Forums

Resolved
0 votes
Hi there, im set up openvpn in 2 differents servers and in both im getting 10mbps tx/rx.

I check openvpn is using aes256 and I tried to change to 128 but i cant find server.conf.

How I can low cipher in server? I guess this can give me better results.

Thanks
In OpenVPN
Friday, March 20 2020, 07:30 PM
Share this post:
Responses (16)
  • Accepted Answer

    Friday, March 20 2020, 09:25 PM - #Permalink
    Resolved
    0 votes
    The config file is /etc/openvpn/clients.conf, but 10Mbps is slow for most modern processors and the encryption algorithm is unlikely to be the limiting factor. What is your CPU? Remember you speed will generally be limited by either end's upload speed.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 09:36 PM - #Permalink
    Resolved
    0 votes
    I've just tested on my LAN I can get 34MBps down and 29MBps up (note B and bit b) connected on a WiFi 802.11ac ling at 463Mbps. The laptop processor is a Core-i3 8130U and the server is a Core-i3 4130, so neither are rocket powered. The limiting factor may be the WiFi.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 09:52 PM - #Permalink
    Resolved
    0 votes
    Thx for your replies.

    The cpu server is 1vcpu of xeon e3 3.30ghz and 100/100mbps ftth.

    In clients.conf didt see cipher value
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 09:50 AM - #Permalink
    Resolved
    0 votes
    It is not user in the config. This allows OpenVPN to negotiate a cipher with the client automatically and it chooses a good safe option. The advantage of not specifying it is that if OpenVPN change the recommended safe options, the new recommendations will be implemented automatically automatically when OpenVPN is updated.

    To find what you want, do "man openvpn" and look for the --cipher entry, and "openvpn --show-ciphers" but I am pretty sure you are barking up the wrong tree. On my fairly basic hardware I was getting 30x your speed, so I am pretty sure you are not bound by the cipher. From my PC (Intel Core-i3 4130T, so less powerful than the server), over a wired 1Gb/s LAN I get 113GB/s without OpenVPN and 73GB/s with OpenVPN. You are not being hardware or cipher limited.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 10:28 AM - #Permalink
    Resolved
    0 votes
    So, if cpu and cipher is not the problem what could be?

    I have ftth in server and client and they are in same town. About 15km of distance.

    Btw I ran top cli command meanwhile I did lan speed test and cpu shows 20-35%.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 11:16 AM - #Permalink
    Resolved
    0 votes
    My testing is defective. I was testing to my gateway and, in all cases local traffic appears to be bypassing the VPN. I have another server on my LAN and I can try testing to that, but not for a few hours. I also need to do a bit of a test set up on it first.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 12:57 PM - #Permalink
    Resolved
    0 votes
    From my PC on my LAN (Core-i3 4130T) to a share on my server on my LAN in gateway mode (an HP Microsever with an AMD Opteron(tm) X3216 APU cpu, but limited to one core because the other is running a VM), transferring an ISO to a flexshare on the LAN server, I achieved about 25MB/s (so around 200-250 mbps with the packet overhead) with the OpenVPN process running at 60%.

    I don't know your exact model but if your CPU is an Intel Xeon E3-1245 which has 4 cores, looking at the single thread rating at PassmarkSoftware, your processor is nearly 50% faster than mine. I still don't see you to be cipher bound, but it could depend on what else is running on your server. You will have an overhead because of the virtualisation, but I understand that to be about 10% these days although I clearly don't know your set up.

    How are you testing your speed? Don't use SSH as that has another layer of encryption. Either use FTP (if you can) or Windows Networking.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 01:04 PM - #Permalink
    Resolved
    0 votes
    The last test was transferring to the flexshare, so the server decrypting. Transferring the other way round, so with the server encrypting and my PC receiving, I managed just over 21MB/s with the openvpn process running at 47-49%.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, June 20 2021, 07:13 PM - #Permalink
    Resolved
    0 votes
    I've no idea if this will give you any confidence that it's possible, but up to a few years ago, Virginmedia could only accessed in Spain via VPN (to my Clearos 6 box as it was at the time) - and I remember watching the Rugby World Cup via streaming to a Galaxy Tab(let) - and that was connected via 56M WiFi (the only thing available to us at the timr). And it was perfectly watchable so the data rate had to have been acceptable. It was just using the default setup (on 1194)
    The reply is currently minimized Show
  • Accepted Answer

    Shawn Mas
    Shawn Mas
    Offline
    Tuesday, June 15 2021, 04:03 PM - #Permalink
    Resolved
    0 votes
    @Nick
    Can you please share your settings? if there's a link to setup your VPN, please include. How do you go about setting up your VPN with such a high speed of 25 mbps? I was barely getting 2 mbps, and using Intel i5, 4 gb ram.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, June 15 2021, 05:36 PM - #Permalink
    Resolved
    0 votes
    I have no special settings at all. If you have speed issues, your problem is elsewhere.

    When you are testing, what are you local and remote uplink and downlink speeds? What is the result of "lspci -k | grep Eth -A 3"?
    The reply is currently minimized Show
  • Accepted Answer

    Shawn Mas
    Shawn Mas
    Offline
    Tuesday, June 15 2021, 07:08 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I have no special settings at all. If you have speed issues, your problem is elsewhere.

    When you are testing, what are you local and remote uplink and downlink speeds? What is the result of "lspci -k | grep Eth -A 3"?


    ************************************************************************************************************************************************************************************

    Thanks for the response! Nick.

    The reason i asked for special setting/steps so could follow and achieve the same results.
    When i tested the VPN it downlink speed was about 5 mbps, and uplink was about 2 mbps. My regular internet speed is 100 down/30 up.
    I also once connected through a public wifi, and noticed that I was unable to access this VPN on Clear OS.

    The result of lspci -k | grep Eth -A 3 is:

    Ethernet Controller: Intel Corp. Ethernet connection I217-LM (rev 04)
    Subsystem: Lenovo Device 30ae
    Kernel driver in use: e1000e
    Kernel modules: e1000e

    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, June 15 2021, 07:19 PM - #Permalink
    Resolved
    0 votes
    So you are running ClearOS standalone. It should still give you good speed. Remember the speed could be limited at either end. It is the lower of the local uplink speed and remote downlink speed when uploading from the local end, and vice-versa when downloading. Public AP's may stop you. You'd need to check your connection logs to see if the connection made it as far as the server.
    The reply is currently minimized Show
  • Accepted Answer

    Shawn Mas
    Shawn Mas
    Offline
    Tuesday, June 15 2021, 09:11 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    So you are running ClearOS standalone. It should still give you good speed. Remember the speed could be limited at either end. It is the lower of the local uplink speed and remote downlink speed when uploading from the local end, and vice-versa when downloading. Public AP's may stop you. You'd need to check your connection logs to see if the connection made it as far as the server.


    Yes, i am running Clear OS community version. The internal speed is no doubt high speed, it's the speed of VPN. One of my biggest concern is accessing my network overseas, I will be traveling later, so I wanted to connect to my Clear OS (home VPN), and some countries are blocking VPN access except the Port 443. I wanted to setup my VPN using Clear OS so, I could specifically connect to it. So, far it looks like it can barely handle Public APIs, and the VPN speed is really slow.

    That's the reason, I asked, if you there's a particular instructions you followed to setup your VPN on Clear OS, so I could mimic similar setup.

    Thanks!
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, June 15 2021, 09:35 PM - #Permalink
    Resolved
    0 votes
    I have no specific set up which is relevant. My network has never been fast until recently - the testing I did internally was with another server on my LAN. Externally I have no issue with what we do.

    Note that if countries are blocking VPN apart from 443 then you'll have problems with OpenVPN on 1194, but you can change the port.

    I have no idea what could be wrong to slow you down, but it could depend on where you are connecting from as well. As ClearOS is on your LAN, you can test from your LAN by connecting to it then upload or download something to 10.8.0.1, the ClearOS OpenVPN IP.
    The reply is currently minimized Show
  • Accepted Answer

    Shawn Mas
    Shawn Mas
    Offline
    Wednesday, June 16 2021, 11:18 AM - #Permalink
    Resolved
    1 votes
    Nick Howitt wrote:

    I have no specific set up which is relevant. My network has never been fast until recently - the testing I did internally was with another server on my LAN. Externally I have no issue with what we do.

    Note that if countries are blocking VPN apart from 443 then you'll have problems with OpenVPN on 1194, but you can change the port.

    I have no idea what could be wrong to slow you down, but it could depend on where you are connecting from as well. As ClearOS is on your LAN, you can test from your LAN by connecting to it then upload or download something to 10.8.0.1, the ClearOS OpenVPN IP.



    Thanks @Nick, yes, that's the purpose of my VPN setup, port 443, and acceptable speed.
    I will check out the settings, as you discussed above, hopefully will be able to troubleshoot this issue.
    The reply is currently minimized Show
Your Reply