I have a BT Homehub5 that's happily been running OpenWRT 18.06 and OpenVPN 2.x on Virgin for a few years with phone and laptop clients also on OpenVPN 2.x. A couple of weeks ago I changed ISP to ZEN after moving house and my performance has gone through the floor even on a 70/20 FTTC connection. I've upgraded all sides to latest versions and now have 15-20ms pings going between client and server but anything more involved than browsing the OpenWRT management interface kills pings. I suspect buffering but as usual with an open source product like this there's countless forums covering all versions with different solutions and help.
Server config
config openvpn 'VPNserver'
#option management 'localhost 7505'
option enabled '1'
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '5000'
#option ccd_exclusive '1'
#option client_config_dir '/etc/openvpn/clients'
option server '10.1.0.0 255.255.255.240'
option ifconfig '10.1.0.1 255.255.255.240'
list push 'route 10.69.0.0 255.255.255.0'
list push 'dhcp-option DOMAIN home.net'
list push 'dhcp-option DNS 10.69.0.100'
list push 'dhcp-option NTP 10.69.0.100'
list push 'redirect-gateway def1'
option dh '/etc/ssl/openvpn/dh.pem'
#option pkcs12 '/etc/ssl/openvpn/vpn-server.p12'
option ca '/etc/ssl/openvpn/ca.crt'
option cert '/etc/ssl/openvpn/server.crt'
option key '/etc/ssl/openvpn/Gatekeeper.key'
option cipher 'AES-256-CBC'
option auth 'SHA512'
option tls_auth '/etc/ssl/openvpn/ta.key 0'
option tls_server '1'
option tls_version_min '1.2'
option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384:TLS-RSA-WITH-AES-256-CBC-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4'
option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb '5'
option keepalive '10 120'
#option compress_lzo 'yes'
option client_to_client '1'
option persist_key '1'
#option redirect_gateway 'def1'
option persist_tun '1'
option sndbuf '393216'
option rcvbuf '393216'
#option sndbuf '0'
#option rcvbuf '0'
option mode 'server'
#option mtu_test '1'
#option fragment '0'
#option mssfix '0'
#option tun_mtu '48000'
#option link-mtu '48101'
option user 'nobody'
option group 'nogroup'
option auth_nocache '1'
option reneg_sec '3600'
You can see I've been trying a few things
Client config
client
dev tun
proto udp
remote xx.xx.xx.xx 65500
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key
tls-auth ta.key 1
cipher AES-256-CBC
verb 5
tls-version-min 1.2
tls-client
#pkcs12 vpn-laptop.p12
mssfix 0
#fragment 0
#tun-mtu 48000
auth SHA512
auth-nocache
Any clues?
Cheers!