Large Bandwidth overhead?
Posted: Fri Jan 03, 2020 9:56 pm
Troubleshooting client speed issues, I'm discovering these Azure OpenVPN community servers are experiencing extreme bandwidth overhead issues.
Openvpn Server connects out to the internet at 8800D Mbps and 1300U Mbps using speedtest(https://www.speedtest.net/apps/cli). To troubleshoot I fired up a small client on Azure to do some testing in the same region (much smaller / less expensive tests at 2500D Mbps, 900U Mbps) with the connection OFF, with it on (and using a serial console to monitor) it tests at 80D, 38U. 97%? Data rate loss? CPU usage on the client or server side never goes past 1-2%
I've tried messing with the MTU sizes / mssfix. Changing the cipher from AES-256-GCM to AES-256-CBC and also AES-128-GCM. What is missing or not right here? Help is very much appreciated.
Example server config with info removed:
port fakeport
proto udp
dev tun
ca x.crt
cert x.crt
key fakekey1
dh x.pem
topology subnet
server x.x.x.x x.x.x.x
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-GCM
max-clients 100
persist-key
persist-tun
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
Example client with info removed:
client
verb 3
dev tun
proto udp
remote x.x.x.x fakeport
resolv-retry infinite
remote-random
nobind
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-GCM
pull
key-direction 1
reneg-sec 0
Openvpn Server connects out to the internet at 8800D Mbps and 1300U Mbps using speedtest(https://www.speedtest.net/apps/cli). To troubleshoot I fired up a small client on Azure to do some testing in the same region (much smaller / less expensive tests at 2500D Mbps, 900U Mbps) with the connection OFF, with it on (and using a serial console to monitor) it tests at 80D, 38U. 97%? Data rate loss? CPU usage on the client or server side never goes past 1-2%
I've tried messing with the MTU sizes / mssfix. Changing the cipher from AES-256-GCM to AES-256-CBC and also AES-128-GCM. What is missing or not right here? Help is very much appreciated.
Example server config with info removed:
server
port fakeport
proto udp
dev tun
ca x.crt
cert x.crt
key fakekey1
dh x.pem
topology subnet
server x.x.x.x x.x.x.x
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-GCM
max-clients 100
persist-key
persist-tun
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
Example client with info removed:
client
client
verb 3
dev tun
proto udp
remote x.x.x.x fakeport
resolv-retry infinite
remote-random
nobind
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-GCM
pull
key-direction 1
reneg-sec 0