DD-WRT, OpenVPN server, slow and not working properly

niam · Post by **niam** » Sat May 23, 2015 9:17 am

Hi everyone,
So far I was able to set up a OpenVPN server on my DD-WRT router and connect to it with my laptop running Windows 7. The goal is to have multiple clients in the same subnet as devices in the router's subnet (NAS, other PCs) so they can exchange files and play LAN games. Also, all traffic should be redirected through the vpn router.

I noticed these problems:
1. Speedtests show very slow download speeds for my client while upload seems to be working fine.
2. Copying files within the network is not working/very slow.
3. The vpn connection shows up as public "unidentified network" on windows 7.

I assume that my configuration is not correct. DD-WRT generates the following configuration file from my settings:

Code: Select all

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto udp
cipher bf-cbc
auth md5
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server client-to-client
push "redirect-gateway def1"
fast-io
tun-mtu 1500
mtu-disc yes
server-bridge
dev tap2
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

The last 4 lines increase download speed a lot but are not solving the problem with coping files.

The client configuration I made looks like this:

Code: Select all

client
dev tap2
proto udp
remote [color=#FF0000]"vpn router public ip"[/color] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
cipher bf-cbc
comp-lzo adaptive
verb 3
auth md5

on my client, "route print -4" returns (sorry that it's in german):
192.168.0.1 is the router my client is connected to, 192.168.1.1 is the vpn router

Code: Select all

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel    Netzwerkmaske      Gateway         Schnittstelle    Metrik
0.0.0.0         0.0.0.0            192.168.0.1     192.168.0.14     25
0.0.0.0         128.0.0.0          192.168.1.1     192.168.1.122    20
127.0.0.0       255.0.0.0          Auf Verbindung  127.0.0.1        306
127.0.0.1  	255.255.255.255    Auf Verbindung  127.0.0.1        306
127.255.255.255 255.255.255.255    Auf Verbindung  127.0.0.1        306
128.0.0.0       128.0.0.0          192.168.1.1     192.168.1.122    20
192.168.0.0     255.255.255.0      Auf Verbindung  192.168.0.14     281
192.168.0.14    255.255.255.255    Auf Verbindung  192.168.0.14     281
192.168.0.255   255.255.255.255    Auf Verbindung  192.168.0.14     281
192.168.1.0     255.255.255.0      Auf Verbindung  192.168.1.122    276
192.168.1.122   255.255.255.255    Auf Verbindung  192.168.1.122    276
192.168.1.255   255.255.255.255    Auf Verbindung  192.168.1.122    276
"vpn router ip" 255.255.255.255    192.168.0.1     192.168.0.14     25
224.0.0.0       240.0.0.0          Auf Verbindung  127.0.0.1        306
224.0.0.0       240.0.0.0          Auf Verbindung  192.168.1.122    276
224.0.0.0       240.0.0.0          Auf Verbindung  192.168.0.14     281
255.255.255.255 255.255.255.255    Auf Verbindung  127.0.0.1        306
255.255.255.255 255.255.255.255    Auf Verbindung  192.168.1.122    276
255.255.255.255 255.255.255.255    Auf Verbindung  192.168.0.14     281
===========================================================================
Ständige Routen:
  Keine

I don't know much about networking, but I don't like that 0.0.0.0 shows up twice as a target in line 1 and 2.
I hope someone can help me with this!
Thank you in advance!

Traffic · Post by **Traffic** » Mon May 25, 2015 10:12 am

niam wrote:I don't like that 0.0.0.0 shows up twice

your routing looks ok .. the reason it shows twice is because your are pushing "redirect-gateway" in your server config ..

NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

You are strongly advised to change your server LAN to something more unique .. eg: 10.99.88.0/24 .. see: RFC1918

niam wrote:Speedtests show very slow download speeds for my client

Over the VPN your client download speed is limited to your server upload speed and is shared by all your clients and any other services on your server ..

niam · Post by **niam** » Mon May 25, 2015 11:39 am

Hi,
Thanks, I changed my router local ip.
The main problem is still that the vpn connection is a "unidentified network". This means that the windows firewall uses the public network settings which do not allow file sharing etc.
If the settings are correct, could it be a windows setting that causes this?

I expected higher speeds. My client has a 125mbit/s download and 12.5mbit/s upload connection and the server 100mbit/s, 100mbit/s. So as the client I should see about 100mbit/s download and 12.5mbit/s upload...

Thanks again!

niam · Post by **niam** » Mon May 25, 2015 12:11 pm

I figured out what the problem for the unidentified network was:
There was no standward gateway for the vpn network adapter. I manually added the correct one in the adapter's ipv4 settings. Can this be done automatically?
Unfortunately the download speed is still a bit low (20mbit/s instead of 100mbit/s).

Traffic · Post by **Traffic** » Tue May 26, 2015 9:27 am

niam wrote:There was no standward gateway for the vpn network adapter. I manually added the correct one in the adapter's ipv4 settings. Can this be done automatically?

What gateway did you add ?

niam · Post by **niam** » Tue May 26, 2015 11:00 am

I added 10.80.1.1 as a gateway (my new network is 10.80.1.x as you suggested) but this setting is not saved when I shutdown the computer.

Code: Select all

Ethernet-Adapter LAN-Verbindung 2:
   Verbindungsspezifisches DNS-Suffix:
   Verbindungslokale IPv6-Adresse  . : fe80::d101:c4d6:b110:9b5%26
   IPv4-Adresse  . . . . . . . . . . : 10.80.1.141
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : [color=#FF0000]10.80.1.1[/color]

My client is still in this network:

Code: Select all

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:
   Verbindungsspezifisches DNS-Suffix:
   Verbindungslokale IPv6-Adresse  . : fe80::d8dc:5f4a:b50d:a465%13
   IPv4-Adresse  . . . . . . . . . . : 192.168.0.14
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 192.168.0.1

I also uninstalled the NIDS6 TAP driver (version 9.0.0.21) and replaced it with the older NIDS5 TAP driver (9.0.0.9). Now copying and downloading files reaches the same speed as the speedtests show. (but still not as fast as the internet connection could handle)

so my current problems are:
1. gateway not automatically set
2. download speed is only 20mbit/s instead of ~100mbit/s

Thanks for your patience and help

Traffic · Post by **Traffic** » Tue May 26, 2015 11:31 am

niam wrote:I added 10.80.1.1 as a gateway

Try adding to your server config:

Code: Select all

push "route-gateway 10.80.1.1"

If you view your client log file there may be a warning there something like:

Code: Select all

WARNING: No route-gateway specified by ...

OpenVPN Support Forum

DD-WRT, OpenVPN server, slow and not working properly

DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly

Re: DD-WRT, OpenVPN server, slow and not working properly