Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
onefinal2015-09-13 17:04:53
linux
onefinal, 2015-09-13 17:04:53

OpenVpn How to achieve maximum speed?

Maximum speed 20mb for server and client 100mb each (geographical distance 10km)
Server config

port 1190
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
cipher BF-CBC
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
sndbuf 0
rcvbuf 0
tun-mtu 1500
fragment 1300
mssfix
fast-io

Client config
client
dev tun
proto udp
remote * * * * * 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
log /var/log/openvpn.log
verb 3
sndbuf 0
rcvbuf 0

iperf
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   111 MBytes  93.4 Mbits/sec

iperf already with vpn
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  29.1 MBytes  24.3 Mbits/sec

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Puma Thailand, 2015-09-13
@onefinal

And what between clients and servers that? optics direct and no one on it?
What does iperf show?

Report
V
Vladimir, 2015-09-13
@rostel

maybe it

Report
M
mureevms, 2015-09-13
@mureevms

Give more input. Can routers cut speed from clients. Maybe 100Mb is not guaranteed bandwidth at the rate (up to 100Mb). And there could be many more reasons. Measure the speed between hosts without using OVPN, for example, by downloading a file from a server via HTTP or FTP.
In addition, the mssfix parameter should usually be equal to 1450. Write it down on all sides. And try to remove the tun-mtu 1500 parameter. fragment must be written on both sides.

Report
A
Alexander Karabanov, 2015-09-13
@karabanov

Can't encrypt? Look at CPU utilization. My MikroTik is not able to transfer more than 10 megabits through the IPsec tunnel due to the fact that a lot of resources are spent on encryption.

Similar questions
N
Nikita Reshetnyak2019-10-07 07:26:25
Why can't you hear the interlocutor in the absence of a tunnel between offices? 2Reply
A
Alexander2017-06-23 20:13:44
Accepting cookies. Why is it returning an array? 2Reply
D
Denis Balandin2019-12-04 10:18:49
How do I replace the "Add to Cart" button for a specific brand? 2Reply
H
hulitolku2020-11-30 00:49:32
Run the script on boot, no more than once a day? 1Reply
D
Dmitry Skrylnikov2014-10-09 20:15:32
How to collect SM? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question