vpn goes slower and slower

[eric66300]

hello i got question about our vpn

on the first setup it was so fast but after 5-10 days the performance is not the same as our first config
even on normal browsing and dl time 7mb file time to download was 15min with around 3 - 7kbps
here is our server side

local xxx.xxx.xxx.xxx
port 80
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

on client side

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 80
ns-cert-type server
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca server/ca.crt
comp-lzo
verb 3
auth-user-pass server/password.txt

how or what can we do to prevent this scenario thanks

[janjust]

what does 'first config' mean? have you tried restarting the openvpn server process? does that help? what happens if you restart the server? does that help?

also, does anything funny show in the server log during these slow transmissions? what happens if you use

Code: Select all

verb 5

for a while - any warnings/errors?

[eric66300]

no errors occurs just a turtle connection
can verb 5 fix the issue? when i restart our server it shows the same connection

i noticed this after i installed kloxo or maybe just a coincidence.

0.05 kbps on dl time and 0.03kbps on upload time.

or maybe our vpn blocked by our ISP by tcp protocol how can i prevent this?

is there any routing method to bypass ISP internet filtering?

thank you

[janjust]

don't know what kloxo is...

if an ISP wants to block/filter out openvpn traffic then there's very little that can be done about it ; you'd have to hide openvpn traffic inside some other protocol (which openvpn itself does not provide).

Try removing

Code: Select all

tun-mtu-extra 32

to see if that helps - it might be that your packets get too large.

[eric66300]

can i ask one more thing?

what if we put squid proxy on our vpn, can this fix the said issue one our side?

thanks

[janjust]

a squid proxy will mask some of the horrible bandwidth but it won't fix download speeds for files which are not cached yet.
Getting 0.05 kbps is ridiculous - can you uninstall kloxo to see if that is the culprit?

[eric66300]

so you mean squid proxy can maximize the browsing performance of our vpn?

here let me post my config

local xxx.xxx.xxx.xxx
port 8008
proto udp
dev tun
tun-mtu 1500
mssfix 1450
fragment 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
cipher BF-CBC
keepalive 10 120
persist-key
persist-tun
status server-tcp.log
verb 3
mute 5

[fasterpony]

my friend ..you should check out the VPN reviews before buying any VPN..so you can get good idea which one is best

[janjust]

can you uninstall kloxo ?
your VPN config looks ok, so I wouldn't expect really bad performance there.
Squid can help a little to speed up browsing over a slow line, but it's a band-aid, not a real solution.
Network speeds of 0.05 kbs are worse than an analog modem - something else is wrong in your setup.

[eric66300]

client
dev tun
remote xxx.xxx.xxx.xxx.

ca ca.crt
ns-cert-type server
proto udp
port 8008


resolv-retry infinite
local 0.0.0.0
bind
verb 3
comp-lzo
cipher BF-CBC
auth-user-pass server/password.txt


down "route-gateway dhcp"
down "pull route-method exe"
route-method exe
route-delay 5
reneg-sec 0
dhcp-option DNS 4.2.2.2
dhcp-option DNS 4.2.2.1
redirect-gateway def1
script-security 2
float

here is our new client config on server side we add security-script 2
but the problem is we add fragment on both server and client fragment 1430 the impact on our server is now unstable and very hard to reach.

what's wrong with our config or in our server?
we use push "shape 103500" on server side but the logs says cant determine shape and keep restarting til tls error comes up

[janjust]

if you want to play with 'fragment' I'd go for

Code: Select all

fragment 1300

to start with and then work you way upwards.

you cannot use 'shaper' on the server side - that's not allowed and openvpn will refuse to start. To control the download bandwidth to a particular client use a Linux traffic shaping tool such as 'tc'.

[Douglas]

Rather the recommending remove kloxo, see http://www.lxcenter.org/. TL;dr is it's a control panel like cPanel and should have zero effect on openvpn.