OpenVPN config - HD streaming
Posted: Sat Feb 06, 2016 8:03 pm
My first post here - asking for help, as I'm just about to give up.
I have two locations, connected via an OpenVPN network.
Site1 (I'll call it "source"): here sits a cable-to-IP converter (a DVB-C receiver running Enigma2 - a custom Linux version), which is in the same LAN as a Raspberry Pi 2, which acts as the VPN server. The VPN port is forwarded via the local router and is thus accessible from the Internet. The site has a 100 Mbps down / 50 Mbps up cable connection and all relevant connections (RPi2, receiver) are UTP cables via a 100 Mbps router.
Site2 (I'll call it "destination"): here sit a number of various consumer devices (PCs with Windows, Android devices etc.), all connected in the same Gigabit LAN to a Netgear WNDR3700v2 router, which is running DD-WRT v3.0-r29048 (latest and greatest). I have tested with both individual devices as well as the local router connecting as clients to the RPi2 OpenVPN server. The site is on a 80 Mbps down / 4 Mbps up cable connection and the devices are connected via either Gigabit LAN or WiFi (150 Mbps) to the router.
What works: from a machine in Site2 I can ping the DVB-C receiver and the RPi2 without problems. Streaming of SD channels works fine in all situations (no matter who the client is). Streaming of HD channels only works if the VPN client is a strong machine (it is not a video decoding issue, but a VPN one). The bandwidth used by a SD channel varies between 3 and 8 Mbps (no compression or transcoding on the raw stream). The bandwidth used by a HD channel varies between 10 and 15 Mbps.
What doesn't work: streaming of HD channels is choppy, with very short interruptions every few seconds, if the VPN client runs on the Site2 router (the WNDR3700v2 with a dual-core Atheros CPU @ 680 MHz and 64 MB of RAM). Throughout the playback, the CPU usage on the router stays within reasonable limits (~25% of the overall CPU power, so ~50% of a single core), same for the RAM. There's no difference if I'm using TCP or UDP as the OpenVPN protocol.
Question: any idea how to improve either the throughput or reliability of the transmission (i.e. either pass more data per time unit or reduce the number of retransmits)?
The VPN configs are below:
server.conf
Client.conf - from a Windows 10 PC, i5 with 8 GB of RAM:
client.conf from the NetGear router:
I have two locations, connected via an OpenVPN network.
Site1 (I'll call it "source"): here sits a cable-to-IP converter (a DVB-C receiver running Enigma2 - a custom Linux version), which is in the same LAN as a Raspberry Pi 2, which acts as the VPN server. The VPN port is forwarded via the local router and is thus accessible from the Internet. The site has a 100 Mbps down / 50 Mbps up cable connection and all relevant connections (RPi2, receiver) are UTP cables via a 100 Mbps router.
Site2 (I'll call it "destination"): here sit a number of various consumer devices (PCs with Windows, Android devices etc.), all connected in the same Gigabit LAN to a Netgear WNDR3700v2 router, which is running DD-WRT v3.0-r29048 (latest and greatest). I have tested with both individual devices as well as the local router connecting as clients to the RPi2 OpenVPN server. The site is on a 80 Mbps down / 4 Mbps up cable connection and the devices are connected via either Gigabit LAN or WiFi (150 Mbps) to the router.
What works: from a machine in Site2 I can ping the DVB-C receiver and the RPi2 without problems. Streaming of SD channels works fine in all situations (no matter who the client is). Streaming of HD channels only works if the VPN client is a strong machine (it is not a video decoding issue, but a VPN one). The bandwidth used by a SD channel varies between 3 and 8 Mbps (no compression or transcoding on the raw stream). The bandwidth used by a HD channel varies between 10 and 15 Mbps.
What doesn't work: streaming of HD channels is choppy, with very short interruptions every few seconds, if the VPN client runs on the Site2 router (the WNDR3700v2 with a dual-core Atheros CPU @ 680 MHz and 64 MB of RAM). Throughout the playback, the CPU usage on the router stays within reasonable limits (~25% of the overall CPU power, so ~50% of a single core), same for the RAM. There's no difference if I'm using TCP or UDP as the OpenVPN protocol.
Question: any idea how to improve either the throughput or reliability of the transmission (i.e. either pass more data per time unit or reduce the number of retransmits)?
The VPN configs are below:
server.conf
Code: Select all
## Server.conf
local 192.168.1.2 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
topology subnet
proto tcp # Same issue if using UDP
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/cert.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/key.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4
client-config-dir /etc/openvpn/ccd
sndbuf 0 # using 393216 for UDP - no difference
rcvbuf 0 # same as above
push "sndbuf 393216"
push "rcvbuf 393216"
socket-flags TCP_NODELAY #only when using TCP
push "socket-flags TCP_NODELAY" #same as above
tun-mtu 1400 #tested a number of other values, seems to have no impact
mssfix 1360 #tested a number of other values, seems to have no impact
Code: Select all
client
dev tun
proto tcp
remote xxx.yyy.zz 1234
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert pc.crt
key pc.key
tls-auth ta.key 1
ns-cert-type server
tls-client
cipher AES-128-CBC
comp-lzo
verb 4
Code: Select all
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto tcp-client
cipher aes-128-cbc
auth sha1
remote xxx.yyy.zz 1234
comp-lzo yes
tls-client
tun-mtu 1400
mtu-disc yes
tun-ipv6
tls-auth /tmp/openvpncl/ta.key 1
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA