Redirect gateway

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Redirect gateway

Post by barkingdoggy » Tue Nov 22, 2022 9:07 pm

My server has a 100Mbps up and download internet connection. The redirect gateway option is set for OpenVPN Road Warrior connections to the server.

However, speed tests run by certain Road Warriors when connected to the VPN server defy my expectations. Instead of being less than 100Mbps, Road Warriors with very high-speed connections to the internet (~1Gbps) are seeing speeds "redirected" through the VPN tunnel much higher than the server's top speed of 100Mbps. For example, I have Road Warrior redirected speed tests showing 889Mbps download speeds.

I guess I don't understand what it means to redirect the gateway. What am I missing?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Redirect gateway

Post by Pippin » Tue Nov 22, 2022 9:21 pm

Hi,

Is traffic actually redirected over the tunnel?
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Re: Redirect gateway

Post by barkingdoggy » Tue Nov 22, 2022 10:10 pm

The OpenVPN client connection log shows these lines:
2022-11-22 15:41:06 PUSH: Received control message: 'PUSH_REPLY,route 10.1.5.0 255.255.255.0,route 10.96.189.1,topology net30,ping 10,ping-restart 60,redirect-gateway,route 10.199.6.0 255.255.255.0,dhcp-option DNS 10.199.6.6,ifconfig 10.96.189.14 10.96.189.13,peer-id 2,cipher AES-256-CBC'
2022-11-22 15:41:06 Flag 'def1' added to --redirect-gateway (iservice is in use)

Do I need to do packet capture to see what is actually happening?

barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Re: Redirect gateway

Post by barkingdoggy » Wed Nov 23, 2022 3:35 pm

When I connect to the Open VPN server and then Google, "What is my IP", it shows the public IP address of the Open VPN server. So, it appears that internet traffic is redirected over the tunnel.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Redirect gateway

Post by Pippin » Wed Nov 23, 2022 4:46 pm

Hi,

Exactly how is it tested?
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Re: Redirect gateway

Post by barkingdoggy » Wed Nov 23, 2022 6:30 pm

I had users do this:
Go to Google.com.
Search for internet speed test.
Tap or click Run Speed Test.

"Google partners with Measurement Lab (M-Lab) to run this test."

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Redirect gateway

Post by Pippin » Wed Nov 23, 2022 9:42 pm

Those kind of tests are unreliable.

A better test would be to download/upload an incompressible (data) file, depending on use case:
1. From/to the OpenVPN server,
2. From/to the OpenVPN server side network (a machine residing on the same LAN where the server resides),
3. From/to the internet,
4. Between OpenVPN clients (if applicable).

You can find incompressible bins here: http://speed.transip.nl/
Make sure to download one of the random-xxx files, they are incompressible.

Another way is using iperf3 and the same 3 or 4 tests from above.

Both tests will more or less show maximum speed which does not really tell anything about multiple small files, compressible data and surfing speed.
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Re: Redirect gateway

Post by barkingdoggy » Fri Nov 25, 2022 2:14 pm

By unreliable, I think you mean that speed tests tend to understate actual speeds in tests. Here, however, it appears that some users are getting test speed results routed through the OpenVPN tunnel that are almost an order of magnitude faster than the OpenVPN server's WAN connection. That is not consistent with the possible unreliability of the tests.

It seems more likely to me that the test traffic is not being redirected through the VPN tunnel. Perhaps the Google speed test uses a protocol which is not redirected through the tunnel. What protocols are and are not redirected when the redirect option is selected?

barkingdoggy
OpenVpn Newbie
Posts: 10
Joined: Mon May 23, 2016 4:29 pm

Re: Redirect gateway

Post by barkingdoggy » Fri Nov 25, 2022 4:25 pm

It looks more like the results in question are due to the users not running the tests as instructed. I.e., the questionable tests were done when the users' VPNs were not connected to the server. When I've asked those users to redo their tests, making sure that they were connected to the VPN server, the results have come back under 100 Mbps. Users... phooey :( .

Post Reply