All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Openvpn TCP.
Hello to all,
I have a problem with openvpn, I set openvpn in tcp 80 (why the isp blocked some ports in udp)
the problem is the speed, without vpn the speed is (30 megabit) and with vpn the speed is (2 megabit with high ping)
This is my configuration of openvpn:
client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote (IP) 80
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
And server is:
port 80
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
The server is aruba cloud (1000mbps lan)
(PS: Sorry for my bad english)
Comments
Honestly I think this is what you can expect from OpenVPN over TCP. You're basically hiding a TCP connection inside another TCP connection, both of which will be degraded by TCP's control algorithms making sure that your packets arrive properly.
What is the processor on the host? Perhaps it's old and doesn't have the AES instruction set which also might degrade your performance.
Xeon E5-2650L
Use port 443 and remove comp-lzo from both config
If you use ports such as 80/443, there could be issues as there could be transparent proxying through these ports or even traffic shaping depending on the ISP.
Nope. I'm sometimes using VPN over TCP and while that is considerably slower than over UDP it's not that crass (2 instead of 30 Mb). Also note that the major difference is in time to paint (~ latency), not in speed per se.
Yes, that looks more like a source of problems.
Also compression almost certainly is part of the story. Increases time to paint, too. General rule: leave compression for the services; they know most about their stuff. Example: turn compression on or off with the http server.
And keep in mind that very often vpn compression will actually work RE-compressing which is a way to waste cpu cycles big time.
Have you tried to download files from the server to check the speed?
You can have a try with shadowsocks solution, it's much stable than openvpn.
not exactly on topic but isn't
auth SHA256
(or something similar) needed aftercipher AES-128-CBC
?if not needed what is the function of
auth SHA256
?cipher AES-128-CBC says how the data is encrypted while auth SHA256 says how users are authorized (vulgo, how the password is transmitted. here it's sha256 hashed).
I dont know why, but openvpn gets really crappy on tcp mode. I only get 3MBps with vpn out of 10MBps with direct connection. I can get almost full speed by simply switching to udp mode though.
Yeah I totally understand the tcp in tcp problem, but it is not supposed to be that bad.
Try softether instead. Its lot better than ovpn in tcp. Got 8-9 MBps with this. Just make sure you run it in local bridge mode.