Poor performance after changing ISP

Posted: Thu Jan 30, 2020 5:05 pm
by witchy69
Hi folks,

I have a BT Homehub5 that's happily been running OpenWRT 18.06 and OpenVPN 2.x on Virgin for a few years with phone and laptop clients also on OpenVPN 2.x. A couple of weeks ago I changed ISP to ZEN after moving house and my performance has gone through the floor even on a 70/20 FTTC connection. I've upgraded all sides to latest versions and now have 15-20ms pings going between client and server but anything more involved than browsing the OpenWRT management interface kills pings. I suspect buffering but as usual with an open source product like this there's countless forums covering all versions with different solutions and help.

Server config

config openvpn 'VPNserver'
#option management 'localhost 7505'
option enabled '1'
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '5000'
#option ccd_exclusive '1'
#option client_config_dir '/etc/openvpn/clients'
option server ''
option ifconfig ''

list push 'route'
list push 'dhcp-option DOMAIN'
list push 'dhcp-option DNS'
list push 'dhcp-option NTP'
list push 'redirect-gateway def1'

option dh '/etc/ssl/openvpn/dh.pem'
#option pkcs12 '/etc/ssl/openvpn/vpn-server.p12'
option ca '/etc/ssl/openvpn/ca.crt'
option cert '/etc/ssl/openvpn/server.crt'
option key '/etc/ssl/openvpn/Gatekeeper.key'
option cipher 'AES-256-CBC'
option auth 'SHA512'
option tls_auth '/etc/ssl/openvpn/ta.key 0'
option tls_server '1'
option tls_version_min '1.2'

option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb '5'
option keepalive '10 120'
#option compress_lzo 'yes'
option client_to_client '1'
option persist_key '1'
#option redirect_gateway 'def1'
option persist_tun '1'
option sndbuf '393216'
option rcvbuf '393216'
#option sndbuf '0'
#option rcvbuf '0'
option mode 'server'
#option mtu_test '1'

#option fragment '0'
#option mssfix '0'
#option tun_mtu '48000'
#option link-mtu '48101'
option user 'nobody'
option group 'nogroup'
option auth_nocache '1'
option reneg_sec '3600'

You can see I've been trying a few things :)

Client config

dev tun
proto udp
remote xx.xx.xx.xx 65500
resolv-retry infinite
ca ca.crt
cert laptop.crt
key laptop.key

tls-auth ta.key 1
cipher AES-256-CBC
verb 5

tls-version-min 1.2

#pkcs12 vpn-laptop.p12

mssfix 0
#fragment 0
#tun-mtu 48000
auth SHA512

Any clues?


Re: Poor performance after changing ISP

Posted: Sun Feb 02, 2020 10:31 pm
by witchy
Hm, why has this been moved to Off Topic when it's clearly a configuration issue?

Re: Poor performance after changing ISP

Posted: Mon Feb 03, 2020 2:18 pm
by Pippin

Code: Select all

option sndbuf '393216'
option rcvbuf '393216'
from server and

Code: Select all

mssfix 0
Restart and try again.

Re: Poor performance after changing ISP

Posted: Mon Feb 03, 2020 5:01 pm
by witchy
Hi Pippin,

I've been experimenting over lunch and have got quite decent results with those parameters still in and

mssfix 1200
tun-mtu 1500

on both phone and laptop. Full screen remote desktop is useable again though a bit stally at times.