OpenVPN performance

[EnF70]

I use my original rules (the ones included in Alpha3) but the one mentioned above works just as well.
I still believe it's sufficient to mark individual packets in the PREROUTING chain to work-around the CTF issue rather than do it per connection and involve the connection tracking mechanism into this.

 

[peraburek]

I use my original rules (the ones included in Alpha3) but the one mentioned above works just as well.
I still believe it's sufficient to mark individual packets in the PREROUTING chain to work-around the CTF issue rather than do it per connection and involve the connection tracking mechanism into this.

you mean this command?

iptables -t mangle -A PREROUTING -i tun21 -j MARK --set-mark 1

 

[EnF70]

Yes, that one.
But I have two rules, one for each OpenVPN instance (tun21 and tun22).
I use one OpenVPN instance for UDP and one for TCP (for networks that don't allow UDP).

 

[kvic]

For the sake of truth, I loaded the stock Alpha 3 and tested again. Here are the results:

Stock Merlin 380.58_alpha3-gcf77301

without stock packet marking rule: ~7 Mbps (down) / ~17 Mbps (up)
with stock packet marking rule: ~65 Mbps / ~57 Mbps

My alpha3-gcf77301 compiled with NPTL

with _or_ without stock packet marking rule: ~65 Mbps / ~59 Mbps

Seems NPTL toolchains really makes a difference here. This toolchains continue to amaze me

N.B. packet marking only benefits VPN server _and_ for WAN-WAN traffic. See the test scenario in #173 for detail description.

 

[bayern1975]

is there a solution to write data at openvpn in megabytes or gigabytes? i think writing in bytes is not the best so we got very big numbers.....

 

[bayern1975]

everytime when i click on VPN button over webgui then write in my syslog this.....i think this is not correct and should nothing to write?

Mar  9 09:38:11 openvpn[989]: event_wait : Interrupted system call (code=4)
Mar  9 09:38:11 openvpn[989]: TITLE,OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mar  9 09:38:11 openvpn[989]: TIME,Wed Mar  9 09:38:11 2016,1457512691
Mar  9 09:38:11 openvpn[989]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  9 09:38:11 openvpn[989]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  9 09:38:11 openvpn[989]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  9 09:38:11 openvpn[989]: END

 

[RMerlin]

everytime when i click on VPN button over webgui then write in my syslog this.....i think this is not correct and should nothing to write?

Mar  9 09:38:11 openvpn[989]: event_wait : Interrupted system call (code=4)
Mar  9 09:38:11 openvpn[989]: TITLE,OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mar  9 09:38:11 openvpn[989]: TIME,Wed Mar  9 09:38:11 2016,1457512691
Mar  9 09:38:11 openvpn[989]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  9 09:38:11 openvpn[989]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  9 09:38:11 openvpn[989]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  9 09:38:11 openvpn[989]: END

Already fixed in 380.58. It no longer signals the openvpnd process to dump its info (which, by default, went to syslog).

 

[dhruvcasper]

I finally got the UDP up and running and tested (also, it is faster), but one really strange thing happened. I had policy routing in place (TCP) for my main PC and all other devices would bypass the VPN, but when I switched to UDP the "Redirect Internet Traffic" setting reverted to NO and my WAN IP was still being reported as the VPN IP address on the internet. I checked the IP for my Phone, Tablet, etc, and they all showed the VPN's IP. Verified with a traceroute on the Router side to confirm as well. My use case is to get the highest speed out of the VPN and hide my IP address on torrents, but am I really protected and are the packets AES-256 encrypted, how do I know with the "NO" setting on? I know for 100% that Policy Based routing works, but this setting just confused me.

Hi, i am also using purevpn. my isp gives me 30Mb/s but when i use purevpn servers on openvpn in asus merlin it drops to 2.5M/bs. same with pptp. if i use pptp in wan settings on other router connected with lan cable it gives 17Mb/s. i am scratching my head what to do. I have ac66u asus router connected to ISP and Dlink as vpn router. any suggestions ?

 

[MoBlues]

Hi, i am also using purevpn. my isp gives me 30Mb/s but when i use purevpn servers on openvpn in asus merlin it drops to 2.5M/bs. same with pptp. if i use pptp in wan settings on other router connected with lan cable it gives 17Mb/s. i am scratching my head what to do. I have ac66u asus router connected to ISP and Dlink as vpn router. any suggestions ?

Be sure you try/test other connections like UDP from PureVPN, it is faster but it shouldn't drop down to 2.5Mb/s and avoid PPTP. It sounds to me you've got a config issue with another router involved on your LAN and I would make sure of all your settings or reverse it by removing the additional router to make sure you're getting the right setup and then add the other router or extended AP you're using. Why is the DLink even necessary? Policy-based routing should be enough in forcing devices on Mac Address and static IP addresses. You need to provide more info before we can give you other ideas to try.

 

[dhruvcasper]

You need to provide more info before we can give you other ideas to try.

hi @MoBlues.

thanks for reply. i had posted info in other forum and will share it here again. My other router is old setup connected to give VPN to wifi devices. all my LAN devices are connected to ISP router which is asus. I recently got android smart tv and want to connect it using VPN and is connected with lan to Asus. my server is connected to lan and runs torrent server. being in UAE i dont have problem with torrent and does not use VPN for it. now only thing left is to get the anroid tv box. if i conect the android tv box to dlink my vpn router then it will not talk to server.

my speed ranges from 2M/bs to 5 M/bs, ISP speed is 30 M/bs.

My router is asus ac66u and tried both UDP and TCP for PureVPN. I want open vpn to get routing table in place for anrodid box. Using frimware version 380.58, purevpn vpn needs aes-256-cbc encryption. below is the custom script. tried all the servers and best speed is 5 M/bs. Nat disabled, compression none, TCP port 80 and UDP is 53.

mute 20
route-method exe
route-delay 2
auth-retry interact
auth-nocache
tls-client
remote-cert-tls server

any other help will be great.

 

[MoBlues]

hi @MoBlues.

thanks for reply. i had posted info in other forum and will share it here again. My other router is old setup connected to give VPN to wifi devices. all my LAN devices are connected to ISP router which is asus. I recently got android smart tv and want to connect it using VPN and is connected with lan to Asus. my server is connected to lan and runs torrent server. being in UAE i dont have problem with torrent and does not use VPN for it. now only thing left is to get the anroid tv box. if i conect the android tv box to dlink my vpn router then it will not talk to server.

My router is asus ac66u and tried both UDP and TCP for PureVPN. I want open vpn to get routing table in place for anrodid box. Using frimware version 380.58, purevpn vpn needs aes-256-cbc encryption. below is the custom script. tried all the servers and best speed is 5 M/bs. Nat disabled, compression none, TCP port 80 and UDP is 53.

any other help will be great.

Two things I can suggest:
1. Remove the DLink and let the Android KODI Box connect to the ASUS Router @192.168.1.197 = Android box? Again, test and see if the ASUS will allow your Android Box to connect with ASUS. I still do not understand why you need the DLink even for the Android box. ASUS can handle all of it.

2. Post some Traceroutes (on the VPN side) either from the ASUS > Network Tools > Method - TraceRoutes or do it from the PuTTy client as admin. You can also add a policy to one of your Computers connected via LAN cable to go to VPN and test some traceroutes on the VPN to see what is occurring with the VPN connection.

 

[dhruvcasper]

Android box is connected to Asus router only through. its the asus laptop which is in the pic. i am testing the speed on my laptop first before i policy route to android box. I will do the trace routes and share the result.