Redirect gateway
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Redirect gateway
My server has a 100Mbps up and download internet connection. The redirect gateway option is set for OpenVPN Road Warrior connections to the server.
However, speed tests run by certain Road Warriors when connected to the VPN server defy my expectations. Instead of being less than 100Mbps, Road Warriors with very high-speed connections to the internet (~1Gbps) are seeing speeds "redirected" through the VPN tunnel much higher than the server's top speed of 100Mbps. For example, I have Road Warrior redirected speed tests showing 889Mbps download speeds.
I guess I don't understand what it means to redirect the gateway. What am I missing?
However, speed tests run by certain Road Warriors when connected to the VPN server defy my expectations. Instead of being less than 100Mbps, Road Warriors with very high-speed connections to the internet (~1Gbps) are seeing speeds "redirected" through the VPN tunnel much higher than the server's top speed of 100Mbps. For example, I have Road Warrior redirected speed tests showing 889Mbps download speeds.
I guess I don't understand what it means to redirect the gateway. What am I missing?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Redirect gateway
Hi,
Is traffic actually redirected over the tunnel?
.
Is traffic actually redirected over the tunnel?
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Re: Redirect gateway
The OpenVPN client connection log shows these lines:
2022-11-22 15:41:06 PUSH: Received control message: 'PUSH_REPLY,route 10.1.5.0 255.255.255.0,route 10.96.189.1,topology net30,ping 10,ping-restart 60,redirect-gateway,route 10.199.6.0 255.255.255.0,dhcp-option DNS 10.199.6.6,ifconfig 10.96.189.14 10.96.189.13,peer-id 2,cipher AES-256-CBC'
2022-11-22 15:41:06 Flag 'def1' added to --redirect-gateway (iservice is in use)
Do I need to do packet capture to see what is actually happening?
2022-11-22 15:41:06 PUSH: Received control message: 'PUSH_REPLY,route 10.1.5.0 255.255.255.0,route 10.96.189.1,topology net30,ping 10,ping-restart 60,redirect-gateway,route 10.199.6.0 255.255.255.0,dhcp-option DNS 10.199.6.6,ifconfig 10.96.189.14 10.96.189.13,peer-id 2,cipher AES-256-CBC'
2022-11-22 15:41:06 Flag 'def1' added to --redirect-gateway (iservice is in use)
Do I need to do packet capture to see what is actually happening?
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Re: Redirect gateway
When I connect to the Open VPN server and then Google, "What is my IP", it shows the public IP address of the Open VPN server. So, it appears that internet traffic is redirected over the tunnel.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Redirect gateway
Hi,
Exactly how is it tested?
.
Exactly how is it tested?
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Re: Redirect gateway
I had users do this:
Go to Google.com.
Search for internet speed test.
Tap or click Run Speed Test.
"Google partners with Measurement Lab (M-Lab) to run this test."
Go to Google.com.
Search for internet speed test.
Tap or click Run Speed Test.
"Google partners with Measurement Lab (M-Lab) to run this test."
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Redirect gateway
Those kind of tests are unreliable.
A better test would be to download/upload an incompressible (data) file, depending on use case:
1. From/to the OpenVPN server,
2. From/to the OpenVPN server side network (a machine residing on the same LAN where the server resides),
3. From/to the internet,
4. Between OpenVPN clients (if applicable).
You can find incompressible bins here: http://speed.transip.nl/
Make sure to download one of the random-xxx files, they are incompressible.
Another way is using iperf3 and the same 3 or 4 tests from above.
Both tests will more or less show maximum speed which does not really tell anything about multiple small files, compressible data and surfing speed.
.
A better test would be to download/upload an incompressible (data) file, depending on use case:
1. From/to the OpenVPN server,
2. From/to the OpenVPN server side network (a machine residing on the same LAN where the server resides),
3. From/to the internet,
4. Between OpenVPN clients (if applicable).
You can find incompressible bins here: http://speed.transip.nl/
Make sure to download one of the random-xxx files, they are incompressible.
Another way is using iperf3 and the same 3 or 4 tests from above.
Both tests will more or less show maximum speed which does not really tell anything about multiple small files, compressible data and surfing speed.
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Re: Redirect gateway
By unreliable, I think you mean that speed tests tend to understate actual speeds in tests. Here, however, it appears that some users are getting test speed results routed through the OpenVPN tunnel that are almost an order of magnitude faster than the OpenVPN server's WAN connection. That is not consistent with the possible unreliability of the tests.
It seems more likely to me that the test traffic is not being redirected through the VPN tunnel. Perhaps the Google speed test uses a protocol which is not redirected through the tunnel. What protocols are and are not redirected when the redirect option is selected?
It seems more likely to me that the test traffic is not being redirected through the VPN tunnel. Perhaps the Google speed test uses a protocol which is not redirected through the tunnel. What protocols are and are not redirected when the redirect option is selected?
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon May 23, 2016 4:29 pm
Re: Redirect gateway
It looks more like the results in question are due to the users not running the tests as instructed. I.e., the questionable tests were done when the users' VPNs were not connected to the server. When I've asked those users to redo their tests, making sure that they were connected to the VPN server, the results have come back under 100 Mbps. Users... phooey .