Is Spectrum throttling PIA?
I've recently noticed that I cannot for the life of me go above 60 Mbps on any PIA server.
When I turn it off, I get my full 100+ Mbps speed. I thought it was just my computer at first, but when I tested it on my phone I also got the same result.
I had someone else test PIA on Verizon FiOS to make sure it wasn't just PIA, but they got around 300 Mbps download.
I remember being able to hit at least 100 Mbps, but I feel that they might've started throttling after the recent net neutrality development...
Can anyone on Spectrum confirm?
Tagged:
Comments
Connected to CA Toronto:
Connected to CA Montreal:
Connected to NYC:
Disconnected again:
Yeah I'm 95% positive I'm being throttled.
But since that's done through standard HTTP traffic, it must've not triggered their system. As soon as I connect to the VPN, I get this.
That leads me to believe that they are specifically throttling traffic to PIA's servers using some sort of packet inspection so that only VPN traffic gets throttled. I've tried switching the protocol between UDP and TCP; port between 80, 443, etc.; they all make no difference. Now, I did get a slightly better result with torrents. Off the VPN, I can hit 30 MBps.
Connecting back to PIA gives me around 15 MBps max with an odd dip near the end.
That's great, right? Well, sure, if all I do is download torrents all day long, but I don't. I cannot reach 100 Mbps during any sort of normal usage.
On a side note, does PIA offer any sort of traffic obfuscation to deter my ISP from being able to detect and throttle VPN traffic? I see some other services offer things like Obfsproxy and stunnel.
And yes, that definitely looks like throttling. Have you tried changing to TCP/443 just in case? Some ISPs throttle UDP traffic specifically (I'm assuming due to the recent IoT DDoS attacks) and in many cases it tricks the ISP into thinking it's regular HTTPS traffic.
Is there an ETA on when obfuscation would come?
There's a known bottleneck problem with the TAP driver that every OpenVPN client suffers from on Windows, and it is speculated (ha) that the bottleneck is caused by the context switches between the driver and the OpenVPN client process. Would you by chance have installed the Meltdown/Spectre updates for Windows around the same time you noticed the slowdowns? Out of the plethora of things that are not affected by the patches, context switches and userspace/kernel IO are among the affected things.
One way to rule out it being a Windows issue is to get a Linux live USB (Ubuntu works well for this), install PIA in the live session and do a speed test on the VPN. If you still get 60 and less, it's either your router or your ISP. If you go faster, then it's the Windows driver bug. The results can be really surprising!
For some people, L2TP also works a bit better because it doesn't suffer from the TAP problem either, but it's less secure and painful if you want port forwarding.
I do remember very clearly being able to get 12 MBps downloading files from all over the web while on PIA. I really believe it's not my computer, as I am getting similar results on my phone connected to the same router: 230 Mbps off PIA, 45 Mbps on PIA (I tested it just now). It's very likely that my ISP is throttling me. Now, I don't know if it applies to all VPN traffic or just PIA, but I don't have any other VPN service (fast enough
Further testing however gives results that are hard to make any sense of when looking at it from a ISP throttling perspective. For example, I was able to get my full download/upload speed while connected to all of the Canada servers, and all of the US servers I tested (including US-East), so I'm not seeing slow speeds on all of the servers that supports port forwarding (and thefore lots of torrent traffic) which was one of my first suspicions. It would appear that our results are not the same despite both of us being on Spectrum and having the same plan (200/20). I'm in the Austin, TX, area though, so obviously there is nothing preventing Spectrum from applying different rules to different regions. Perhaps try the Chrome extension just for testing purposes and see if you get similar results? By the way, does anyone know what protocol the Chrome extension uses? I always assumed it was connecting via OpenVPN, but obviously my assumptions aren't always so reliable, so maybe that isn't the case?
I'll take a wild guess and say the extension uses a standard SOCKS5 proxy.
There is also UDP vs TCP. Some ISPs just don't like UDP traffic for some reason, and limit those. OVH, my server host for my personal server limits UDP traffic to 50 Mbps among other things.
OpenVPN by itself is sadly very easy to identify on the network even on non-standard ports. We already use port 8080 by default and it's not helping much. It's so obvious because OpenVPN only encapsulates packers as-is, so even when using TCP/443 it's obvious it's not HTTPS as a normal web server would typically send a stream of full-size packets. It's impossible to know, but one can make pretty good educated guesses.
Can't wait for the obfuscation stuff to be done
Ever since Charter bought Time Warner Cable, I have been praying to the gods of the internet that data caps are not imposed upon Spectrum customers. The very idea of having a data cap on my home internet connection is simply disturbing. That is what is truly insane about Comcast.. despite having hard data caps, they STILL implement all this throttling BS. You're literally paying for a set amount of data to be transferred, and they still prevent you from getting that data at their advertised speeds depending on what particular order the 1's and 0's (type of traffic and its content) appear in.
I'm not real well versed in the technicalities of the OpenVPN packet structure, so I wasn't aware that is was so easily distinguishable from normal SSL/TLS traffic. I look forward to PIA's future implementation of some obfuscation techniques that may make identification of OpenVPN (and other protocols?) traffic more difficult and hopefully return some of the power to users in how they utilize the connections they are paying their hard-earned money for. Any idea when we might see some of these obfuscation techniques implemented?
NordVPN's servers seem too slow to tell, so it didn't help much.
Mullvad also couldn't get past 100 Mbps, even when I tried all of their provided alternative methods (SSH, stunnel, shadowsocks, SOCKS5, "bridges"). Now I'm really confused. Was it maybe due to using their 3-hour trial account?
misread