Sonic.net

Using the Ookla speedtest app on my MacBook Pro while connected to the internet over Sonic fiber and an Eero wifi mesh, my measured transfer speeds, both up and down loads, is halved when I have Sonic OpenVPN turned on.

Is there any way to optimize the VPN settings to improve this performance? I'm using the default settings on OpenVPN.

Or is there a better choice for VPN?

If you're on Sonic Fiber, why are you using the VPN?

The intent for VPN is when you are connetcted to a different network, particularly one you aren't certain you can trust, like public Wi-Fi, hotel Wi-Fi, etc.

Good point.
Still, my observation holds... It's surprising why vpn degrades the speed by half.

OpenVPN is typically CPU limited both in the server and client. You'll most likely see that the OpenVPN client process is using 100% of one your laptop's CPU cores.

Isn't this also compelling justification to support Wireguard as a customer VPN option?

It's unfortunate that the authors of Wireguard didn't build any thing as obvious as an extensible authentication system into the protocol. I've viewed it as more of a replacement for manually configured ipsec tunnels and other permanent site to site vpns than anything else because of this. Being key based is great but requires a lot of extra work at the provider level and, so far as I know, nobody is selling a Wireguard backed VPN service access product like OpenVPN AS.

Good point, my understanding is the developer of Wireguard was focused on making the protocol (and associated code) as efficient as possible.

Would it really be that difficult to dynamically generate and manage per-user keys on the Sonic end? I'm not a product manager, but this would seem like a nice opportunity for Sonic to develop a feature that many would benefit from

https://medium.com/swlh/web-uis-for-wir ... 04710fa7bd

graeme_stewart wrote: Would it really be that difficult to dynamically generate and manage per-user keys on the Sonic end? I'm not a product manager, but this would seem like a nice opportunity for Sonic to develop a feature that many would benefit from

It's more than just key management and authentication. There's no dynamic IP pool management, doesn't support clients coming from dynamic IPs out of the box, etc.. I think there is a commercial provider that has done all of the work using standalone applications to manage the connection (configuration) on the clients so it's all possible but isn't exactly simple.

Please keep in mind that this is a free service too.

Sonic should not waste any resources on this. OpenVPN is a fine VPN and is used all over the world. This is a free offering and even if speed is half (not bad for a VPN in general) so be it. Sonic should invest all resources in being an ISP and expanding its Internet service. If there is extra time, invest it in offering a user-controllable block list for the phones

How are VPN providers who manage tens or hundreds of servers and thousands of customers run Wireguard effectively?