(Please forgive my bad English)
I have read OpenVPN manual three times, tested every option that could help but I am stuck... (Google did not help)
At home, I have the luck to have two (very) good ADSL lines (120 ft from the "remote concentrator").
Each ADSL line (PPPOE) is stable and fast : 20 mbit/s IN 1 mbit/s OUT.
A small Linux "box" (Atom 1.8 Ghz, 2 cores, HT) is acting as a router/firewall (Debian 7, lastest OpenVZ kernel) and traffic shaping is used (htb) to keep personnal VOIP clean.
So, I have "bonded" the two ADSL lines with OpenVPN to a (fat) remote server (at work): 1 gbit/s NIC, throughput can stand 600 mbit/s IN or OUT without problem.
OpenVPN Bonding is working well (mode 0, balance-rr) but download speed is "hitting a wall" : ~23 Mbit/s (while I could expect more than 35 Mbit/s).
If I did not make any error, a MTU of 1448 bytes is perfect to exactly fit 30 ATM cells: 29 cells * 48 bytes + last cell (48 bytes + 8 bytes SAR trailer) = 1448 bytes.
Tcpdump (-n -v -e -i vmbrX port 31415 and greater 1462 (1462 - 14 bytes for Ethernet)) output confirms this :
Code: Select all
ethertype IPv4 (0x0800), length 1462: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1448)
ip.addr.dest 31415 > ip.addr.source.34483: UDP, length 1420
That did not help.
Now, (while downloading) I suspect ACK packets (inside the VPNs) to completly fill up the upload of each ADSL line but I also need to double-check with wireshark if the problem could be related to TCP DUP ACK/TCP Retransmission.
Below are the configuration files in use.
Any help on this problem would be greatly appreciated.
Thanks!
OpenVPN clients:
Code: Select all
remote xxx.xxx.xxx.xxx 31415
proto udp
nobind
dev bond-client1
dev-type tun
fragment 1420
mssfix
sndbuf 262144
rcvbuf 262144
txqueuelen 256
ping-restart 0
persist-tun
persist-key
script-security 2
cd /home/master/root/etc/openvpn/bond-client-X/
log log/openvpn.log
nice -20
fast-io
verb 4
status log/status.log 300
comp-lzo no
secret keys/static.key
auth none
cipher none
no-replay
up bin/up.sh
down bin/down.sh
Code: Select all
local xxx.xxx.xxx.xxx
proto udp
port 31415
dev bond-server-X
dev-type tun
fragment 1420
mssfix
sndbuf 262144
rcvbuf 262144
txqueuelen 256
ping-restart 0
persist-tun
persist-key
script-security 2
cd /home/master/root/etc/openvpn/bond-server-X/
log log/openvpn.log
nice -20
fast-io
verb 4
status log/status.log 300
comp-lzo no
secret keys/static.key
auth none
cipher none
no-replay
up bin/up.sh
down bin/down.sh
Code: Select all
iface bond0 inet static
pre-up /usr/sbin/openvpn --mktun --dev-type tun --dev bond-client-1
pre-up /usr/sbin/openvpn --mktun --dev-type tun --dev bond-client-2
post-up /etc/init.d/openvpn start bond-client1 bond-client-2
pre-down /etc/init.d/openvpn stop bond-client1 bond-client-2
pre-down /bin/sleep 5
post-down /usr/sbin/openvpn --rmtun --dev-type tun --dev bond-client-1
post-down /usr/sbin/openvpn --rmtun --dev-type tun --dev bond-client-2
post-down /sbin/rmmod bonding
bond_mode balance-rr
slaves bond-client-1 bond-client-2
address 10.10.10.1
netmask 255.255.255.0
network 10.10.10.0
broadcast 10.10.10.255