Hi!
I`m using OpenVPN for NVR video from IP cam.
My network diagram:
With a small load tunnel works fine.
But when I open IP cam web interface with video stream, bandwidth reach 3-4MBit/s and after 1-3 minutes tunnel crashes.
I expect stable tunnel from OpenWrt till 8MBit/s, but it crashes on 3-4MBit/s.
If I close IP cam web interface tunnel restores.
My configs:
Server config
port 53
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.82.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
client-to-client
keepalive 5 20
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA256
route 10.82.2.0 255.255.255.0 10.82.0.2
route 10.82.3.0 255.255.255.0 10.82.0.3
Please describe "crash" better.
Anything in the logs at verb 4?
Do I need more powerful hardware?
What are the CPU specs of the involved devices?
You sure it's Mbit not Mbyte?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Xiaomi Mini WiFi has: MediaTek MT7620A CPU at 580MHz
Mikrotik Hap has: Qualcomm Atheros QCA9531 at 650MHz
Both tunnels can crash. Not always in same time.
Yes I`m sure, It`s MBits. I see it on my Windows 7, System monitor. And H.264 stream from IP cam must be around 2-4MBit.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
1 Debian has Intel Pentium 4 at 3GHz.
2 I use RDP through OpenVPN tunnel and it works fine
3 I see test where 128 and 256 bit has small difference for processor load.
With a small load tunnel works fine.
But when I open IP cam web interface with video stream, bandwidth reach 3-4MBit/s and after 1-3 minutes tunnel crashes.
I expect stable tunnel from OpenWrt till 8MBit/s, but it crashes on 3-4MBit/s.
If I close IP cam web interface tunnel restores.
What can be the reason of this crashes? Performance issues on OpenWRT routers on incorrect configuration of OpenVPN?
Do I need more powerful hardware?
Because you have two clients, it looks like your server is trying to VPN a video stream between two different clients .. if so, Yes, you need better hardware ..
With a small load tunnel works fine.
But when I open IP cam web interface with video stream, bandwidth reach 3-4MBit/s and after 1-3 minutes tunnel crashes.
I expect stable tunnel from OpenWrt till 8MBit/s, but it crashes on 3-4MBit/s.
If I close IP cam web interface tunnel restores.
What can be the reason of this crashes? Performance issues on OpenWRT routers on incorrect configuration of OpenVPN?
Do I need more powerful hardware?
Because you have two clients, it looks like your server is trying to VPN a video stream between two different clients .. if so, Yes, you need better hardware ..
cipher AES-128-CBC
auth SHA1[code]
Hashing (auth) can have quite an impact on CPU...
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
As you can see, nothing changes. tunnel still crashes after 70 seconds.
top output on xiaomi shows processor load around 100% but Debian server load only on 7%.
Its all? Only hardware change on client side can help?
The tunnel is not crashing but your internet connection is .. hence the --ping timeout.
I doubt it will help but you could try "keepalive 30 120" or something like that ..
Router heavy loaded and doesn`t have time to process WAN connection? May be I can limit processor usage by openvpn client? In this case tunnel will have less speed but it will don`t crash. Is it posible?
Currently i test tunnel using iperf, without ip cam traffic. But in future I need to transfer traffic from 4 ip cams.
When I add to client config:
Nice
nice 10
Time from begin of iperf test to crash, grown from 60-70sec to 90-95sec.
During test cpu usage by openvpn was at maximum 89%. But despite this, tunnel crashed.
Maybe it's not CPU loading, but because some network queue is overloaded?
My client config already has sndbuf and rcvbuf options equal to 0, may be i need to change something more?