I have two locations, connected via an OpenVPN network.
Site1 (I'll call it "source"): here sits a cable-to-IP converter (a DVB-C receiver running Enigma2 - a custom Linux version), which is in the same LAN as a Raspberry Pi 2, which acts as the VPN server. The VPN port is forwarded via the local router and is thus accessible from the Internet. The site has a 100 Mbps down / 50 Mbps up cable connection and all relevant connections (RPi2, receiver) are UTP cables via a 100 Mbps router.
Site2 (I'll call it "destination"): here sit a number of various consumer devices (PCs with Windows, Android devices etc.), all connected in the same Gigabit LAN to a Netgear WNDR3700v2 router, which is running DD-WRT v3.0-r29048 (latest and greatest). I have tested with both individual devices as well as the local router connecting as clients to the RPi2 OpenVPN server. The site is on a 80 Mbps down / 4 Mbps up cable connection and the devices are connected via either Gigabit LAN or WiFi (150 Mbps) to the router.
What works: from a machine in Site2 I can ping the DVB-C receiver and the RPi2 without problems. Streaming of SD channels works fine in all situations (no matter who the client is). Streaming of HD channels only works if the VPN client is a strong machine (it is not a video decoding issue, but a VPN one). The bandwidth used by a SD channel varies between 3 and 8 Mbps (no compression or transcoding on the raw stream). The bandwidth used by a HD channel varies between 10 and 15 Mbps.
What doesn't work: streaming of HD channels is choppy, with very short interruptions every few seconds, if the VPN client runs on the Site2 router (the WNDR3700v2 with a dual-core Atheros CPU @ 680 MHz and 64 MB of RAM). Throughout the playback, the CPU usage on the router stays within reasonable limits (~25% of the overall CPU power, so ~50% of a single core), same for the RAM. There's no difference if I'm using TCP or UDP as the OpenVPN protocol.
Question: any idea how to improve either the throughput or reliability of the transmission (i.e. either pass more data per time unit or reduce the number of retransmits)?
The VPN configs are below:
Code: Select all
## Server.conf local 192.168.1.2 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS dev tun topology subnet proto tcp # Same issue if using UDP port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/cert.crt # SWAP WITH YOUR CRT NAME key /etc/openvpn/easy-rsa/keys/key.key # SWAP WITH YOUR KEY NAME dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here! server 10.8.0.0 255.255.255.0 ifconfig 10.8.0.1 10.8.0.2 push "route 10.8.0.1 255.255.255.255" push "route 10.8.0.0 255.255.255.0" push "route 192.168.1.0 255.255.255.0" client-to-client duplicate-cn keepalive 10 120 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 4 client-config-dir /etc/openvpn/ccd sndbuf 0 # using 393216 for UDP - no difference rcvbuf 0 # same as above push "sndbuf 393216" push "rcvbuf 393216" socket-flags TCP_NODELAY #only when using TCP push "socket-flags TCP_NODELAY" #same as above tun-mtu 1400 #tested a number of other values, seems to have no impact mssfix 1360 #tested a number of other values, seems to have no impact
Code: Select all
client dev tun proto tcp remote xxx.yyy.zz 1234 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert pc.crt key pc.key tls-auth ta.key 1 ns-cert-type server tls-client cipher AES-128-CBC comp-lzo verb 4
Code: Select all
ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher aes-128-cbc auth sha1 remote xxx.yyy.zz 1234 comp-lzo yes tls-client tun-mtu 1400 mtu-disc yes tun-ipv6 tls-auth /tmp/openvpncl/ta.key 1 tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA