Optimum Condition but Bad User Experience for Voice/Video

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Sat Oct 12, 2019 1:42 pm

Optimum Condition but Bad User Experience for Voice/Video

Post by avozee » Mon Nov 04, 2019 11:42 pm


Please help on following issue.

I am facing issues of frequent disconnection of realtime traffics such as voice, video, more specifically WhatsApp videocalls, and low throughput for some clients.

Scenario: Users (all are android users) traffic is NATted and routed through the OpenVPN server.
  • User Internet connection has sufficient bandwidth and no congestion
  • Server Internet Connection has Enough bandwidth and no congestion
  • No Packet loss, no high latencies between user and server
  • Most users who have this complaint are at mobile data network (4G/LTE)
  • Users on Wifi (backend wired speed) complain less about this issue.
In logs, all seems fine, except following warnings at server side

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1549'
WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'

The one thing I noticed is TX dropped packets at tun interface of server


Server Config
port 7897
proto udp4
sndbuf 0
rcvbuf 0
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
ifconfig-pool-persist ipp.txt
# push "redirect-gateway def1 bypass-dhcp"
# push "dhcp-option DNS"
push "redirect-gateway def1 block-local"
push "dhcp-option DNS"
push "dhcp-option DNS"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
txqueuelen 1000
keepalive 10 40
cipher AES-256-CBC
;max-clients 100
status openvpn-status.log
log openvpn.log
verb 3

script-security 3
explicit-exit-notify 1
verify-client-cert none

auth-user-pass-verify some-script

client-connect some-script
client-disconnect some-script
up some-script
down some-script

Client Config

dev tun
proto udp4
sndbuf 0
rcvbuf 0
remote serverIP serverPORT
resolv-retry infinite
remote-cert-tls server
cipher AES-256-CBC
redirect-gateway def1 block-local
auth-user-pass auth.cfg
verb 3
explicit-exit-notify 1
keepalive 10 40




OpenVPN Power User
Posts: 154
Joined: Tue May 01, 2012 9:30 pm

Re: Optimum Condition but Bad User Experience for Voice/Video

Post by 300000 » Sat Nov 09, 2019 8:23 am

you need to run con tcp4 for better reliable , tcp was design to run at guarantee delivery than udp just go and no way to know it come or not

Post Reply