OpenVPN Support Forum

My server has a 100Mbps up and download internet connection. The redirect gateway option is set for OpenVPN Road Warrior connections to the server.

However, speed tests run by certain Road Warriors when connected to the VPN server defy my expectations. Instead of being less than 100Mbps, Road Warriors with very high-speed connections to the internet (~1Gbps) are seeing speeds "redirected" through the VPN tunnel much higher than the server's top speed of 100Mbps. For example, I have Road Warrior redirected speed tests showing 889Mbps download speeds.

I guess I don't understand what it means to redirect the gateway. What am I missing?

Hi,

Is traffic actually redirected over the tunnel?
.

The OpenVPN client connection log shows these lines:
2022-11-22 15:41:06 PUSH: Received control message: 'PUSH_REPLY,route 10.1.5.0 255.255.255.0,route 10.96.189.1,topology net30,ping 10,ping-restart 60,redirect-gateway,route 10.199.6.0 255.255.255.0,dhcp-option DNS 10.199.6.6,ifconfig 10.96.189.14 10.96.189.13,peer-id 2,cipher AES-256-CBC'
2022-11-22 15:41:06 Flag 'def1' added to --redirect-gateway (iservice is in use)

Do I need to do packet capture to see what is actually happening?

When I connect to the Open VPN server and then Google, "What is my IP", it shows the public IP address of the Open VPN server. So, it appears that internet traffic is redirected over the tunnel.

Hi,

Exactly how is it tested?
.

I had users do this:
Go to Google.com.
Search for internet speed test.
Tap or click Run Speed Test.

"Google partners with Measurement Lab (M-Lab) to run this test."

Those kind of tests are unreliable.

A better test would be to download/upload an incompressible (data) file, depending on use case:
1. From/to the OpenVPN server,
2. From/to the OpenVPN server side network (a machine residing on the same LAN where the server resides),
3. From/to the internet,
4. Between OpenVPN clients (if applicable).

You can find incompressible bins here: http://speed.transip.nl/
Make sure to download one of the random-xxx files, they are incompressible.

Another way is using iperf3 and the same 3 or 4 tests from above.

Both tests will more or less show maximum speed which does not really tell anything about multiple small files, compressible data and surfing speed.
.

By unreliable, I think you mean that speed tests tend to understate actual speeds in tests. Here, however, it appears that some users are getting test speed results routed through the OpenVPN tunnel that are almost an order of magnitude faster than the OpenVPN server's WAN connection. That is not consistent with the possible unreliability of the tests.

It seems more likely to me that the test traffic is not being redirected through the VPN tunnel. Perhaps the Google speed test uses a protocol which is not redirected through the tunnel. What protocols are and are not redirected when the redirect option is selected?

It looks more like the results in question are due to the users not running the tests as instructed. I.e., the questionable tests were done when the users' VPNs were not connected to the server. When I've asked those users to redo their tests, making sure that they were connected to the VPN server, the results have come back under 100 Mbps. Users... phooey .