Optimum Condition but Bad User Experience for Voice/Video

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
avozee
OpenVpn Newbie
Posts: 2
Joined: Sat Oct 12, 2019 1:42 pm

Optimum Condition but Bad User Experience for Voice/Video

Post by avozee » Mon Nov 04, 2019 11:42 pm

Hi,

Please help on following issue.

I am facing issues of frequent disconnection of realtime traffics such as voice, video, more specifically WhatsApp videocalls, and low throughput for some clients.

Scenario: Users (all are android users) traffic is NATted and routed through the OpenVPN server.
  • User Internet connection has sufficient bandwidth and no congestion
  • Server Internet Connection has Enough bandwidth and no congestion
  • No Packet loss, no high latencies between user and server
  • Most users who have this complaint are at mobile data network (4G/LTE)
  • Users on Wifi (backend wired speed) complain less about this issue.
In logs, all seems fine, except following warnings at server side

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1549'
WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'


The one thing I noticed is TX dropped packets at tun interface of server

Image


Server Config
port 7897
proto udp4
sndbuf 0
rcvbuf 0
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.253.192.0 255.255.192.0
ifconfig-pool-persist ipp.txt
# push "redirect-gateway def1 bypass-dhcp"
# push "dhcp-option DNS 46.166.139.84"
push "redirect-gateway def1 block-local"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
txqueuelen 1000
keepalive 10 40
cipher AES-256-CBC
;max-clients 100
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3

script-security 3
explicit-exit-notify 1
verify-client-cert none
mute-replay-warnings
username-as-common-name

auth-user-pass-verify some-script

client-connect some-script
client-disconnect some-script
up some-script
down some-script


Client Config

client
dev tun
proto udp4
sndbuf 0
rcvbuf 0
remote serverIP serverPORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
redirect-gateway def1 block-local
auth-user-pass auth.cfg
verb 3
explicit-exit-notify 1
keepalive 10 40
auth-nocache

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Optimum Condition but Bad User Experience for Voice/Video

Post by 300000 » Sat Nov 09, 2019 8:23 am

you need to run con tcp4 for better reliable , tcp was design to run at guarantee delivery than udp just go and no way to know it come or not

Post Reply