Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AusTiN2013-12-09 11:28:23
openvpn
AusTiN, 2013-12-09 11:28:23

Slow client-to-client download OpenVPN

There is OpenVPN for three devices:
server - Debian7 x86_64 @ VDS (OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 ( 2.2RC2)] built on Jun 18 2013)
client-alex - OSX 10.9 @ MacBook (OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Nov 22 2013)
client- nas - Debian7 ARMv7 @ WD My Cloud 4TB WDBCTL0040HWT (OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2 )] built on Mar 23 2012)
All devices successfully connect to the VPN network and exchange data with each other. There is only one problem:
- scp upload client-alex -> client-nas = 3+MBps
- scp download client-nas -> client-alex = 80KBps
- scp upload server -> client-nas = 3+MBps
- scp download client-nas -> server = 80KBps
OpenVPN is already running on the NAS, but it starts automatically, and from some script, my configuration is autoloaded from /etc/openvpn.
Where does this 80KB/s download limit come from when downloading from a NAS? He already ate my brain. And all this despite the fact that the upload on the NAS is excellent.

Server config
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key 
dh dh1024.pem
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
;log-append openvpn.log
verb 3
Client config
client
dev tun
proto udp
remote my.vpn.server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
verb 3
Server logs
Mon Dec  9 10:12:17 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Mon Dec  9 10:12:17 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec  9 10:12:17 2013 Diffie-Hellman initialized with 1024 bit key
Mon Dec  9 10:12:17 2013 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec  9 10:12:17 2013 Socket Buffers: R=[229376->131072] S=[229376->131072]
Mon Dec  9 10:12:17 2013 ROUTE default_gateway=185.14.192.254
Mon Dec  9 10:12:17 2013 TUN/TAP device tun0 opened
Mon Dec  9 10:12:17 2013 TUN/TAP TX queue length set to 100
Mon Dec  9 10:12:17 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Dec  9 10:12:17 2013 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
Mon Dec  9 10:12:17 2013 /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.2
Mon Dec  9 10:12:17 2013 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Mon Dec  9 10:12:17 2013 UDPv4 link local (bound): [undef]
Mon Dec  9 10:12:17 2013 UDPv4 link remote: [undef]
Mon Dec  9 10:12:17 2013 MULTI: multi_init called, r=256 v=256
Mon Dec  9 10:12:17 2013 IFCONFIG POOL: base=10.0.0.4 size=62, ipv6=0
Mon Dec  9 10:12:17 2013 ifconfig_pool_read(), in='client-alex,10.0.0.4', TODO: IPv6
Mon Dec  9 10:12:17 2013 succeeded -> ifconfig_pool_set()
Mon Dec  9 10:12:17 2013 ifconfig_pool_read(), in='client-nas,10.0.0.8', TODO: IPv6
Mon Dec  9 10:12:17 2013 succeeded -> ifconfig_pool_set()
Mon Dec  9 10:12:17 2013 IFCONFIG POOL LIST
Mon Dec  9 10:12:17 2013 client-alex,10.0.0.4
Mon Dec  9 10:12:17 2013 client-nas,10.0.0.8
Mon Dec  9 10:12:17 2013 Initialization Sequence Completed
Mon Dec  9 10:12:43 2013 MULTI: multi_create_instance called
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 Re-using SSL/TLS context
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 Local Options hash (VER=V4): '239669a8'
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 Expected Remote Options hash (VER=V4): '3514370b'
Mon Dec  9 10:12:43 2013 159.224.12.214:64625 TLS: Initial packet from [AF_INET]159.224.12.214:64625, sid=c1ee9c4b 840d59ac
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 VERIFY OK: depth=1, /C=UA/ST=KH/L=Kharkov/O=ANODA/OU=dev/CN=vpn.anoda.mobi/name=Alex/[email protected]
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 VERIFY OK: depth=0, /C=UA/ST=KH/L=Kharkov/O=ANODA/OU=dev/CN=client-alex/name=Alex/[email protected]
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec  9 10:12:44 2013 159.224.12.214:64625 [client-alex] Peer Connection Initiated with [AF_INET]159.224.12.214:64625
Mon Dec  9 10:12:44 2013 client-alex/159.224.12.214:64625 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=1::2000:0:f17f:0
Mon Dec  9 10:12:44 2013 client-alex/159.224.12.214:64625 MULTI: Learn: 10.0.0.6 -> client-alex/159.224.12.214:64625
Mon Dec  9 10:12:44 2013 client-alex/159.224.12.214:64625 MULTI: primary virtual IP for client-alex/159.224.12.214:64625: 10.0.0.6
Mon Dec  9 10:12:46 2013 client-alex/159.224.12.214:64625 PUSH: Received control message: 'PUSH_REQUEST'
Mon Dec  9 10:12:46 2013 client-alex/159.224.12.214:64625 send_push_reply(): safe_cap=960
Mon Dec  9 10:12:46 2013 client-alex/159.224.12.214:64625 SENT CONTROL [client-alex]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5' (status=1)
Mon Dec  9 10:12:49 2013 MULTI: multi_create_instance called
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Re-using SSL/TLS context
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Local Options hash (VER=V4): '239669a8'
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Expected Remote Options hash (VER=V4): '3514370b'
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 TLS: Initial packet from [AF_INET]185.14.192.130:57206, sid=bd0579f9 e50b532e
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 VERIFY OK: depth=1, /C=UA/ST=KH/L=Kharkov/O=ANODA/OU=dev/CN=vpn.anoda.mobi/name=Alex/[email protected]
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 VERIFY OK: depth=0, /C=UA/ST=KH/L=Kharkov/O=ANODA/OU=dev/CN=client-nas/name=Alex/[email protected]
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec  9 10:12:49 2013 185.14.192.130:57206 [client-nas] Peer Connection Initiated with [AF_INET]185.14.192.130:57206
Mon Dec  9 10:12:49 2013 client-nas/185.14.192.130:57206 MULTI_sva: pool returned IPv4=10.0.0.10, IPv6=1::1f00:0:f17f:0
Mon Dec  9 10:12:49 2013 client-nas/185.14.192.130:57206 MULTI: Learn: 10.0.0.10 -> client-nas/185.14.192.130:57206
Mon Dec  9 10:12:49 2013 client-nas/185.14.192.130:57206 MULTI: primary virtual IP for client-nas/185.14.192.130:57206: 10.0.0.10
Mon Dec  9 10:12:51 2013 client-nas/185.14.192.130:57206 PUSH: Received control message: 'PUSH_REQUEST'
Mon Dec  9 10:12:51 2013 client-nas/185.14.192.130:57206 send_push_reply(): safe_cap=960
Mon Dec  9 10:12:51 2013 client-nas/185.14.192.130:57206 SENT CONTROL [client-nas]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.10 10.0.0.9' (status=1)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
W
werter_l, 2014-01-23
@AusTiN

See\twist NAS settings

Report
V
vetash, 2014-01-31
@vetash

Try switching the protocol on the server to tcp and add this line:
fast-io

Report
A
AusTiN, 2014-02-07
@AusTiN

The problem was solved by putting
on the NAS

Similar questions
A
angkor2018-04-10 15:48:05
How to create a route between Openvpn server and L2TP client on Mikrotik? 2Reply
N
Nirr2018-04-16 23:00:29
How to make telegram ↔ local proxy ↔ VPN ↔ internet? 5Reply
S
Sergey Twin2020-05-24 20:28:48
How to set static DHCP for OpenVPN client/server? 2Reply
P
proga192015-12-14 18:26:54
Connecting via OpenVPN, via WiFi works, but via switch via a high-speed connection, what's the trouble? 2Reply
B
beduin012018-04-30 09:02:42
Why does the Internet stop working after connecting to OpenVPN? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question