Completely disconnected after trying to download anything at max speed with VPN on

Hello, I'm using BPI-R3 with WireGuard, PBR and AdGuardHome for a few months, besides a few hiccups here and there, no problem like this before. Whenever I try to download something with my VPN on, and it hits 80-100Mbps, after a few minutes the whole banana pi stops getting internet, ssh’ing into the router and running ping results in a ‘bad address’. Downloading without the VPN on seems to work just fine, but it makes no sense to do this. I’ve tried:

  • Using another DNS Servers on AdGuardHome.
  • rebooting the bpi-r3 after this occurrence.
  • Redoing all my config since I think there was some stuff messed up, I’ve had this configuration backup from a few months now. Every time something breaks, and I need to burn a new image in my SD card, I used the same config.

My current setup is looking like this: ISP Router → BPI-R3 (ISP router connected to wan) → Dumb AP (BPI connected to a LAN port, using VLAN Tagging from my BPI). And the only ‘fix’ that seems to be working is turning off my ISP Router, and waiting a few minutes to turn it on again and reboot my BPI-R3. Even tho I’m not sure if this is fixing my connection, this is the only thing that worked.

I thought this could be something wrong with my ISP Router, but when connecting directly to a LAN Port and testing the connection, everything is fine, Wi-Fi is ok too. So, I’m not sure if there is some gimmick happening here, but I can’t really tell, and I’m not sure how to test it.

My CPU while using the VPN and downloading at max speed stays at 60% with a thermal of around 55-60C (using luci-app-statistics), and without VPN something like 26% and could not check the temp. Since I’ve reinstalled my config the started failing after some time, and I can’t install it, I’ll update if I get the values.

If anyone thinks my config is necessary here, just tell me, and I’ll update the post with my /etc/config/*

This means that DNS does not work. If the DNS is on the other side of the VPN tunnel that would occur. Pinging and the numeric IP of the VPN server would be more meaningful tests. The VPN server always has an exception route so that a ping to it will go by regular Internet.

It is possible that the VPN service has a an "abuse" policy that considers heavy downloading a reason to shut down the tunnel. When you restart the modem they see you from a different IP address.

1 Like

That makes sense, but help me think about this.
I have AdGuardHome, and I only use Mullvad's DNS to avoid DNS Leak, and on my system I have DNS that is from Mullvad too.
But for the router not be able to ping the mullvad dns on adguardhome would need to fail, right? If that's the case, I tried to change on my DNS List, but it didn't work.
I did some research too, I didn't come across anything from mullvad saying that they limit downloads.
How do you think I can test this?

I found something related to Mullvad limiting, it looks like they do not limit it (here)