We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Problem with OpenVPN Speed limit at 2mbps ?


jamesm
08-05-2014, 15:47
ictdude - did you figure it out in the end?

Thanks

ictdude
26-04-2014, 23:24
Quote Originally Posted by chostwales
It could be the data connection between yourself and the server. Which might be outside OVH's control.
Thats right but i also have the same problem using a Hetzner server ..

And dont forget if i dont use OpenVPN tunnel and download direct like port 80 or ftp 21
I have full speed. Now i run Tun (Routed) i will try to go Tap (bridged) see what the outcome will be.
Well still dont give up here .. go thru all options ..


SOLVED ...............

I did use a 50/50 up-down line from a company i used to work for ..... And i had the full speed
Conclusion i must be the ISP wh for some reason dont support or block Full access speed openVN.

Strange but what els can it be ...

chostwales
26-04-2014, 22:54
It could be the data connection between yourself and the server. Which might be outside OVH's control.

ictdude
26-04-2014, 18:20
Quote Originally Posted by chostwales
We use OpenVPN on a Dedi of ours in OVH and we find that the speed varies depending on time of day. During the day we see a limit of about 10mbit (we are on 100mbit lines in our our office). During the night we can pull upto about 50mbit (Our server is on a 1Gbit connection). So I don't think OVH limit the bandwidth. (by the way that is TCP connection).

What DC are you in?
Thank you for the reply ..

For testing i did order a small OVH vps server. Use to have dedicated servers here.
Now i am on hetzner. Also on a 1Gbit connection. There i also have a test server.
Connection between servers over OpenVPN looks good.

Its only slow downloading from my provider and a friends cable provider. (adsl and cable speed or 25 and 50 mbps.)

I also connected the Hetzner server to the OVH vps that speed was ok ...

When i download from my OVH vps server its max 3mbps. Don't know why.
Its just a basic debian server with OpenVZ nothing special here ...

If you got some time i can give you a login and would really like to know how it looks from your site ..
I am looking to this problem now a few days ... if you get 10 or 50 on my ovh vps that it must be a other
problem .. how does your server.conf of the openvpn looks like ?

Just run: grep -vE '^#|^;|^$' server.conf in you're openvpn directory ..

chostwales
26-04-2014, 17:18
We use OpenVPN on a Dedi of ours in OVH and we find that the speed varies depending on time of day. During the day we see a limit of about 10mbit (we are on 100mbit lines in our our office). During the night we can pull upto about 50mbit (Our server is on a 1Gbit connection). So I don't think OVH limit the bandwidth. (by the way that is TCP connection).

What DC are you in?

ictdude
26-04-2014, 13:52
Quote Originally Posted by K.Kode
Main diffs with my server and client conf is:
Thank for you're reply.
Those settings did not make it faster :-(

What is your speed ? From internet to your OpenVPN Server ?
And how do you test this ?

K.Kode
26-04-2014, 12:33
Main diffs with my server and client conf is:
proto udp
fragment 0
mssfix 0
keepalive 10 120

ictdude
26-04-2014, 10:12
Quote Originally Posted by K.Kode
My VPN runs through UDP at full speed (TCP added massive latency for me in fact)
Can you post your redacted client / server confs?
Server config: Test server

# grep -vE '^#|^;|^$' server.conf


tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
port 1194
proto udp
dev tun
ca ca.crt
cert server2.crt
key server2.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


Client config:

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# the firewall for the TUN/TAP interface.

dev tun

tun-mtu 1500
mssfix 1450

proto udp

remote "Myserver" 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert mysecret.crt
key mysecret.key

ns-cert-type server

comp-lzo

# Set log file verbosity.
verb 3

ictdude
26-04-2014, 10:06
Quote Originally Posted by Myatu
Probeer TCP ipv UDP. UDP used to be throttled, which may very well be still the case.
Thanks for your reply Myatu ..

I already switched UDP to TCP and visa versa.

But i did noticed something strange. Let me explain what i found out:


Some other test i did for diagnose ...

1. home adsl internet to Hetzner server running OpenVPN. 2mbps MAX.
2. Home cable internet (Tested at friends house) --> to Hetzner server running OpenVPN. 2mbps MAX.

3. Did order a OVH VPS ... and did test it again .. same 2mbps MAX ..


Now the strange part:

I have 1 extra test server at Hetzner.

Connected Windows Terminal KVM Proxmox (Hetzner server) to my test Hetzner server (Running OpenVPN)
What did is see ? A speed of 10 mbps and higher.

Then i did install OpenVPN on my OVH vps server.

Connected Windows Terminal KVM Proxmox (Hetzner server) to OVH server (Running OpenVPN)
Again a good speed the TAP device was running at 99 % CPU rise up. So good connection.

So what is the diagnose here ?

If you stay in the data-center (OVH or Hetzner) you have 10 mbps or much higher i noticed.

Its strange if your ISP home internet has like 20 or more download and you only
get a max of 2mbps.

Like the bottleneck is you're ISP cut VPN speed. I did try a cable and adsl ISP.
Both the same speed at 2mbps.

So what do you think now ppffff... Is it OVH Hetzner or you home ISP ?

Any feedback would be welcome ......

K.Kode
26-04-2014, 00:00
My VPN runs through UDP at full speed (TCP added massive latency for me in fact)
Can you post your redacted client / server confs?

Myatu
25-04-2014, 23:34
Probeer TCP ipv UDP. UDP used to be throttled, which may very well be still the case.

ictdude
24-04-2014, 15:40
Dear all,

I have successfully installed OpenVPN server.Tunnel works fine but ...
But the download speed is limited at 2mbps ?

Direct download with out tunnel has full speed.
Tun0 network no firewall for now. (For testing)

Version 2.2.1-8+deb7u2
Architecture amd64


I did try all options to fix this like:


1. lack entropy ? install entropy. Now availible 4095.
2. Change MTU settings
3. Disabled compression
4. Did get a fresh test server same problem ?
5. Server has enough power I7 X980 24G RAM
6. net.inet.ip.fastforwarding=1 net.ipv4.ip_forward=1

Do somebody has experience installing this at OVH servers ?
If it works fine on OVH then i will get a OVH box ;-)

I use to have some servers at OVH.
This problem is on some hetzner servers.

I was thinking problem is there network setup.
And maybe i need to get a server at OVH ?

But then how is the speed with OpenVPN at OVH servers ?
So before i get a box here again. :-)

Hetzner has a special network setup. Don't know if that is the problem.
There gateway on a dedicated server is route like this .. (They don't support software only there hardware ..)

# device: eth0

auto eth0

iface eth0 inet static
address 78.46.71.y
broadcast 78.46.71.223
netmask 255.255.255.224
gateway 78.46.71.x

# default route to access subnet

up route add -net 78.46.71.192 netmask 255.255.255.224 gw 78.46.71.x eth0

As you can see there gateway x is indirect routed ...
Must be for security reasons like ?

Here my OpenVPN connection log:


Could connect as usual:

Wed Apr 23 13:12:30 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 23 13:12:30 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 23 13:12:30 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 23 13:12:30 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 23 13:12:30 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Apr 23 13:12:30 2014 [server2] Peer Connection Initiated with [AF_INET] 78.46.x.y:1194 <--- My Debian server
Wed Apr 23 13:12:31 2014 MANAGEMENT: >STATE:1398251551,GET_CONFIG,,,
Wed Apr 23 13:12:32 2014 SENT CONTROL [server2]: 'PUSH_REQUEST' (status=1)
Wed Apr 23 13:12:32 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Apr 23 13:12:32 2014 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 23 13:12:32 2014 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 23 13:12:32 2014 OPTIONS IMPORT: route options modified
Wed Apr 23 13:12:32 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 23 13:12:32 2014 MANAGEMENT: >STATE:1398251552,ASSIGN_IP,,10.8.0.6,
Wed Apr 23 13:12:32 2014 open_tun, tt->ipv6=0
Wed Apr 23 13:12:32 2014 TAP-WIN32 device [LAN-verbinding 28] opened: \\.\Global\{C20D36A6-FD19-482F-A061-490FB847CF8A}.tap
Wed Apr 23 13:12:32 2014 TAP-Windows Driver Version 9.9
Wed Apr 23 13:12:32 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {C20D36A6-FD19-482F-A061-490FB847CF8A} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Apr 23 13:12:32 2014 Successful ARP Flush on interface [2] {C20D36A6-FD19-482F-A061-490FB847CF8A}
Wed Apr 23 13:12:37 2014 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Apr 23 13:12:37 2014 MANAGEMENT: >STATE:1398251557,ADD_ROUTES,,,
Wed Apr 23 13:12:37 2014 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Apr 23 13:12:37 2014 Route addition via IPAPI succeeded [adaptive]
Wed Apr 23 13:12:37 2014 Initialization Sequence Completed

Wed Apr 23 13:12:37 2014 MANAGEMENT: >STATE:1398251557,CONNECTED,SUCCESS,10.8.0.6,78.46 .x.y


Who can help me out here ? Where can be the bottle neck ?