Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Openvpn TCP.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Openvpn TCP.

NetZDarkNetZDark Member
edited January 2017 in Help

Hello to all,
I have a problem with openvpn, I set openvpn in tcp 80 (why the isp blocked some ports in udp)
the problem is the speed, without vpn the speed is (30 megabit) and with vpn the speed is (2 megabit with high ping)
This is my configuration of openvpn:

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote (IP) 80
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3

And server is:


port 80
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

The server is aruba cloud (1000mbps lan)

(PS: Sorry for my bad english)

Comments

  • jiggawattjiggawatt Member
    edited January 2017

    Honestly I think this is what you can expect from OpenVPN over TCP. You're basically hiding a TCP connection inside another TCP connection, both of which will be degraded by TCP's control algorithms making sure that your packets arrive properly.

    What is the processor on the host? Perhaps it's old and doesn't have the AES instruction set which also might degrade your performance.

  • @jiggawattz said:
    Honestly I think this is what you can expect from OpenVPN over TCP. You're basically hiding a TCP connection inside another TCP connection, both of which will be degraded by TCP's control algorithms making sure that your packets arrive properly.

    What is the processor on the host? Perhaps it's old and doesn't have the AES instruction set which also might degrade your performance.

    Xeon E5-2650L

  • Use port 443 and remove comp-lzo from both config

  • HyperFilter_OfficialHyperFilter_Official Member, Patron Provider

    If you use ports such as 80/443, there could be issues as there could be transparent proxying through these ports or even traffic shaping depending on the ISP.

  • @jiggawattz said:
    Honestly I think this is what you can expect from OpenVPN over TCP. You're basically hiding a TCP connection inside another TCP connection, both of which will be degraded by TCP's control algorithms making sure that your packets arrive properly.

    What is the processor on the host? Perhaps it's old and doesn't have the AES instruction set which also might degrade your performance.

    Nope. I'm sometimes using VPN over TCP and while that is considerably slower than over UDP it's not that crass (2 instead of 30 Mb). Also note that the major difference is in time to paint (~ latency), not in speed per se.

    @HyperFilter_Official said:
    If you use ports such as 80/443, there could be issues as there could be transparent proxying through these ports or even traffic shaping depending on the ISP.

    Yes, that looks more like a source of problems.

    Also compression almost certainly is part of the story. Increases time to paint, too. General rule: leave compression for the services; they know most about their stuff. Example: turn compression on or off with the http server.
    And keep in mind that very often vpn compression will actually work RE-compressing which is a way to waste cpu cycles big time.

  • Have you tried to download files from the server to check the speed?
    You can have a try with shadowsocks solution, it's much stable than openvpn.

  • not exactly on topic but isn't auth SHA256 (or something similar) needed aftercipher AES-128-CBC?

    if not needed what is the function of auth SHA256?

  • cipher AES-128-CBC says how the data is encrypted while auth SHA256 says how users are authorized (vulgo, how the password is transmitted. here it's sha256 hashed).

    Thanked by 1yekta
  • miaumiau Member
    edited January 2017

    I dont know why, but openvpn gets really crappy on tcp mode. I only get 3MBps with vpn out of 10MBps with direct connection. I can get almost full speed by simply switching to udp mode though.

    Yeah I totally understand the tcp in tcp problem, but it is not supposed to be that bad.

    Try softether instead. Its lot better than ovpn in tcp. Got 8-9 MBps with this. Just make sure you run it in local bridge mode.

Sign In or Register to comment.