Poor performance after changing ISP

This forum is for general conversation and user-user networking.
Post Reply
witchy69
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 30, 2020 4:41 pm

Poor performance after changing ISP

Post by witchy69 » Thu Jan 30, 2020 5:05 pm

Hi folks,

I have a BT Homehub5 that's happily been running OpenWRT 18.06 and OpenVPN 2.x on Virgin for a few years with phone and laptop clients also on OpenVPN 2.x. A couple of weeks ago I changed ISP to ZEN after moving house and my performance has gone through the floor even on a 70/20 FTTC connection. I've upgraded all sides to latest versions and now have 15-20ms pings going between client and server but anything more involved than browsing the OpenWRT management interface kills pings. I suspect buffering but as usual with an open source product like this there's countless forums covering all versions with different solutions and help.

Server config

config openvpn 'VPNserver'
#option management 'localhost 7505'
option enabled '1'
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '5000'
#option ccd_exclusive '1'
#option client_config_dir '/etc/openvpn/clients'
option server '10.1.0.0 255.255.255.240'
option ifconfig '10.1.0.1 255.255.255.240'

list push 'route 10.69.0.0 255.255.255.0'
list push 'dhcp-option DOMAIN home.net'
list push 'dhcp-option DNS 10.69.0.100'
list push 'dhcp-option NTP 10.69.0.100'
list push 'redirect-gateway def1'

option dh '/etc/ssl/openvpn/dh.pem'
#option pkcs12 '/etc/ssl/openvpn/vpn-server.p12'
option ca '/etc/ssl/openvpn/ca.crt'
option cert '/etc/ssl/openvpn/server.crt'
option key '/etc/ssl/openvpn/Gatekeeper.key'
option cipher 'AES-256-CBC'
option auth 'SHA512'
option tls_auth '/etc/ssl/openvpn/ta.key 0'
option tls_server '1'
option tls_version_min '1.2'
option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384:TLS-RSA-WITH-AES-256-CBC-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4'

option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb '5'
option keepalive '10 120'
#option compress_lzo 'yes'
option client_to_client '1'
option persist_key '1'
#option redirect_gateway 'def1'
option persist_tun '1'
option sndbuf '393216'
option rcvbuf '393216'
#option sndbuf '0'
#option rcvbuf '0'
option mode 'server'
#option mtu_test '1'

#option fragment '0'
#option mssfix '0'
#option tun_mtu '48000'
#option link-mtu '48101'
option user 'nobody'
option group 'nogroup'
option auth_nocache '1'
option reneg_sec '3600'


You can see I've been trying a few things :)

Client config

client
dev tun
proto udp
remote xx.xx.xx.xx 65500
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key

tls-auth ta.key 1
cipher AES-256-CBC
verb 5

tls-version-min 1.2
tls-client

#pkcs12 vpn-laptop.p12

mssfix 0
#fragment 0
#tun-mtu 48000
auth SHA512
auth-nocache


Any clues?

Cheers!

witchy
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 10, 2017 8:16 pm

Re: Poor performance after changing ISP

Post by witchy » Sun Feb 02, 2020 10:31 pm

Hm, why has this been moved to Off Topic when it's clearly a configuration issue?

User avatar
Pippin
Forum Team
Posts: 883
Joined: Wed Jul 01, 2015 8:03 am

Re: Poor performance after changing ISP

Post by Pippin » Mon Feb 03, 2020 2:18 pm

Remove

Code: Select all

option sndbuf '393216'
option rcvbuf '393216'
from server and

Code: Select all

mssfix 0
Restart and try again.

witchy
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 10, 2017 8:16 pm

Re: Poor performance after changing ISP

Post by witchy » Mon Feb 03, 2020 5:01 pm

Hi Pippin,

I've been experimenting over lunch and have got quite decent results with those parameters still in and

client
mssfix 1200
tun-mtu 1500


on both phone and laptop. Full screen remote desktop is useable again though a bit stally at times.

Cheers

Witchy

Post Reply