	openvpn: [chicago410] Peer Connection Initiated with [AF_INET]154.21.28.239:1198
today at 12:43 PM  2020-12-10T12:43:07.549-0600	INFO	openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
today at 12:43 PM  2020-12-10T12:43:07.549-0600	INFO	openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
today at 12:43 PM  2020-12-10T12:43:07.549-0600	INFO	openvpn: TUN/TAP device tun0 opened
today at 12:43 PM  2020-12-10T12:43:07.549-0600	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
today at 12:43 PM  2020-12-10T12:43:07.550-0600	INFO	openvpn: /sbin/ip addr add dev tun0 10.49.112.2/24 broadcast 10.49.112.255
today at 12:43 PM  2020-12-10T12:43:07.555-0600	WARN	openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
today at 12:43 PM  2020-12-10T12:43:07.555-0600	INFO	openvpn: UID set to nonrootuser
today at 12:43 PM  2020-12-10T12:43:07.555-0600	INFO	openvpn: Initialization Sequence Completed
today at 12:43 PM  2020-12-10T12:43:07.556-0600	INFO	dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
today at 12:43 PM  2020-12-10T12:43:07.556-0600	INFO	VPN routing IP address: 154.21.28.239
today at 12:43 PM  2020-12-10T12:43:07.740-0600	INFO	dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
today at 12:43 PM  2020-12-10T12:43:07.765-0600	INFO	dns configurator: generating Unbound configuration
today at 12:43 PM  2020-12-10T12:43:08.050-0600	INFO	dns configurator: 61936 hostnames blocked overall
today at 12:43 PM  2020-12-10T12:43:08.051-0600	INFO	dns configurator: 2751 IP addresses blocked overall
today at 12:43 PM  2020-12-10T12:43:08.099-0600	INFO	dns configurator: starting unbound
today at 12:43 PM  2020-12-10T12:43:08.100-0600	INFO	dns configurator: using DNS address 127.0.0.1 internally
today at 12:43 PM  2020-12-10T12:43:08.100-0600	INFO	dns configurator: using DNS address 127.0.0.1 system wide
today at 12:43 PM  2020-12-10T12:43:08.327-0600	INFO	unbound: init module 0: validator
today at 12:43 PM  2020-12-10T12:43:08.327-0600	INFO	unbound: init module 1: iterator
today at 12:43 PM  2020-12-10T12:43:08.341-0600	INFO	unbound: start of service (unbound 1.10.1).
today at 12:43 PM  2020-12-10T12:43:08.528-0600	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
today at 12:43 PM  2020-12-10T12:43:09.056-0600	INFO	dns over tls: DNS over TLS is ready
today at 12:43 PM  2020-12-10T12:43:09.391-0600	INFO	You are running 1 commit behind the most recent latest
today at 12:43 PM  2020-12-10T12:43:09.848-0600	INFO	ip getter: Public IP address is <redacted>

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 19 (9 by maintainers)

Most upvoted comments

Also apparently Wireguard uses all CPU cores whereas openvpn limits itself mostly to 1 cpu core. More on this discussion. Anyway that seems like a required improvement now for this image.

+2
qdm12 on Dec 27, 2020

Hello all!

I just finished some initial implementation for wireguard, only for Mullvad for now.

See https://github.com/qdm12/gluetun/pull/565 on how to try it.

There is a list of providers I’ll be adding, feel free to comment on https://github.com/qdm12/gluetun/issues/134 if you want another provider supported.

+1
qdm12 on Aug 19, 2021

Context: I’m based in Montreal Canada, and using Mullvad

Summary table:

VPN server Openvpn host Speedtest host Openvpn cores Download average
Paris Gluetun on Linux Gluetun container 12 50
Paris Gluetun on Windows Gluetun container 6 55
Paris Openvpn on Windows Windows 24 250
Paris Openvpn on Windows Alpine container 24 192
Montreal Gluetun on Linux Gluetun container 12 500 (wtf?)
Montreal Gluetun on Windows Gluetun container 6 107
Montreal Openvpn on Windows Windows 24 355
Montreal Openvpn on Windows Alpine container 24 375

Conclusions:

  • When the VPN server is far: gluetun is x4 slower than native openvpn
  • When the VPN server is not far: it’s the fastest when the host is Linux (so no VM) and slowest on Docker Desktop (with VM)
  • CPU cannot be the bottleneck otherwise we could not reach 500Mbps with gluetun on my Linux host. It might be a bottleneck with the VM on Windows and Docker Desktop. Now why gluetun is slower than native openvpn on further away server, I have no clue!
  • Mullvad seems to have bandwidth going down the more I would do a speedtest on the same server
  • FYI: Regarding openvpn, gluetun is just running openvpn simply installed with apk add openvpn and not a custom implementation. One difference that could have an impact is that it’s compiled with musl instead of the more traditional glibc to be compatible with Alpine.
  • I’ll continue working on Wireguard, hopefully that might help

Details:

France Paris VPN server

Gluetun on a Linux host (ryzen 2600x)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.44.9.21)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [6.74 km]: 242.227 ms
Testing download speed................................................................................
Download: 102.63 Mbit/s
Testing upload speed......................................................................................................
Upload: 31.85 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.44.9.21)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [6.74 km]: 100.573 ms
Testing download speed................................................................................
Download: 53.38 Mbit/s
Testing upload speed......................................................................................................
Upload: 19.45 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.44.9.21)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Networth Telecom (Clichy) [5.52 km]: 101.194 ms
Testing download speed................................................................................
Download: 26.44 Mbit/s
Testing upload speed......................................................................................................
Upload: 13.23 Mbit/s

Gluetun on a Windows host (ryzen 5900x + docker desktop with 6 CPUs assigned)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (194.110.113.10)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [6.74 km]: 224.589 ms
Testing download speed................................................................................
Download: 67.92 Mbit/s
Testing upload speed......................................................................................................
Upload: 20.48 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (194.110.113.10)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [6.74 km]: 95.131 ms
Testing download speed................................................................................
Download: 43.82 Mbit/s
Testing upload speed......................................................................................................
Upload: 18.20 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (194.110.113.10)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [6.74 km]: 95.38 ms
Testing download speed................................................................................
Download: 59.77 Mbit/s
Testing upload speed......................................................................................................
Upload: 18.14 Mbit/s

Openvpn on Windows host (5900x all cores)

   Speedtest by Ookla

     Server: CCleaner - Paris (id = 16676)
        ISP: 31173 Services AB
    Latency:    89.82 ms   (0.14 ms jitter)
   Download:   318.87 Mbps (data used: 477.5 MB)
     Upload:    53.07 Mbps (data used: 94.5 MB)

---

Server: GTT.net - Paris (id = 24386)
        ISP: 31173 Services AB
    Latency:    89.70 ms   (0.13 ms jitter)
   Download:   174.77 Mbps (data used: 291.0 MB)
     Upload:    67.73 Mbps (data used: 117.5 MB)

Alpine container using Openvpn running on Windows host (5900x all cores)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from 31173 Services AB (193.32.126.159)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [2.04 km]: 245.074 ms
Testing download speed................................................................................
Download: 214.80 Mbit/s
Testing upload speed......................................................................................................
Upload: 17.91 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from 31173 Services AB (193.32.126.159)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by ORANGE FRANCE (Paris) [2.04 km]: 91.453 ms
Testing download speed................................................................................
Download: 170.74 Mbit/s
Testing upload speed......................................................................................................
Upload: 19.31 Mbit/s

Canada Montreal VPN server

Gluetun on a Linux host (ryzen 2600x)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.116)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 14.262 ms
Testing download speed................................................................................
Download: 378.00 Mbit/s
Testing upload speed......................................................................................................
Upload: 201.33 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.116)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 4.178 ms
Testing download speed................................................................................
Download: 605.62 Mbit/s
Testing upload speed......................................................................................................
Upload: 355.75 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.116)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 11.996 ms
Testing download speed................................................................................
Download: 539.05 Mbit/s
Testing upload speed......................................................................................................
Upload: 264.76 Mbit/s

Gluetun on a Windows host (ryzen 5900x + docker desktop with 6 CPUs assigned)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.120)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by TELUS (Montreal, QC) [0.35 km]: 43.257 ms
Testing download speed................................................................................
Download: 51.37 Mbit/s
Testing upload speed......................................................................................................
Upload: 76.36 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.120)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 28.749 ms
Testing download speed................................................................................
Download: 127.68 Mbit/s
Testing upload speed......................................................................................................
Upload: 129.69 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.120)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 20.968 ms
Testing download speed................................................................................
Download: 145.27 Mbit/s
Testing upload speed......................................................................................................
Upload: 77.92 Mbit/s

Openvpn on Windows host (5900x all cores)

Server: Connexio - Montreal, QC (id = 31838)
        ISP: M247 Ltd
    Latency:    24.20 ms   (2.15 ms jitter)
   Download:   349.96 Mbps (data used: 491.2 MB)
     Upload:   219.58 Mbps (data used: 364.0 MB)

---

Server: Connexio - Montreal, QC (id = 31838)
        ISP: M247 Ltd
    Latency:     2.11 ms   (1.94 ms jitter)
   Download:   359.86 Mbps (data used: 540.7 MB)
     Upload:   319.37 Mbps (data used: 410.8 MB)

Alpine container using Openvpn running on Windows host (5900x all cores)

/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.46)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 76.979 ms
Testing download speed................................................................................
Download: 427.27 Mbit/s
Testing upload speed......................................................................................................
Upload: 61.39 Mbit/s
/ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from M247 Ltd (89.36.78.46)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Beanfield Montreal 10G (Montreal, QC) [0.35 km]: 24.292 ms
Testing download speed................................................................................
Download: 321.24 Mbit/s
Testing upload speed......................................................................................................
Upload: 76.30 Mbit/s
+1
qdm12 on Mar 1, 2021

@estate000 are these running on the same machine? I’ll do some testing on my machine. I also made some progress on wireguard but it’s not there yet unfortunately.

+1
qdm12 on Feb 21, 2021

Alright let’s close this for now. I’m digging into adding Wireguard (follow #134) as I’m writing this, with PIA ‘experimental’ support first. That’s crazy there is such a big difference even with the user space implementation, I didn’t expect it to be THAT fast! 👍

+1
qdm12 on Dec 27, 2020
Read more comments on GitHub
← gluetun: Bug: Gluetun Failing to Connect to old PIA servers
gluetun: Bug: iptables-nft on host without nftables →