Raspberry Pi VPN Gateway Problem

Discussion in 'Networking & Security' started by acascianelli, Jan 23, 2019.

  1. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    I build a VPN gateway out of an old Raspberry Pi B 1+ (single core, 512Mb RAM) for my parents to use to stream International TV through an Apple TV 4.

    The VPN gateway works and everything, but video will not stream over the VPN cleanly. Lots of pauses and just general interruptions in the steam. If I connect to the same VPN node through my iPhone and try streaming video it works perfectly. So my thought was maybe the old Raspberry Pi was causing a big bottleneck. I took a look at the system usage on the Pi while it was streaming video and I'm not seeing any obvious bottleneck. CPU is only around 20-25%, plenty of RAM free( 100-150mb), the NIC isn't being utilized much. Am I missing something that would show that the Pi is the bottleneck? I was told to look at IO wait time because of the Pi's notoriously shitty USB controller and everything hanging off of it.

    If the Pi is the problem, would upgrading to a Pi 3+ give me enough power or should I look for something even more powerful.
     
  2. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,348
    Joined:
    Oct 4, 2007
    Raspberry PI USB and Ethernet adapters are notoriously pretty lackluster.

    Question: Do you only want their Apple TV to go through this VPN? Are you doing this by setting the static default gateway to the RPi rather than their normal home router?
     
  3. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    Yes, only the Apple TV needs to use the VPN. And yes, I have the gateway on the Apple TV pointed to the Pi.
     
  4. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,348
    Joined:
    Oct 4, 2007
    I would scrap the idea of using a RPi for this and get something that will be easy for you to access/manage and handle the throughput. Get a Ubiquiti USG, they are about $130, however - so definitely higher than an RPi setup... but a far superior option.

    https://www.ui.com/unifi-routing/usg/
     
  5. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    I cannot change the gateway/firewall out, ISP provided. It does not support any kind of bridged mode, and I'm not about to run double NAT.

    I spent a bunch more time looking at it the other night and I still can't see any obvious bottleneck. The one new thing I did find was that I am only getting about 5MB/s of bandwidth over the VPN node that I'm connected through. Still doesn't explain why I can stream fine with the same VPN from my phone, but I'm wondering if that connection just doesn't have enough bandwidth for video. I started looking for an alternate VPN connection to use, but haven't finished yet.
     
  6. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,348
    Joined:
    Oct 4, 2007
    I don't see why it would need to be double NAT. Apple TV would use default gateway as the USG, and the USG has the IPSEC tunnel built. The actual NAT would be on your ISP gateway still and just using the normal internet as your transit for the IPSEC traffic to your VPN provider. The USG would just be on a stick if that's supported.
     
  7. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,609
    Joined:
    Dec 23, 2001
    Are you testing the same video stream on your phone? I would look for one of those cheap 100$ atom boxes on Amazon if you need more power.
     
  8. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    Same video stream, same VPN service, same VPN server overseas.

    The reason why I'm thinking that the Pi isn't my problem is because I get the same throughput from the VPN on my iPhone and on the Pi.

    I'm going to be going to my parents tonight. I'll have some time to mess around and try to find a faster server.
     
  9. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    I found a different VPN server that has better bandwidth and now everything seems to be working fine.

    I've spent enough time screwing around with this to be able to say that a 32bit/512MB Raspberry Pi 1 is perfectly capable of handling my OpenVPN workload for this specific situation.
     
    Vengance_01 likes this.
  10. ZeqOBpf6

    ZeqOBpf6 Gawd

    Messages:
    567
    Joined:
    Aug 24, 2014
    I wonder why you didn't have problems on the phone then
     
  11. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    No idea. The app on the iPhone is substantially newer than the one on the Apple TV. Maybe that has something to do with it.
     
    ZeqOBpf6 likes this.