Poor performance after changing ISP

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
witchy69
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 30, 2020 4:41 pm

Poor performance after changing ISP

Post by witchy69 » Thu Jan 30, 2020 5:05 pm

Hi folks,

I have a BT Homehub5 that's happily been running OpenWRT 18.06 and OpenVPN 2.x on Virgin for a few years with phone and laptop clients also on OpenVPN 2.x. A couple of weeks ago I changed ISP to ZEN after moving house and my performance has gone through the floor even on a 70/20 FTTC connection. I've upgraded all sides to latest versions and now have 15-20ms pings going between client and server but anything more involved than browsing the OpenWRT management interface kills pings. I suspect buffering but as usual with an open source product like this there's countless forums covering all versions with different solutions and help.

Server config

config openvpn 'VPNserver'
#option management 'localhost 7505'
option enabled '1'
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '5000'
#option ccd_exclusive '1'
#option client_config_dir '/etc/openvpn/clients'
option server '10.1.0.0 255.255.255.240'
option ifconfig '10.1.0.1 255.255.255.240'

list push 'route 10.69.0.0 255.255.255.0'
list push 'dhcp-option DOMAIN home.net'
list push 'dhcp-option DNS 10.69.0.100'
list push 'dhcp-option NTP 10.69.0.100'
list push 'redirect-gateway def1'

option dh '/etc/ssl/openvpn/dh.pem'
#option pkcs12 '/etc/ssl/openvpn/vpn-server.p12'
option ca '/etc/ssl/openvpn/ca.crt'
option cert '/etc/ssl/openvpn/server.crt'
option key '/etc/ssl/openvpn/Gatekeeper.key'
option cipher 'AES-256-CBC'
option auth 'SHA512'
option tls_auth '/etc/ssl/openvpn/ta.key 0'
option tls_server '1'
option tls_version_min '1.2'
option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384:TLS-RSA-WITH-AES-256-CBC-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4'

option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb '5'
option keepalive '10 120'
#option compress_lzo 'yes'
option client_to_client '1'
option persist_key '1'
#option redirect_gateway 'def1'
option persist_tun '1'
option sndbuf '393216'
option rcvbuf '393216'
#option sndbuf '0'
#option rcvbuf '0'
option mode 'server'
#option mtu_test '1'

#option fragment '0'
#option mssfix '0'
#option tun_mtu '48000'
#option link-mtu '48101'
option user 'nobody'
option group 'nogroup'
option auth_nocache '1'
option reneg_sec '3600'


You can see I've been trying a few things :)

Client config

client
dev tun
proto udp
remote xx.xx.xx.xx 65500
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key

tls-auth ta.key 1
cipher AES-256-CBC
verb 5

tls-version-min 1.2
tls-client

#pkcs12 vpn-laptop.p12

mssfix 0
#fragment 0
#tun-mtu 48000
auth SHA512
auth-nocache


Any clues?

Cheers!

witchy
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 10, 2017 8:16 pm

Re: Poor performance after changing ISP

Post by witchy » Sun Feb 02, 2020 10:31 pm

Hm, why has this been moved to Off Topic when it's clearly a configuration issue?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Poor performance after changing ISP

Post by Pippin » Mon Feb 03, 2020 2:18 pm

Remove

Code: Select all

option sndbuf '393216'
option rcvbuf '393216'
from server and

Code: Select all

mssfix 0
Restart and try again.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

witchy
OpenVpn Newbie
Posts: 4
Joined: Fri Mar 10, 2017 8:16 pm

Re: Poor performance after changing ISP

Post by witchy » Mon Feb 03, 2020 5:01 pm

Hi Pippin,

I've been experimenting over lunch and have got quite decent results with those parameters still in and

client
mssfix 1200
tun-mtu 1500


on both phone and laptop. Full screen remote desktop is useable again though a bit stally at times.

Cheers

Witchy

Post Reply