LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-23-2013, 02:04 PM   #1
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Rep: Reputation: Disabled
PLEASE help with continuing random openvpn speed drops


i've posted 3 or 4 posts on this forum about this issue and have gotten no resolution on this issue. *sigh*

i have a comcast business connection on which my openvpn server resided. it is 50mbps DOWN and 10mbps UP. This connection is extremely reliable and full-speed for all other services (http, ftp, etc) that I have tested. however, when I connect over openvpn from any remote location, the speed seems abnormally slow - as in, transfers FROM the VPN server or network UP TO wherever I am does not even come CLOSE to the 10mbps that every other service seems to be able to max out just fine. it appears to be completely random; sometimes its full speed, sometimes its half, someetimes its 1/4. Over my phone's 4G LTE wifi hotspot feature i've actually seen it under 1 mbps! like, ISDN speeds

wherever I am at the remote spot and do a speedtest WITHOUT the vpn, speeds are normal (15mbps, 25mbps down for example on a cable connection at the remote location). but when I launch the VPN client, speeds immediately slow down. I am the only one using the network at the VPN side, and very often I am the only one connecting from the client side. connection type does not matter; wifi or ethernet.

the server is Arch Linux with a 3.7 kernel and openvpn 2.3; it is the router for the LAN. Client is windows 7 64-bit with openvpn 2.3.

i have:

-disable CPU throttling, WMM and QoS on the win7 client
-tried mssfix and fragment number ranging from 1000 to 1499 in various intervals - this seemed to have NO effect
-tried no-replay
-completely replaced the router/server hardware, the cable modem on the server side, and all cabling and switch
-disconnected everything from the server LAN so that the server is the only device

nothing seems to change this speed issue. once again it seems completely random, sometimes its slow sometimes its fast. as i said, the issue seems to be only the openvpn; when the speed is slow on the connection, i will sometimes temporarily enable a basic http server, get off the VPN and try downloading a file using plain http; this ALWAYS works at full speed.

server config:

Code:
port 1194
proto udp
dev tun
fragment 1428
mssfix 1428
no-replay
crl-verify crl.pem

ca /etc/openvpn/ca.crt
cert /etc/openvpn/pLAN9-VPN.crt
key /etc/openvpn/pLAN9-VPN.key
dh /etc/openvpn/dh1024.pem

server 10.11.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 10.11.12.0 255.255.255.0

push "route 172.16.0.0 255.255.0.0"
push "route 10.172.172.0 255.255.255.0"
push "route 192.168.192.0 255.255.255.0"
push "redirect-gateway def1"

client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-128-CBC

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

verb 4
reneg-sec 10800
client config:

Code:
client
dev tun
port 1194
proto udp
fragment 1428
mssfix 1428
no-replay

dev-node OPENVPN
remote xx.xx.xx.xx

resolv-retry infinite
nobind
persist-key
persist-tun

ca "C:\\Program Files (x86)\\OpenVPN\\config\\pLAN9\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\pLAN9\\pLAN9-Laptop.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\pLAN9\\pLAN9-Laptop.key"

ns-cert-type server
tls-auth "C:\\Program Files (x86)\\OpenVPN\\config\\pLAN9\\ta.key" 1
cipher AES-128-CBC

verb 3
reneg-sec 10800
a screenshot from speedtest while on the vpn. notice that the download is actually SLOWER than the upload (craziness!) this was done on a comcast business connection over wifi with full signal strength and line of sight to the WAP. normal speeds without the vpn were 15mbps DOWN and 5mbps UP:
http://s14.postimage.org/hicctpow1/speed.png

is there ANYTHING else I can try here? i'm getting close to giving up...

Last edited by psycroptic; 02-23-2013 at 02:07 PM.
 
Old 02-24-2013, 02:12 PM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
what are the hardwares?

if i were u, i would disable Encryption algorithm ("cipher AES-128-CBC" in config) then check the speed again...

good luck
 
Old 02-24-2013, 02:14 PM   #3
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
router is an intel sandy bridge motherboard w/core i3 3.3GHz, 4GB DDR3 1333. I would think this would be enough?

also, wouldn't disabling the encryption essentially have my traffic going clear-text over the internet? that doesn't sound good...
 
Old 02-24-2013, 03:47 PM   #4
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
i've attached another speedtest image, done approximately a day later than the other. I am in the exact same location (restaurant wifi, AFAICT the only user). Speeds are normal this time. WTF?? NOTHING has changed about the setup at all, and i'm sure itll go back down tommorow...

any ideas?
Attached Images
File Type: png speed2.png (92.9 KB, 12 views)
 
Old 02-24-2013, 07:44 PM   #5
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
btw, tried cipher disabling and connected to my neighbors wifi (comcast residential 25/3) and still have the same problem

i don't get why i see specs for openvpn running on el cheapo routers (sub-1GHz processors, 64MB RAM) and getting 20+ megabits, while i'm struggling to get 10m from what I would consider to be pretty massive hardware for just a router and vpn box....
 
Old 02-25-2013, 07:18 AM   #6
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
have a look :
https://community.openvpn.net/openvp...Networks_Linux

You can buy a "SSL accelerator card" (not expensive), instead of buying el cheapo router.
1Ghz cpu doesnt look good for cryption. those routers may have those cards inside, i dont know.

I use pfSense as gateway, i will test openvpn and ipsec tonight and let u know the results.

good luck
 
Old 02-25-2013, 03:32 PM   #7
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
but as i said, the cpu in the vpn box is a 3.3ghz i3.... are you saying this is still too slow of a cpu to allow for even a 10 megabit connection? if so, then it seems openvpn is pretty poor as far as performance is concerned... i've seen those cards before, but is it really necessary with such a high-speed CPU?
 
Old 02-26-2013, 04:08 AM   #8
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
I just wanted to say that u had an option with those card.

I have tested openvpn with static.key, between france datacenter and istanbul office. i have 20Mbit download at office. Openvpn worked as i expected at 20Mbit. i have downloaded file with 2.2Mbyte/s. i had same values via direct connect.
server has i5 cpu with 16Gig ram, client has i3-3240 with 8 gb ram.

Both of them are ubuntu 12.04.1, (server and desktop releases).

config files:
/etc/openvpn/client.conf
Code:
remote server.ip.address
dev tun
ifconfig 10.80.10.2 10.80.10.1
secret static.key
cipher AES-128-CBC
/etc/openvpn/server.conf
Code:
dev tun
ifconfig 10.80.10.1 10.80.10.2
secret /etc/openvpn/static.key
cipher AES-128-CBC
it works perfectly linux to linux. maybe something wrong with windows side, i dont know.
Can u test it with simple (static.key) config?

Last edited by maxut; 02-26-2013 at 04:14 AM.
 
Old 02-26-2013, 03:39 PM   #9
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
so updates. i did a local test using iperf over the vpn connection just inside the local lan. This is a gigabit lan through a cisco 8-port switch. Un-vpn'd speeds are around 941mbps. with the vpn it maxes out at around 70 megs. still doesn't explain why i can't get 10 over the internet.

but more to the point, i've more or less narrowed it down to a wifi-only problem (i usually am connecting through wifi on the win7 laptop.) all of the hardline ethernet speeds actually seem consistent. i guess vpns have a hard time with wifi?

i'll try the simpler config you mentioned when i get off work today.
 
Old 02-26-2013, 06:27 PM   #10
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
You are right.

i have just tested openvpn via wi-fi connection. client was win7 32bit, server was ubuntu 12.04 in datacenter..
i checked bandwith via speedtest.net site and i noticed that wi-fi didnt offer stable connection speed even my AP was very powerful. i repeated test several times, max download was 22mbit, upload was 5mbit(max bandwidth of my internet connection).. most of time i reached the max bandwith but sometimes it just showed only 5mbit download and 4.5mbit upload.
 
Old 02-26-2013, 09:40 PM   #11
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 236

Original Poster
Rep: Reputation: Disabled
so it seems. in any case, i would guess this is fairly directly related to the tx power of the AP, as well as RF interference.

thanks for all the help. ill mark this as solved, even though i'm not sure it's exactly solvable...

Last edited by psycroptic; 02-26-2013 at 09:42 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SATA write speed drops after resume machs Linux - Hardware 2 10-14-2012 09:35 AM
Sata IO speed drops a while after reboot opteronfx Linux - Kernel 6 05-17-2012 10:52 AM
Intel 3945: wireless suddenly drops speed Renan_S2 Linux - Networking 1 06-08-2009 02:45 PM
Using dd, /dev/random output drops to 8 bytes jschiwal Linux - General 4 12-03-2007 08:37 PM
cdcom random seek speed test utility? kocoman Linux - General 0 01-10-2006 11:39 AM


All times are GMT -5. The time now is 02:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration