OpenVPN Speed Issue

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
MJPL
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 14, 2019 6:44 pm

OpenVPN Speed Issue

Post by MJPL » Wed Aug 14, 2019 7:11 pm

Hi all,

I am hoping for some help to resolve an issue for which I can't find a solution.

My Local Home Network has an IP range of 10.11.11.0/24 with the following setup:

10.11.11.1 - ISP Router
10.11.11.11 - FreeNAS Server
10.11.11.20 - OpenVPN Server

I have forwarded UDP Port 1194 to my OpenVPN server and the connection works fine - I can access all internet websites via VPN from outside my home network with full speed - my upload link is 40 Mbit/s which gets fully used.

I can also access my FreeNAS Server from outside - download and upload to the server via SMB or FTP.

However I have the following issue:

Downloading from my FreeNAS never only uses 5 Mbit/s - speed can't be improved - this is also the case when testing speed with iperf3 to my FreeNAS server. Uploading to my FreeNAS server however reaches full speed of the link.

Download:
Download FreeNAS

Test Complete. Summary Results:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.02 sec 6.82 MBytes 5.71 Mbits/sec 82 sender
[ 5] 0.00-10.00 sec 6.75 MBytes 5.66 Mbits/sec receiver
CPU Utilization: local/receiver 2.5% (0.5%u/2.0%s), remote/sender 1.0% (0.2%u/0.8%s)


Upload:
Upload FreeNAS
Test Complete. Summary Results:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 45.2 MBytes 37.9 Mbits/sec 47 sender
[ 5] 0.00-10.02 sec 44.7 MBytes 37.4 Mbits/sec receiver
CPU Utilization: local/sender 2.0% (0.7%u/1.3%s), remote/receiver 2.0% (0.5%u/1.4%s)


If I do an Upload or Download test to my OpenVPN server - i reach max speed of the line in both directions:

Download:
Download OpenVPN
Test Complete. Summary Results:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 38.7 MBytes 32.4 Mbits/sec 132 sender
[ 5] 0.00-10.00 sec 38.3 MBytes 32.1 Mbits/sec receiver
CPU Utilization: local/receiver 10.5% (1.8%u/8.7%s), remote/sender 0.1% (0.1%u/0.1%s)


Upload:
Upload OpenVPN
Test Complete. Summary Results:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 48.9 MBytes 41.0 Mbits/sec 69 sender
[ 5] 0.00-10.00 sec 48.5 MBytes 40.7 Mbits/sec receiver
CPU Utilization: local/sender 0.8% (0.2%u/0.6%s), remote/receiver 2.2% (0.4%u/1.8%s)


My server.conf currently looks like this - I have already tried the #-commented parameters:

server.conf
port 1194
proto udp
dev tun
#tun-mtu 1492
#sndbuf 393216
#rcvbuf 393216
#push "sndbuf 393216"
#push "rcvbuf 393216"
#mssfix 1300
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_Y6KWdjb8pS9oHmyY.crt
key server_Y6KWdjb8pS9oHmyY.key
auth SHA512
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
status /var/log/openvpn/status.log
verb 6


My client.conf looks like this:

client.conf
client
proto udp
remote xxx.net 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_Y6KWdjb8pS9oHmyY name
auth SHA512
auth-nocache
cipher AES-256-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
mtu-test


It would be great if someone had any ideas on how to solve this issue.

Thanks!
Marcus

Post Reply