Hey guys!
I have been using PBS for quite some time now, following a youtube tutorial which recommended setting "chain" to "prerouting". Since I did not need a lot of bandwidth for that task I did not check but now that a new task is at hand I noticed that prerouting slows my connection from 300 MBit to 20 MBit. Changing this setting to "Output" gives me the full bandwidth.
I already searched the official documentation and the web but I could not find any info on what the "chain" setting even does.
My setup looks like this:
OpenVPN --> Surfshark VPN = tun0
Local IP (all ports+protos) --> PBS (prerouting) --> tun0
everything else --> wan
Can anyone explain what the "Chain" settings (prerouting, forward, input, output, postrouting) do and if "prerouting" really is the recommended setting for anonymity what might be going wrong in my setup causing this massive slowdown?
The chain determines the correct place to mark the traffic before the routing decision. For your needs, you should only need two chains - prerouting for the router's clients and output for the router itself.
When you change the chain to output, the traffic of the clients will not be marked correctly and they will use the wan interface to access the internet (at full speed).
With the correct chain specified (and VPN used), the speed is slowed down not because of PBR, but most likely because the router's CPU is not powerful enough to handle the encryption/decryption process.
Try switching to wireguard, it should be much better.
You are so correct, it is the CPU! Even with WG I dont get the full bandwidth so I guess I will have to learn how to setup openVPN/WG on a LXC.
Thank you!