[Solved] Slow speed ONLY via home router connection

[gudetuxir]

Howdy,

I have an OVH vps service with OpenVPN fine configured (3 laptops, 2 mobile phones, and a desktop): each different easy-rsa crt/key generated.

For last 9 months everything has been working fine. Problems got started after replacing my home router. For first few days, everything worked fine. Then suddenly (after upgrading OpenVPN at the Linux server), it all started.

Funny thing is, the OpenVPN server for other connections (not via my home router) work fine (full speed) - the problem occurs ONLY when I'm trying to connect via home router. Furhtermore, when I switched back to an old router it didn't helped, it's still screwed up.
(btw. I have my OpenVPN configured on each client separetly, not on the router; the home router is only the ISP gateway. it's pretty same configured as the previous one, nothing fancy is going on here)

And the problem is: downloading speed is about up to 100 kb/s at max (usually, 50-100).

I have tried many things, and nothing helped, thus I'm forced to ask here for help.

The new router is TP-Link TL-WR740N v4.23 (firmware: DD-WRT v24-sp2), but I'm pretty sure it's not the problem source since on the previous router it still sucks (when I'm switched back -- and it worked all fine eariler ).


What I tried (none of follows work):

- changing DHCP on my client (on the old router it was 192.168.1.5, now it is 192.168.1.69),
- generating new easy-rsa crt/key files for the client,
- modyfing server.conf in every possible manner (udp/tcp, tun/tap, different ports, different ciphers, LZO comp on/off, and so on...).

The speed is always the same LOW. When I connect my device via 3G the speed is maximum, and via the home router - it never exceeds 100 kb/s. Everything works pretty fine, but not on my home router (before replacing router it worked at max speed either).

Although I'm very familiar with Linux, I'm not OpenVPN expert, so perhaps someone more experienced can help me out here.


My config is as follows:

(and I'm pretty sure it is all well configured, since it has been working for last 9 months -- and also, for other connections (but via my home router) it still works really fine - with max speed)


I used this tutorial (about 9 months ago):
https://www.digitalocean.com/community/ ... n-debian-8

I have Debian 8.8 on my server (VPS).


openvpn version

Code: Select all

# openvpn --version
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no

server.conf

Code: Select all

# cat /etc/openvpn/server.conf

port 1193
proto udp
dev tun

ca ca.crt
cert server.crt
dh dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

keepalive 10 180
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

# I keep my log offline, but I've checked them all and it seems kind of fine to me
status /dev/null
log /dev/null
verb 3

sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

client example config file (.ovpn)

Code: Select all

# cat client1.ovpn

client
dev tun
proto udp

remote IP_ADDRESS_GOES_HERE 1193
resolv-retry infinite
nobind

user nobody
group nogroup

persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key

ns-cert-type server

comp-lzo
verb 3

ipp.txt

Code: Select all

# cat /etc/openvpn/ipp.txt

client1,10.8.0.4
client2,10.8.0.8
client3,10.8.0.12
client4,10.8.0.16
client5,10.8.0.20
client6,10.8.0.24
client7,10.8.0.28
client8,10.8.0.32
client9,10.8.0.36
client10,10.8.0.40
client11,10.8.0.44
client12,10.8.0.48

I'll be very appreciated for Your help. Perhaps someone had experienced similar problem.


~ THANK YOU A LOT!

Mike

[TinCanTech]

I have Debian 8.8 on my server (VPS).

# openvpn --version
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08

You can get fully up to date version (2.4.x) here:
https://community.openvpn.net/openvpn/w ... twareRepos

But be aware, 2.4 is considerably different to 2.3 with such things as negotiating ciphers ..
There will be a lot to read.

# I keep my log offline, but I've checked them all and it seems kind of fine to me
status /dev/null
log /dev/null
verb 3

Set --verb 4 and check your server and client logs (best to post them here, sanitized), Please see:
HOWTO: Request Help ! {2}

I'm pretty sure it is all well configured, since it has been working for last 9 months -- and also, for other connections (but via my home router) it still works really fine - with max speed

Perhaps there is something wrong with your internet connection itself.

[gudetuxir]

TinCanTech, thx for posting.

If nothing will help, I'll try with upgrading to 2.4.x (I prefer rather staying with default Debian 2.3 version, for now)


I'm posting logs from openvpn.log (verb at level 4)


@verb 4

Code: Select all

# cat /etc/openvpn/openvpn.log
Mon Jul  3 17:25:47 2017 us=680011   config = '/etc/openvpn/server.conf'
Mon Jul  3 17:25:47 2017 us=680039   mode = 1
Mon Jul  3 17:25:47 2017 us=680062   persist_config = DISABLED
Mon Jul  3 17:25:47 2017 us=680084   persist_mode = 1
Mon Jul  3 17:25:47 2017 us=680105   show_ciphers = DISABLED
Mon Jul  3 17:25:47 2017 us=680125   show_digests = DISABLED
Mon Jul  3 17:25:47 2017 us=680146   show_engines = DISABLED
Mon Jul  3 17:25:47 2017 us=680167   genkey = DISABLED
Mon Jul  3 17:25:47 2017 us=680190   key_pass_file = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680210   show_tls_ciphers = DISABLED
Mon Jul  3 17:25:47 2017 us=680231 Connection profiles [default]:
Mon Jul  3 17:25:47 2017 us=680253   proto = udp
Mon Jul  3 17:25:47 2017 us=680274   local = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680294   local_port = 1193
Mon Jul  3 17:25:47 2017 us=680315   remote = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680336   remote_port = 1193
Mon Jul  3 17:25:47 2017 us=680356   remote_float = DISABLED
Mon Jul  3 17:25:47 2017 us=680377   bind_defined = DISABLED
Mon Jul  3 17:25:47 2017 us=680397   bind_local = ENABLED
Mon Jul  3 17:25:47 2017 us=680418   connect_retry_seconds = 5
Mon Jul  3 17:25:47 2017 us=680439   connect_timeout = 10
Mon Jul  3 17:25:47 2017 us=680463   connect_retry_max = 0
Mon Jul  3 17:25:47 2017 us=680484   socks_proxy_server = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680505   socks_proxy_port = 0
Mon Jul  3 17:25:47 2017 us=680525   socks_proxy_retry = DISABLED
Mon Jul  3 17:25:47 2017 us=680548   tun_mtu = 1500
Mon Jul  3 17:25:47 2017 us=680569   tun_mtu_defined = ENABLED
Mon Jul  3 17:25:47 2017 us=680590   link_mtu = 1500
Mon Jul  3 17:25:47 2017 us=680611   link_mtu_defined = DISABLED
Mon Jul  3 17:25:47 2017 us=680632   tun_mtu_extra = 0
Mon Jul  3 17:25:47 2017 us=680653   tun_mtu_extra_defined = DISABLED
Mon Jul  3 17:25:47 2017 us=680674   mtu_discover_type = -1
Mon Jul  3 17:25:47 2017 us=680775   fragment = 0
Mon Jul  3 17:25:47 2017 us=680799   mssfix = 1450
Mon Jul  3 17:25:47 2017 us=680820   explicit_exit_notification = 0
Mon Jul  3 17:25:47 2017 us=680840 Connection profiles END
Mon Jul  3 17:25:47 2017 us=680866   remote_random = DISABLED
Mon Jul  3 17:25:47 2017 us=680900   ipchange = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680924   dev = 'tun'
Mon Jul  3 17:25:47 2017 us=680944   dev_type = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680965   dev_node = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=680985   lladdr = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681006   topology = 1
Mon Jul  3 17:25:47 2017 us=681027   tun_ipv6 = DISABLED
Mon Jul  3 17:25:47 2017 us=681047   ifconfig_local = '10.8.0.1'
Mon Jul  3 17:25:47 2017 us=681073   ifconfig_remote_netmask = '10.8.0.2'
Mon Jul  3 17:25:47 2017 us=681099   ifconfig_noexec = DISABLED
Mon Jul  3 17:25:47 2017 us=681120   ifconfig_nowarn = DISABLED
Mon Jul  3 17:25:47 2017 us=681141   ifconfig_ipv6_local = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681164   ifconfig_ipv6_netbits = 0
Mon Jul  3 17:25:47 2017 us=681184   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681205   shaper = 0
Mon Jul  3 17:25:47 2017 us=681225   mtu_test = 0
Mon Jul  3 17:25:47 2017 us=681245   mlock = DISABLED
Mon Jul  3 17:25:47 2017 us=681266   keepalive_ping = 10
Mon Jul  3 17:25:47 2017 us=681287   keepalive_timeout = 180
Mon Jul  3 17:25:47 2017 us=681308   inactivity_timeout = 0
Mon Jul  3 17:25:47 2017 us=681328   ping_send_timeout = 10
Mon Jul  3 17:25:47 2017 us=681349   ping_rec_timeout = 360
Mon Jul  3 17:25:47 2017 us=681369   ping_rec_timeout_action = 2
Mon Jul  3 17:25:47 2017 us=681390   ping_timer_remote = DISABLED
Mon Jul  3 17:25:47 2017 us=681410   remap_sigusr1 = 0
Mon Jul  3 17:25:47 2017 us=681431   persist_tun = ENABLED
Mon Jul  3 17:25:47 2017 us=681452   persist_local_ip = DISABLED
Mon Jul  3 17:25:47 2017 us=681472   persist_remote_ip = DISABLED
Mon Jul  3 17:25:47 2017 us=681493   persist_key = ENABLED
Mon Jul  3 17:25:47 2017 us=681513   passtos = DISABLED
Mon Jul  3 17:25:47 2017 us=681533   resolve_retry_seconds = 1000000000
Mon Jul  3 17:25:47 2017 us=681573   username = 'nobody'
Mon Jul  3 17:25:47 2017 us=681597   groupname = 'nogroup'
Mon Jul  3 17:25:47 2017 us=681619   chroot_dir = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681640   cd_dir = '/etc/openvpn'
Mon Jul  3 17:25:47 2017 us=681664   writepid = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681684   up_script = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681705   down_script = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=681726   down_pre = DISABLED
Mon Jul  3 17:25:47 2017 us=681746   up_restart = DISABLED
Mon Jul  3 17:25:47 2017 us=681767   up_delay = DISABLED
Mon Jul  3 17:25:47 2017 us=681788   daemon = ENABLED
Mon Jul  3 17:25:47 2017 us=681809   inetd = 0
Mon Jul  3 17:25:47 2017 us=681829   log = ENABLED
Mon Jul  3 17:25:47 2017 us=681850   suppress_timestamps = DISABLED
Mon Jul  3 17:25:47 2017 us=681872   nice = 0
Mon Jul  3 17:25:47 2017 us=681905   verbosity = 4
Mon Jul  3 17:25:47 2017 us=681930   mute = 0
Mon Jul  3 17:25:47 2017 us=681951   gremlin = 0
Mon Jul  3 17:25:47 2017 us=681972   status_file = 'openvpn-status.log'
Mon Jul  3 17:25:47 2017 us=681993   status_file_version = 1
Mon Jul  3 17:25:47 2017 us=682014   status_file_update_freq = 10
Mon Jul  3 17:25:47 2017 us=682034   occ = ENABLED
Mon Jul  3 17:25:47 2017 us=682058   rcvbuf = 393216
Mon Jul  3 17:25:47 2017 us=682078   sndbuf = 393216
Mon Jul  3 17:25:47 2017 us=682099   mark = 0
Mon Jul  3 17:25:47 2017 us=682119   sockflags = 0
Mon Jul  3 17:25:47 2017 us=682139   fast_io = DISABLED
Mon Jul  3 17:25:47 2017 us=682159   lzo = 7
Mon Jul  3 17:25:47 2017 us=682179   route_script = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=682200   route_default_gateway = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=682232   route_default_metric = 0
Mon Jul  3 17:25:47 2017 us=682252   route_noexec = DISABLED
Mon Jul  3 17:25:47 2017 us=682272   route_delay = 0
Mon Jul  3 17:25:47 2017 us=682304   route_delay_window = 30
Mon Jul  3 17:25:47 2017 us=682325   route_delay_defined = DISABLED
Mon Jul  3 17:25:47 2017 us=682345   route_nopull = DISABLED
Mon Jul  3 17:25:47 2017 us=682366   route_gateway_via_dhcp = DISABLED
Mon Jul  3 17:25:47 2017 us=682387   max_routes = 100
Mon Jul  3 17:25:47 2017 us=682407   allow_pull_fqdn = DISABLED
Mon Jul  3 17:25:47 2017 us=682434   route 10.8.0.0/255.255.255.0/nil/nil
Mon Jul  3 17:25:47 2017 us=682460   management_addr = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=682481   management_port = 0
Mon Jul  3 17:25:47 2017 us=682502   management_user_pass = '[UNDEF]'
Mon Jul  3 17:25:47 2017 us=682523   management_log_history_cache = 250
Mon Jul  3 17:11:13 2017 us=574958   management_echo_buffer_size = 100
Mon Jul  3 17:11:13 2017 us=574963   management_write_peer_info_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=574968   management_client_user = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=574972   management_client_group = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=574976   management_flags = 0
Mon Jul  3 17:11:13 2017 us=574983   shared_secret_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=574988   key_direction = 0
Mon Jul  3 17:11:13 2017 us=574992   ciphername_defined = ENABLED
Mon Jul  3 17:11:13 2017 us=574996   ciphername = 'BF-CBC'
Mon Jul  3 17:11:13 2017 us=575000   authname_defined = ENABLED
Mon Jul  3 17:11:13 2017 us=575005   authname = 'SHA1'
Mon Jul  3 17:11:13 2017 us=575009   prng_hash = 'SHA1'
Mon Jul  3 17:11:13 2017 us=575013   prng_nonce_secret_len = 16
Mon Jul  3 17:11:13 2017 us=575017   keysize = 0
Mon Jul  3 17:11:13 2017 us=575021   engine = DISABLED
Mon Jul  3 17:11:13 2017 us=575026   replay = ENABLED
Mon Jul  3 17:11:13 2017 us=575030   mute_replay_warnings = DISABLED
Mon Jul  3 17:11:13 2017 us=575034   replay_window = 64
Mon Jul  3 17:11:13 2017 us=575038   replay_time = 15
Mon Jul  3 17:11:13 2017 us=575042   packet_id_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575046   use_iv = ENABLED
Mon Jul  3 17:11:13 2017 us=575050   test_crypto = DISABLED
Mon Jul  3 17:11:13 2017 us=575054   tls_server = ENABLED
Mon Jul  3 17:11:13 2017 us=575058   tls_client = DISABLED
Mon Jul  3 17:11:13 2017 us=575063   key_method = 2
Mon Jul  3 17:11:13 2017 us=575076   ca_file = 'ca.crt'
Mon Jul  3 17:11:13 2017 us=575080   ca_path = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575085   dh_file = 'dh2048.pem'
Mon Jul  3 17:11:13 2017 us=575089   cert_file = 'server.crt'
Mon Jul  3 17:11:13 2017 us=575093   priv_key_file = 'server.key'
Mon Jul  3 17:11:13 2017 us=575097   pkcs12_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575102   cipher_list = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575106   tls_verify = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575110   tls_export_cert = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575114   verify_x509_type = 0
Mon Jul  3 17:11:13 2017 us=575119   verify_x509_name = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575123   crl_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575127   ns_cert_type = 0
Mon Jul  3 17:11:13 2017 us=575131   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575135   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575139   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575143   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575147   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575151   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575156   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575160   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575164   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575167   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575171   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575175   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575179   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575183   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575187   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575191   remote_cert_ku[i] = 0
Mon Jul  3 17:11:13 2017 us=575195   remote_cert_eku = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575200   ssl_flags = 0
Mon Jul  3 17:11:13 2017 us=575204   tls_timeout = 2
Mon Jul  3 17:11:13 2017 us=575208   renegotiate_bytes = 0
Mon Jul  3 17:11:13 2017 us=575212   renegotiate_packets = 0
Mon Jul  3 17:11:13 2017 us=575216   renegotiate_seconds = 3600
Mon Jul  3 17:11:13 2017 us=575220   handshake_window = 60
Mon Jul  3 17:11:13 2017 us=575224   transition_window = 3600
Mon Jul  3 17:11:13 2017 us=575228   single_session = DISABLED
Mon Jul  3 17:11:13 2017 us=575233   push_peer_info = DISABLED
Mon Jul  3 17:11:13 2017 us=575237   tls_exit = DISABLED
Mon Jul  3 17:11:13 2017 us=575241   tls_auth_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575245   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575250   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575254   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575258   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575262   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575266   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575270   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575274   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575278   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575282   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575286   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575290   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575294   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575299   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575303   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575307   pkcs11_protected_authentication = DISABLED
Mon Jul  3 17:11:13 2017 us=575311   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575315   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575320   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575324   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575328   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575336   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575340   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575345   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575349   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575353   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575357   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575361   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575365   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575369   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575373   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575377   pkcs11_private_mode = 00000000
Mon Jul  3 17:11:13 2017 us=575381   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575385   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575389   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575393   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575397   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575401   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575405   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575409   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575413   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575417   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575421   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575425   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575430   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575434   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575438   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575442   pkcs11_cert_private = DISABLED
Mon Jul  3 17:11:13 2017 us=575446   pkcs11_pin_cache_period = -1
Mon Jul  3 17:11:13 2017 us=575450   pkcs11_id = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575454   pkcs11_id_management = DISABLED
Mon Jul  3 17:11:13 2017 us=575460   server_network = 10.8.0.0
Mon Jul  3 17:11:13 2017 us=575464   server_netmask = 255.255.255.0
Mon Jul  3 17:11:13 2017 us=575470   server_network_ipv6 = ::
Mon Jul  3 17:11:13 2017 us=575474   server_netbits_ipv6 = 0
Mon Jul  3 17:11:13 2017 us=575479   server_bridge_ip = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575483   server_bridge_netmask = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575488   server_bridge_pool_start = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575493   server_bridge_pool_end = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575497   push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Jul  3 17:11:13 2017 us=575501   push_entry = 'dhcp-option DNS 208.67.222.222'
Mon Jul  3 17:11:13 2017 us=575506   push_entry = 'dhcp-option DNS 208.67.220.220'
Mon Jul  3 17:11:13 2017 us=575510   push_entry = 'sndbuf 393216'
Mon Jul  3 17:11:13 2017 us=575514   push_entry = 'rcvbuf 393216'
Mon Jul  3 17:11:13 2017 us=575518   push_entry = 'route 10.8.0.1'
Mon Jul  3 17:11:13 2017 us=575522   push_entry = 'topology net30'
Mon Jul  3 17:11:13 2017 us=575526   push_entry = 'ping 10'
Mon Jul  3 17:11:13 2017 us=575531   push_entry = 'ping-restart 180'
Mon Jul  3 17:11:13 2017 us=575535   ifconfig_pool_defined = ENABLED
Mon Jul  3 17:11:13 2017 us=575539   ifconfig_pool_start = 10.8.0.4
Mon Jul  3 17:11:13 2017 us=575544   ifconfig_pool_end = 10.8.0.251
Mon Jul  3 17:11:13 2017 us=575549   ifconfig_pool_netmask = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575553   ifconfig_pool_persist_filename = 'ipp.txt'
Mon Jul  3 17:11:13 2017 us=575557   ifconfig_pool_persist_refresh_freq = 600
Mon Jul  3 17:11:13 2017 us=575562   ifconfig_ipv6_pool_defined = DISABLED
Mon Jul  3 17:11:13 2017 us=575566   ifconfig_ipv6_pool_base = ::
Mon Jul  3 17:11:13 2017 us=575570   ifconfig_ipv6_pool_netbits = 0
Mon Jul  3 17:11:13 2017 us=575574   n_bcast_buf = 256
Mon Jul  3 17:11:13 2017 us=575579   tcp_queue_limit = 64
Mon Jul  3 17:11:13 2017 us=575583   real_hash_size = 256
Mon Jul  3 17:11:13 2017 us=575587   virtual_hash_size = 256
Mon Jul  3 17:11:13 2017 us=575591   client_connect_script = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575599   learn_address_script = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575604   client_disconnect_script = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575609   client_config_dir = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575613   ccd_exclusive = DISABLED
Mon Jul  3 17:11:13 2017 us=575617   tmp_dir = '/tmp'
Mon Jul  3 17:11:13 2017 us=575621   push_ifconfig_defined = DISABLED
Mon Jul  3 17:11:13 2017 us=575626   push_ifconfig_local = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575631   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul  3 17:11:13 2017 us=575635   push_ifconfig_ipv6_defined = DISABLED
Mon Jul  3 17:11:13 2017 us=575640   push_ifconfig_ipv6_local = ::/0
Mon Jul  3 17:11:13 2017 us=575644   push_ifconfig_ipv6_remote = ::
Mon Jul  3 17:11:13 2017 us=575648   enable_c2c = DISABLED
Mon Jul  3 17:11:13 2017 us=575652   duplicate_cn = DISABLED
Mon Jul  3 17:11:13 2017 us=575657   cf_max = 0
Mon Jul  3 17:11:13 2017 us=575661   cf_per = 0
Mon Jul  3 17:11:13 2017 us=575665   max_clients = 1024
Mon Jul  3 17:11:13 2017 us=575669   max_routes_per_client = 256
Mon Jul  3 17:11:13 2017 us=575673   auth_user_pass_verify_script = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575678   auth_user_pass_verify_script_via_file = DISABLED
Mon Jul  3 17:11:13 2017 us=575682   port_share_host = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575686   port_share_port = 0
Mon Jul  3 17:11:13 2017 us=575690   client = DISABLED
Mon Jul  3 17:11:13 2017 us=575694   pull = DISABLED
Mon Jul  3 17:11:13 2017 us=575699   auth_user_pass_file = '[UNDEF]'
Mon Jul  3 17:11:13 2017 us=575704 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
Mon Jul  3 17:11:13 2017 us=575717 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Mon Jul  3 17:11:13 2017 us=576215 Diffie-Hellman initialized with 2048 bit key
Mon Jul  3 17:11:13 2017 us=577137 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul  3 17:11:13 2017 us=577180 Socket Buffers: R=[212992->425984] S=[212992->425984]
Mon Jul  3 17:11:13 2017 us=577284 ROUTE_GATEWAY 51.yyy.xxx.1
Mon Jul  3 17:11:13 2017 us=577966 TUN/TAP device tun0 opened
Mon Jul  3 17:11:13 2017 us=577985 TUN/TAP TX queue length set to 100
Mon Jul  3 17:11:13 2017 us=577997 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul  3 17:11:13 2017 us=578016 /sbin/ip link set dev tun0 up mtu 1500
Mon Jul  3 17:11:13 2017 us=580332 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Mon Jul  3 17:11:13 2017 us=582643 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Mon Jul  3 17:11:13 2017 us=585407 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul  3 17:11:13 2017 us=589314 GID set to nogroup
Mon Jul  3 17:11:13 2017 us=589346 UID set to nobody
Mon Jul  3 17:11:13 2017 us=589358 UDPv4 link local (bound): [undef]
Mon Jul  3 17:11:13 2017 us=589363 UDPv4 link remote: [undef]
Mon Jul  3 17:11:13 2017 us=589370 MULTI: multi_init called, r=256 v=256
Mon Jul  3 17:11:13 2017 us=589430 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Mon Jul  3 17:11:13 2017 us=589442 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589453 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589458 ifconfig_pool_read(), in='client2,10.8.0.8', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589462 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589467 ifconfig_pool_read(), in='client3,10.8.0.12', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589471 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589475 ifconfig_pool_read(), in='client4,10.8.0.16', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589479 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589483 ifconfig_pool_read(), in='client5,10.8.0.20', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589488 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589492 ifconfig_pool_read(), in='client6,10.8.0.24', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589496 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589526 ifconfig_pool_read(), in='client7,10.8.0.28', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589532 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589536 ifconfig_pool_read(), in='client8,10.8.0.32', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589540 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589544 ifconfig_pool_read(), in='client9,10.8.0.36', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589548 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589552 ifconfig_pool_read(), in='client10,10.8.0.40', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589556 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589561 ifconfig_pool_read(), in='client11,10.8.0.44', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589565 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589569 ifconfig_pool_read(), in='client12,10.8.0.48', TODO: IPv6
Mon Jul  3 17:11:13 2017 us=589573 succeeded -> ifconfig_pool_set()
Mon Jul  3 17:11:13 2017 us=589578 IFCONFIG POOL LIST
Mon Jul  3 17:11:13 2017 us=589584 client1,10.8.0.4
Mon Jul  3 17:11:13 2017 us=589588 client2,10.8.0.8
Mon Jul  3 17:11:13 2017 us=589593 client3,10.8.0.12
Mon Jul  3 17:11:13 2017 us=589597 client4,10.8.0.16
Mon Jul  3 17:11:13 2017 us=589602 client5,10.8.0.20
Mon Jul  3 17:11:13 2017 us=589606 client6,10.8.0.24
Mon Jul  3 17:11:13 2017 us=589610 client7,10.8.0.28
Mon Jul  3 17:11:13 2017 us=589615 client8,10.8.0.32
Mon Jul  3 17:11:13 2017 us=589619 client9,10.8.0.36
Mon Jul  3 17:11:13 2017 us=589623 client10,10.8.0.40
Mon Jul  3 17:11:13 2017 us=589628 client11,10.8.0.44
Mon Jul  3 17:11:13 2017 us=589632 client12,10.8.0.48
Mon Jul  3 17:11:13 2017 us=589655 Initialization Sequence Completed
Mon Jul  3 17:11:14 2017 us=310501 MULTI: multi_create_instance called
Mon Jul  3 17:11:14 2017 us=310557 93.181.xxx.yyy:35738 Re-using SSL/TLS context
Mon Jul  3 17:11:14 2017 us=310659 93.181.xxx.yyy:35738 LZO compression initialized
Mon Jul  3 17:11:14 2017 us=310847 93.181.xxx.yyy:35738 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul  3 17:11:14 2017 us=310859 93.181.xxx.yyy:35738 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul  3 17:11:14 2017 us=310897 93.181.xxx.yyy:35738 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jul  3 17:11:14 2017 us=310904 93.181.xxx.yyy:35738 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jul  3 17:11:14 2017 us=310936 93.181.xxx.yyy:35738 Local Options hash (VER=V4): '530fdded'
Mon Jul  3 17:11:14 2017 us=310947 93.181.xxx.yyy:35738 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul  3 17:11:14 2017 us=311009 93.181.xxx.yyy:35738 TLS: Initial packet from [AF_INET]93.181.xxx.yyy:35738, sid=d7a84452 efc0ebd7
Mon Jul  3 17:11:14 2017 us=715974 93.181.xxx.yyy:35738 VERIFY OK: depth=1, C=PL, ST=DS, L=Wroclaw, O=Metahost, OU=Metahost VPS 1, CN=vps346979.ovh.net, name=vps346979.ovh.net, emailAddress=gudetuxir@ZZZ.com
Mon Jul  3 17:11:14 2017 us=716168 93.181.xxx.yyy:35738 VERIFY OK: depth=0, C=PL, ST=DS, L=Wroclaw, O=Metahost, OU=Metahost VPS 1, CN=Client1, name=vpn1.metahost.pl, emailAddress=gudetuxir@ZZZ.com
Mon Jul  3 17:11:14 2017 us=757754 93.181.xxx.yyy:35738 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul  3 17:11:14 2017 us=757805 93.181.xxx.yyy:35738 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  3 17:11:14 2017 us=757883 93.181.xxx.yyy:35738 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul  3 17:11:14 2017 us=757892 93.181.xxx.yyy:35738 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  3 17:11:14 2017 us=792168 93.181.xxx.yyy:35738 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Jul  3 17:11:14 2017 us=792234 93.181.xxx.yyy:35738 [Client1] Peer Connection Initiated with [AF_INET]93.181.xxx.yyy:35738
Mon Jul  3 17:11:14 2017 us=792290 Client1/93.181.xxx.yyy:35738 MULTI_sva: pool returned IPv4=10.8.0.50, IPv6=(Not enabled)
Mon Jul  3 17:11:14 2017 us=792327 Client1/93.181.xxx.yyy:35738 MULTI: Learn: 10.8.0.50 -> Client1/93.181.xxx.yyy:35738
Mon Jul  3 17:11:14 2017 us=792336 Client1/93.181.xxx.yyy:35738 MULTI: primary virtual IP for Client1/93.181.xxx.yyy:35738: 10.8.0.50
Mon Jul  3 17:11:17 2017 us=269160 Client1/93.181.xxx.yyy:35738 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul  3 17:11:17 2017 us=269241 Client1/93.181.xxx.yyy:35738 send_push_reply(): safe_cap=940
Mon Jul  3 17:11:17 2017 us=269290 Client1/93.181.xxx.yyy:35738 SENT CONTROL [Client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,sndbuf 393216,rcvbuf 393216,route 10.8.0.1,topology net30,ping 10,ping-restart 180,ifconfig 10.8.0.50 10.8.0.49' (status=1)
Mon Jul  3 17:11:17 2017 us=323485 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [fe80::925:d4d6:5e08:1833], packet dropped
Mon Jul  3 17:11:17 2017 us=606945 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:17 2017 us=895164 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:18 2017 us=439125 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:19 2017 us=328070 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:19 2017 us=495038 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:19 2017 us=562924 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:19 2017 us=799066 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:20 2017 us=284921 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:20 2017 us=295186 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:20 2017 us=647163 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:20 2017 us=999109 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:21 2017 us=255079 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:21 2017 us=479109 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [fe80::925:d4d6:5e08:1833], packet dropped
Mon Jul  3 17:11:21 2017 us=703135 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:21 2017 us=735094 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:22 2017 us=339332 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [fe80::925:d4d6:5e08:1833], packet dropped
Mon Jul  3 17:11:22 2017 us=406973 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [fe80::925:d4d6:5e08:1833], packet dropped
Mon Jul  3 17:11:23 2017 us=111219 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:23 2017 us=143042 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:25 2017 us=575162 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [fe80::925:d4d6:5e08:1833], packet dropped
Mon Jul  3 17:11:26 2017 us=87337 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:26 2017 us=87695 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped
Mon Jul  3 17:11:27 2017 us=111181 Client1/93.181.xxx.yyy:35738 MULTI: bad source address from client [192.168.1.69], packet dropped

btw. this MULTI: bad source address from client..., at the end of log file is nothing wrong (I've checked, and it occurs on every device: even those, which work on full speed); the low speed problem occurs only when connecting via the home router.



Do You see anything suspicious here?

[TinCanTech]

If nothing will help, I'll try with upgrading to 2.4.x (I prefer rather staying with default Debian 2.3 version, for now)

No problem.

Do You see anything suspicious here?

Nothing suspicious at all .. although sndbuf/rcvbuf will default to the OS default, unless you know you need to change it, you probably don't need to set it.

Because you only have a problem with one site (your home) and the problem only arose since changing the router (and changing back does not resolve it), I would be inclined to contact your ISP and report a fault.
(Perhaps they are throttling your VPN)

MULTI: bad source address from client

This can be safely ignored for now.

It is due to packets from the client passing over the VPN having your client eth0 IP (eg. 192.168.x.x) and not the tun0 IP (eg. 10.8.x.x), you can configure the server to learn those addresses with --client-config-dir.
See: HOWTO: Expanding the scope of the VPN to include additional machines

[gudetuxir]

I've just called ISP support, and the tech-guy explained me that there is no problem on their side. ehh...

ok, it seems I'm forced to upgrade to 2.4.3 [unstable], we'll see...

[gudetuxir]

ehh... after fighting many hours, I failed.

I upgraded OpenVPN to latest version (2.4.3, unstable @ Debian 64-bit):

Code: Select all

# openvpn --version
OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 30 2017
library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

...I even tried another VPS (from different provider, not OVH): I made fast setup, and... and the same thing. 100kbps is the maximum speed I achieve.


so I give up... I have no idea what is going on... ISP is saying that it is not their fault, and there is nothing they can do.

it is the router, there must be some setting I configured that is making mess here. everything works perfectly fine, but not via my router (or the previous one) -- and eariler it worked all fine... why did I touch it!?!?!?


ehh... so this is the end... there is no solution for that...


Regards all,

RIP.

[TinCanTech]

Can you download a large file from the internet (eg. Debian ISO) ?
from your home (with the dodgy router) ?
if so what speed do you get (without openvpn) ?

[gudetuxir]

TinCanTech, I can download large files from internet (everything works pretty fine). Without OpenVPN (directly) it goes max (~1,90 MB/s).

Only when using VPN it slows down to mentioned 50-100 kbps. I also tested drectly connection (with FTP) to the VPS: it goes max up / down.

I'm reading dd-wrt docs right now, but there is not many options to play with...

[gudetuxir]

and btw. it looks like there is some throttling up there... because when I'm starting to download a file, it starts with high speed (not max, but about 40-50% of max speed, then it goes down to 50-100 kbps within seconds).

[TinCanTech]

The openvpn config and log file from one of your clients (behind the dodgy router)
might be of some assistance at --verb 4

If :
(1) your router is simply being a router/modem and not doing any encryption/decryption
(2) and all the clients behind only that router have the same problem when using openvpn
(3) and you don't have any other problems related to speed from that site
(4) and your ISP will not help because you are not using their equipment

then
(4) put their equipment back in and try again (but I know you even tried that).

However,
I see you have changed the openvpn port to 1193 (I was going to suggest that)
UDP is always faster that TCP but you could try --proto tcp --port 443 (https)
(Just in case your ISP is trying to throttle you .. )
And, as a last resort, you could try --mtu-test in one of your problem clients.
Post that client's config and log once --mtu-test completes.

[TinCanTech]

btw. it looks like there is some throttling up there... because when I'm starting to download a file, it starts with high speed (not max, but about 40-50% of max speed, then it goes down to 50-100 kbps within seconds).

Over the VPN or directly .. please be specific.

[gudetuxir]

TinCanTech... I'm out of words at the moment... I don't know what to say, I'm totally shocked...


the thing is... everything works now fine (at full speed -- I mean, the OpenVPN)

I changed to:
- port: 443 (HTTPS),
- proto: TCP (so it's the same as "regular" website visitation... my ISP blocks VPN and they said they DO NOT, when I was calling their support... this is crazy... One more question: is it possible that they are doing it deliberately (intentionally) or this is my fault, because I messed up with router?

I'm asking, because my ISP is one of the biggest in my country, and I'll make a BIG CRAZY shit-storm over social media about that -- therefore, just askin'


and btw. PM me Your BTC wallet, I'll send You some $$ for a beer for helping me out!


BIG THANKS!!!!

[TinCanTech]

We fixed it in one Forum page

Do what you godda do


tincanteksup <at> gmail

[gudetuxir]

ok, I've just sent You a tip via PayPal.

co...io { - at - } GMAIL



CHEERS!

[TinCanTech]

Well

you may want to with-draw that payment because I have no idea who you sent it to ..

You do know not to open email attachments .. right ?

[gudetuxir]

CRAP! ...I cancelled it, right on time! (PayPal user tincanteksup_[AT]_GMAIL hasn't approved it yet).

- isn't it Your email?

so how can I send it? [I'm not able to send PM]

[TinCanTech]

Email me for my real details please

And relax

[gudetuxir]

...aaaaannndd it's done! Topic can be closed [SOLVED].