I'm running OpenVPN 2.3.10 x86_64-w64-mingw32 and have tried a variety of versions of TAP drivers, but they all get around the same speed. VirtualBox is installed (but I'm connecting to the VPN from the physical, non-virtualized desktop) and for a while if I unchecked the "VirtualBox Bridged Networking Driver" checkbox on the TAP Interface connection's properties (right-click, Networking tab) while the VPN was connected, I could get better speeds.
This may have been a red herring, because after disconnecting and reconnecting to the VPN, speeds would go right back to ~15 Mbps.
And in my attempts to resolve this issue, I upgraded VirtualBox to 5.0.14, and now the TAP interface has a different checkbox, named "VirtualBox NDIS6 Bridged Networking Driver" but checking or unchecking it has no effect. I've disabled all of the checkboxes exept for IPv4 just to rule anything else out.
I've tried using TCP (it got slower), changed ciphers and enabled/disabled lzo compression, but haven't found a way to significantly improve performance.
Here is the client conf:
Code: Select all
client
dev tun
proto udp
remote [redacted] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
comp-lzo
verb 3
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert MyVPN.crt
key MyVPN.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo no
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
Fri Feb 05 15:30:53 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 1 2016
Fri Feb 05 15:30:53 2016 Windows version 6.1 (Windows 7)
Fri Feb 05 15:30:53 2016 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.09
Enter Management Password:
Fri Feb 05 15:30:53 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 05 15:30:53 2016 Need hold release from management interface, waiting...
Fri Feb 05 15:30:54 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 05 15:30:54 2016 MANAGEMENT: CMD 'state on'
Fri Feb 05 15:30:54 2016 MANAGEMENT: CMD 'log all on'
Fri Feb 05 15:30:54 2016 MANAGEMENT: CMD 'hold off'
Fri Feb 05 15:30:54 2016 MANAGEMENT: CMD 'hold release'
Fri Feb 05 15:30:54 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 05 15:30:54 2016 UDPv4 link local: [undef]
Fri Feb 05 15:30:54 2016 UDPv4 link remote: [AF_INET]107.161.31.22:1194
Fri Feb 05 15:30:54 2016 MANAGEMENT: >STATE:1454704254,WAIT,,,
Fri Feb 05 15:30:54 2016 MANAGEMENT: >STATE:1454704254,AUTH,,,
Fri Feb 05 15:30:54 2016 TLS: Initial packet from [AF_INET]107.161.31.22:1194, sid=6615a814 25171a60
Fri Feb 05 15:30:54 2016 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=MyVPN, OU=MyVPN, CN=MyVPN CA, name=MyVPN, emailAddress=me@example.com
Fri Feb 05 15:30:54 2016 Validating certificate key usage
Fri Feb 05 15:30:54 2016 ++ Certificate has key usage 00a0, expects 00a0
Fri Feb 05 15:30:54 2016 VERIFY KU OK
Fri Feb 05 15:30:54 2016 Validating certificate extended key usage
Fri Feb 05 15:30:54 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Feb 05 15:30:54 2016 VERIFY EKU OK
Fri Feb 05 15:30:54 2016 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=MyVPN, OU=MyVPN, CN=MyVPN, name=MyVPN, emailAddress=me@example.com
Fri Feb 05 15:30:55 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 05 15:30:55 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 05 15:30:55 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 05 15:30:55 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 05 15:30:55 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Feb 05 15:30:55 2016 [MyVPN] Peer Connection Initiated with [AF_INET]107.161.31.22:1194
Fri Feb 05 15:30:56 2016 MANAGEMENT: >STATE:1454704256,GET_CONFIG,,,
Fri Feb 05 15:30:57 2016 SENT CONTROL [MyVPN]: 'PUSH_REQUEST' (status=1)
Fri Feb 05 15:30:57 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Feb 05 15:30:57 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 05 15:30:57 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 05 15:30:57 2016 OPTIONS IMPORT: route options modified
Fri Feb 05 15:30:57 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Feb 05 15:30:57 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=19 HWADDR=64:31:50:32:75:20
Fri Feb 05 15:30:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 05 15:30:57 2016 MANAGEMENT: >STATE:1454704257,ASSIGN_IP,,10.8.0.6,
Fri Feb 05 15:30:57 2016 open_tun, tt->ipv6=0
Fri Feb 05 15:30:57 2016 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{43375603-876D-4D52-9EDA-CFA8A4F077D5}.tap
Fri Feb 05 15:30:57 2016 TAP-Windows Driver Version 9.9
Fri Feb 05 15:30:57 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {43375603-876D-4D52-9EDA-CFA8A4F077D5} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Feb 05 15:30:57 2016 Successful ARP Flush on interface [38] {43375603-876D-4D52-9EDA-CFA8A4F077D5}
Fri Feb 05 15:31:02 2016 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Feb 05 15:31:02 2016 C:\Windows\system32\route.exe ADD 107.161.31.22 MASK 255.255.255.255 192.168.1.1
Fri Feb 05 15:31:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Fri Feb 05 15:31:02 2016 Route addition via IPAPI succeeded [adaptive]
Fri Feb 05 15:31:02 2016 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Feb 05 15:31:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Feb 05 15:31:02 2016 Route addition via IPAPI succeeded [adaptive]
Fri Feb 05 15:31:02 2016 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Feb 05 15:31:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Feb 05 15:31:02 2016 Route addition via IPAPI succeeded [adaptive]
Fri Feb 05 15:31:02 2016 MANAGEMENT: >STATE:1454704262,ADD_ROUTES,,,
Fri Feb 05 15:31:02 2016 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri Feb 05 15:31:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Feb 05 15:31:02 2016 Route addition via IPAPI succeeded [adaptive]
Fri Feb 05 15:31:02 2016 Initialization Sequence Completed
Fri Feb 05 15:31:02 2016 MANAGEMENT: >STATE:1454704262,CONNECTED,SUCCESS,10.8.0.6,107.161.31.22